We’ve added SonarQube’s quality gate to our pipeline, but we cannot make it mandatory, because we encounter an issue with it;
Sometimes pull requests fail over QG due to code-smells or bugs that are unrelated to the changes made in the pull request.
It may occur over unchanged lines in files that were changed, or over files that were not changed at all.
In some cases, those issues were pushed to Master a short period of time before the scan, and in other cases, those files have not been touched for years.
Those issues may appear in one pipeline, and disappear the next time a pipeline is ran for the same pull request.
As a result, it is difficult for developers to find which code smells and bugs are related to their changes and which are not.
Also, since no one wants to change code that is unrelated to their PR, the quality gate cannot be a mandatory part of the pipeline.
We are running SonarQube 9.9 (build 65466).
SonarQube is deployed using docker-compose.
Most of the code is written in Java.
We’ve had the same issue. In our pipeline yaml we’ve added ‘lockBehaviour: sequential’ for the build stage so that only one build and analysis can run at a time.