search

AmadeusITGroup / sonar-stash

Stash (BitBucket) plugin, a pull-request decorator which allows to integrate SonarQube violations directly into your pull-request
MIT License
165 stars 82 forks source link

Sonar-stash publishes all project issues to overview comment in bitbucket. #196

Closed Drimix20 closed 5 years ago

Drimix20 commented 5 years ago

During analysis in pull request all issues from whole project want to be pushed as comments to BitBucket, we are not able to retrieve issues specific for that pull request. Can you please help us?

We are unable to retreive issues specific to current pull request during static code analysis. Sona runner publishes all project issues to overview comment in bitbucket. It seems that Stash-sonar plugin cannot handle multimodule maven project.

Project structure is following:

/workspace/project/
 pom.xml
 sonar-project.properties
 module1/
    pom.xml
 module2/
    pom.xml
 module3/
   sub-module3-1/
    pom.xml
   sub-module3-2/
    pom.xml

We run analysis from /workspace/project/

 ../sonar-runner/bin/sonar-runner 
 -Dsonar.analysis.mode=issue 
 -Dsonar.stash.notification=true
 -Dsonar.stash.include.existing.issues=false 
 -Dsonar.stash.include.vicinity.issues.range=0
 -Dsonar.stash.project=<stash-project> 
 -Dsonar.stash.repository=<stash-repository>
 -Dsonar.stash.repository.root=/workspace/project/
 -Dsonar.stash.pullrequest.id=<pr-id>
 -Dsonar.stash.comments.reset=true 
 -Dsonar.stash.certificates.acceptance=false
 -Dsonar.projectKey=<project-key-from-sonar-qube>
 -Dsonar.sources=/workspace/project/**/src/main/java
 -Dsonar.java.binaries=/workspace/project/**/target/classes/*
 -Dsonar.exclusions='/workspace/project/**/target/test-classes/*, /workspace/project/**/target/site/*, /workspace/project/**/src/test/*'
 -Dsonar.test.inclusions=/workspace/project/**/target/test-classes/*'
 -Dsonar.java.source=1.8 
 -Dsonar.projectVersion=R2.1-25.07.B01-SNAPSHOT
 -Dsonar.verbose=true

Versions: sonar-stash plugin 1.4.0 SonarQube 6.7.5 Findbugs 3.9.1 SonarJava 8.9.2

t-8ch commented 5 years ago

How do you run your full scans on the normal development branch? Why is the projectKey empty? Also take a look at the repository root settings in the readme.

Drimix20 commented 5 years ago

1) Full scan is perfomed via org.sonarsource.scanner.maven maven plugin of version 3.4.1.1168. We run "mvn sonar:sonar" After scan project in sonar qube is updated and issues for all submodules are listed. Output of scan is: [INFO] Reactor Summary: [INFO] [INFO] Project : Parent Project ......................... SUCCESS [03:16 min] [INFO] Project : Modul1 .................................. SKIPPED [INFO] Project : Modul2 ................................. SKIPPED [INFO] Project : Modul3 ................................. SKIPPED

2) ProjectKey is not empty, I just provided the "placeholder". Project key is set to same value as is visible as project key for our project in sonar qube server.

3) I looked at the repository root settings in the readme but I didn't find any suspicious.

t-8ch commented 5 years ago

Is there a reason for using both sonar-scanner and the maven plugin? (I would recommend using the maven plugin). The module configurations between the executions probably differ.

Drimix20 commented 5 years ago

Thanks for advices. The problem was that sonar-stash plugin used sonar-project.properties and complete analysis of project was performed by mvn module, so module configurations was different. I removed mvn module and use sonar-scanner for analysis of whole project and everythink is working fine.

Thanks for help.

t-8ch commented 5 years ago

You are welcome!