Search code examples
tfssonarqubepull-requestsonarqube-scanquality-gate

Pull Request analysis and Quality Gate on SonarQube


I have installed SonarQube 7.6 Developer Edition, and starting using it on my development environment pipeline. My coding approch is Trunk Based Development. We have only one mainline (master or trunk or develop as you prefer to define, but only one mainline)

Actually all changes on code pass through a Pull Request, that as I have understood, into SonarQube is recognized as a Short Lived Branch and only this hard coded rules are applied

Error conditions:

  • new open bugs > 0
  • new open vulnerabilities > 0
  • new open code smells > 0

That is a subset of my Quality Gates conditions. It means that PullRequest could pass quality gate (becouse is recognised like Short-Lived Branch) and when it is merged into mainline (master/trunk) is applied my Quality Gates rules and could fail on merge.

How could I know if it break quality gate before PR approvement, or more easy, how to identify a Pull Request as a Long Lived Branch?

enter image description hereI have tried to define * as long lived branches pattern, but it does not work. attached a screenshot.


Solution

  • Actually, for SonarQube 7.6, this is the status:

    • All PR follow same rules of Short-Lived Branch and there is currently no possibility to set up an ad-hoc Quality Gate (or at least the same as the project), but this is planned for Q12019. More detailed, PRs and SLBs are recognized as 2 different things, but their presentation within SonarQube is the same.
    • There is no way to identify PRs as Long-Lived branches (even with * in the long lived branches pattern regex).
    • The only way to go for the quality gate would be to avoid the PR and launch the merge on the mainline so as to check if the quality gate passes.

    Here there is a reply from SonarQube community manager

    https://community.sonarsource.com/t/pull-request-analysis-and-quality-gate/6306/2