Support for GitHub Integration with Enterprise Apps

Hi there,

We’re running SonarQube Enterprise 10.6 (Docker) and have had GitHub (Enterprise Cloud) integration setup for some time now without issue.

Recently GitHub announced support for GitHub Apps for Enterprises - see Enterprises can create GitHub Apps for use within the Enterprise - GitHub Changelog

We are very interested in this functionality as, in addition to the enterprise-specific benefits, it should/would in theory allow enterprises such as ours with multiple private GitHub organisations to define a single SonarQube app which is installed in their various organisations, versus the current approach of having to create one app per-organisation. This would greatly simplify the process of administering SonarQube integration as:

• it should just require a single GitHub integration to be configured within the SonarQube instance instead of one per-organisation
• the process of rotating client secrets, private keys etc would also be greatly simplified as only one app/integration needs updating

With the above in mind we decided to give it a go and have had some degree of success, but have also encountered a few notable issues.

When analysing a PR, SonarQube is reporting an analysis warning as follows:

Creating an analysis summary for GitHub Pull Request has failed. Please check the permission configuration and the connectivity to GitHub.

Looking in the logs we can see an error such as the following:

Failed to create comment. Please check GitHub Application for write access to pull requests. 
{"message":"Validation Failed","errors":[{"resource":"IssueComment","code":"unprocessable","field":"data","message":"sonarqube[bot] does not have the right permission to view app owner."}],"documentation_url":"https://docs.github.com/rest/issues/comments#create-an-issue-comment","status":"422"}

Looking at the PR itself, the check run is created and a comment added, however an issue is that if another analysis is run on the same PR, a duplicate SonarQube comment is added instead of the regular behavior of updating the existing comment.

I can confirm the permissions for the enterprise app are exactly the same as the organisation-specifc app we have used to date.

I would be keen to get your feedback on whether there’s anything permissions-related that you can suggest may be required in this scenario. Any other thoughts would be appreciated too.

We would also appreciate knowing if using GitHub Enterprise-owned apps are (or are expected to be) a supported usage scenario with SonarQube. If they currently aren’t, then we’d love to see support added in the upcoming LTA release!

Thanks,

Sam

Following up on the above, after further investigation I suspect this could be a GitHub issue (could make sense given the public preview nature of enterprise-owned apps).

As such I’ve raised a support ticket with them too, outlining the behaviour we’ve seen. Hopefully they can provide some meanigful feedback; if so I will provide it here for the benefit of others.

Update: GitHub have confirmed this is an issue on their side.

Hey @Sam_Anthonisz !

Thank you so much for your detailed original post and the follow-up.

Following up on this again;

We’ve had feedback from GitHub support that the issue with API in question has been fixed.

Upon re-testing the SonarQube integration using the Enterprise-owned GitHub app, we can confirm that it is now working without issue

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.