I’m analyzing pull requests from Github and the analysis results are sent to SonarQube. However, I’m wondering why it shows 913 new lines to cover, even if my pull request has only 1 line changed. See the attached picture.
I’m setting the following properties
sonar.pullrequest.key
sonar.pullrequest.branch
sonar.pullrequest.base
Second question, is it possible to have SonarQube decorate the Github pull request? If yes, what are the steps?
Thanks Ann, happy to have found this wonderful support forum.
No, there isn’t automation to fix line endings.
The docs are talking about Github Enterprise, Bitbucket Server and Azure Devops Server. However, we are using plain Github. Is there documentation what is needed to make that work?
This should work fine. Just pretend GH is your enterprise instance.
Could you check your PR’s code page, drill into an “unchanged” file and for a changed line check out the blame data you get when you click in the line numbers column?
We got the PR decoration working. However some images on the SonarQube Code Analysis PR check don’t show. Is it so that the images are fetched from the SonarQube server? What ports it requires open? See the screenshot below.
The files and changes displayed on the code page seem to be different. Tens of files and hundreds of unrelated lines are displayed. It’s real code, not just line endings. The branch names displayed in SonarQube are correct, but the data just doesn’t match. It’s almost like the target branch of the merge would be incorrect, although SonarQube displays the correct one there in the UI. Screenshot below.
It would be helpful to have your analysis command/parameters here. Also, I would be interested to see a screenshot of “new line” blame data from one of the changed/unchanged files, E.g.
For the screenshot, do you confirm that that line of that file is not changed in the branch under analysis? And if so, is it modified in some other branch? What’s the blame data look like for that file line in develop? And what’s it look like in master?
As a side note, there’s no point in specifying sonar.pullrequest.github.repository on the command line. This must be set server side and is used after analysis to decorate the PR. By the time decoration is attempted, analysis parameters are out of scope.
I see in one of the screenshots that there were 4 warnings related to the last analysis. Are any of those about git?
Could you show us the logs of the scanner, preferably with debug enabled?
Hi,
The logs don’t include much from the sonarqube task. You probably need to add -d with gradle.
Anyway I can see that the checkout of the code is done without a clone and without fetching all branches (only PRs): > git fetch --tags --progress https://github.com/nordic-institute/X-Road.git +refs/pull/*:refs/remotes/origin/pr/*
The problem might be that the local reference to the target branch of the pull request is not up to date.
I recommend you try changing the checkout to make sure that the target is updated.
Could you elaborate on that, please? It looks like we could have the same issue with Azure Repos Git, but I don’t know how to change that…
##[command]git -c http.extraheader="AUTHORIZATION: bearer *" fetch --force --tags --prune --progress --no-recurse-submodules origin +refs/heads/:refs/remotes/origin/ +refs/pull/6043/merge:refs/remotes/pull/6043/merge
I am using Azure DevOps Build Pipeline, so I can not see how I can provide that, given that the checkout step is generated. Anyway, thanks @iluwatar, for the help !!
If you have a CI pipeline running, you can run a SonarQube scanner and analyze pull requests. If you have specific questions about it please open a new topic.