Question: How to overwrite previous SonarQube analysis overviews

[carlspring]

Is there a property that I'm not aware of that would allow youto tell the sonar-stash plugin to overwrite the previous SonarQube analysis overview comment? I mean, with multiple re-runs, you get multiple SonarQube analysis overview comments and that adds a lot of noise. Of course, some people might want to see how these numbers changed while the work was ongoing, but in my opinion, it's a lot of noise, if you have many commits.

[t-8ch]

sonar.stash.comments.reset (It's in the README, albeit not with the other settings)

[carlspring]

Yeah, I have this set. For some reason, it wasn't removing the comment for the overviews. I removed the duplicates manually and I no longer see this, but I think there's some sort of bug with this. I'll report back, if it re-occurs.

[t-8ch]

IIRC the matching happens purely on the name of the user used by sonar-stash. So maybe you tested it with another use account before.

[carlspring]

No, it's under the same one, because I have a Sonar token.

[carlspring]

Yeah, it seems to be re-occurring.

[t-8ch]

Which SQ, sonar-stash and bitbucket versions?

[carlspring]

sonar-stash: 1.6.0 sonarqube : 6.7.6 stash : 5.16.1

[t-8ch]

What is the complete executed command?

[carlspring]

I'm using Gradle for this. The project is a Scala one.

The command:

gradle sonarqube

The are the properties inside my gradle.properties relevant to sonar-stash (there's a few more for Sonar related to the Sonar host, username, password, project name/key, etc):

systemProp.sonar.analysis.mode=preview

systemProp.sonar.stash.url=http://stash/atlassian-stash/
systemProp.sonar.stash.username=username
systemProp.sonar.stash.password=password
systemProp.sonar.stash.notification=true
systemProp.sonar.stash.project=TEST
systemProp.sonar.stash.repository=test-repository
systemProp.sonar.stash.pullrequest.id=1
systemProp.sonar.stash.include.overview=true
systemProp.sonar.stash.include.existing.issues=false
systemProp.sonar.stash.comments.reset=true
systemProp.sonar.stash.task.issue.severity.threshold=MAJOR

[t-8ch]

Does the name of the stash user contain any non-ascii/non a-zA-z characters?

[t-8ch]

Ok, this is only implemented for the inline comments, not the overview comment. See https://github.com/AmadeusITGroup/sonar-stash/pull/162

(Also it should be sonar.stash.login instead of sonar.stash.username)

[carlspring]

Right... What's the difference between the inline and overview comments exactly? Perhaps we should switch to inline ones?

(Also it should be sonar.stash.login instead of sonar.stash.username)

Yeah, sorry, I was quoting this one off the top of my head. (We've actually re-worked the plugin to use SPNEGO/KERBEROS, so there are actually no credentials, just a username, as that's still needed when posting the comments to Stash).

[t-8ch]

Right... What's the difference between the inline and overview comments exactly? Perhaps we should switch to inline ones?

Overview is one big mentioning everything. Inline is one comment per issue per line directly in the diff view.

Yeah, sorry, I was quoting this one off the top of my head. (We've actually re-worked the plugin to use SPNEGO/KERBEROS, so there are actually no credentials, just a username, as that's still needed when posting the comments to Stash).

That would have been a nice contribution :-)

[carlspring]

We've actually been thinking of contributing it. The problem is that at the moment, it's using an in-house library for the SPNEGO authentication/authorization to Kerberos. We would be more than happy to contribute this back, if you're open to it, but it also involves fixing the async-http-client where we found a bug in the fact that AHC was hijacking the Authorization headers for Negotiate. We'll contribute this back to the async-http-client first and then we'll have to figure out a way to make it work without using our own engine library.

If you're open to such a conttibution, we'll try and prepare something for you, but it might take a while.

[t-8ch]

Given that sonar-stash won't really receive any new development I don't think it would make sense anymore. Our work would most likely be wasted. (The path to AHC itself would still be useful probably)