Update sonar.branch to sonar.branch.name

[johnsardine]

When running sonar using SONAR_BRANCH parameter you will receive the following error

WARN: The use of "sonar.branch" is deprecated and replaced by "sonar.branch.name". See https://redirect.sonarsource.com/doc/branches.html.

This commit updates the command to use the correct updated parameter

[elboletaire]

Thanks @johnsardine

This is related to #15. I guess you're using sonarqube 6.7 or greater. Do you have any other issues as stated in #15?

[elboletaire]

BTW, I cannot accept this until we properly create tags per sonarqube version. Otherwise this would crash our installation (and probably others' out there).

I've created an issue for that: #29

[johnsardine]

@elboletaire So far I have not experienced any other reported issues. I'm using Sonar 7.1

[fribergr]

Why not add support for both variables and let end user decide which of them to set? (SONAR_BRANCH or SONAR_BRANCH_NAME) for example?

[johnsardine]

@fribergr Because the field has been deprecated and should be replaced.

Ideally if you're using an old version of sonar you would continue using in an old version of this container.

[elboletaire]

The idea from @fribergr is not bad at all, but we could find other issues that could not be resolved using this solution, so we better create specific versions for each image.

I'll try to fix both this issue and #29 tomorrow (well.. today already 😅).

[elboletaire]

I've created the v7 branch (and docker tag) where I've merged this.

I need to clarify the versioning methodology here with @gtrias (probably on Monday), but for now you can start using this new v7 tag.

job:name:
  image: ciricihq/gitlab-sonar-scanner:v7
  # [...]

[elboletaire]

BTW, I've been checking the sonarqube documentation on the Analysis Parameters, and it says that (as stated in #15) sonar.issues.mode has been deprecated, and it's set as preview by default.

We're currently using sonarqube 6.2, so I've not been able to check by myself how does this work on current versions. If sonar.issues.mode has been set as preview by default, how can we run the issues mode?

@johnsardine you said you have no problems with sonarqube 7.X. Could you please ensure both modes (preview and issues) work as expected?

[johnsardine]

@elboletaire I just added another step to my CI to run the issues only. I ran both publish and issues mode and it worked fine, without any issues.

[elboletaire]

@johnsardine Then I don’t get why in the official documentation they say the option has been dropped, and that it’s set as preview by default.

I need to investigate this a bit further.

[johnsardine]

I can share the issues mode log. I did get the deprecation warning

INFO: Scanner configuration file: /sonar-scanner-3.0.3.778/conf/sonar-scanner.properties
INFO: Project root configuration file: /builds/**Redacted**/**Redacted**/sonar-project.properties
INFO: SonarQube Scanner 3.0.3.778
INFO: Java 1.8.0_151 Oracle Corporation (64-bit)
INFO: Linux 4.10.0-42-generic amd64
INFO: User cache: /root/.sonar/cache
INFO: Issues mode
WARN: The use of the issues mode (sonar.analysis.mode=issues) is deprecated. This mode will be dropped in the future.
INFO: Load global settings
INFO: Load global settings (done) | time=210ms
INFO: Server id: AWOxlQu9SrlH2n2noU3s
INFO: User cache: /root/.sonar/cache
INFO: Exclude plugins: devcockpit, ldap, authgithub, authbitbucket, pdfreport, authaad, googleanalytics, governance
INFO: Load plugins index
INFO: Load plugins index (done) | time=663ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=1495ms
INFO: SonarQube server 7.1.0
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Scanning only changed files
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=160ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=41ms
INFO: Load active rules
INFO: Load active rules (done) | time=386ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=62ms
INFO: Project key: **Redacted**
INFO: Project base dir: /builds/**Redacted**/**Redacted**
INFO: Branch key: master
WARN: The use of "sonar.branch" is deprecated and replaced by "sonar.branch.name". See https://redirect.sonarsource.com/doc/branches.html.
INFO: -------------  Scan **Redacted**
INFO: Load server rules
INFO: Load server rules (done) | time=91ms
INFO: Base dir: /builds/**Redacted**/**Redacted**
INFO: Working dir: /builds/**Redacted**/**Redacted**/.scannerwork
INFO: Source paths: .
INFO: Source encoding: UTF-8, default locale: en_US
INFO: Index files
INFO: Excluded sources: 
INFO:   node_modules/**/*
INFO:   test/unit/coverage/**/*
INFO:   static/**/*
INFO:   assets/**/*
INFO:   src/assets/**/*
INFO: 193 files indexed
INFO: 168 files ignored because of inclusion/exclusion patterns
INFO: Quality profile for js: Sonar way
INFO: Excluded sources for coverage: 
INFO:   test/**/*
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=8ms
INFO: Load server issues
INFO: Load server issues (done) | time=107ms
INFO: Performing issue tracking
INFO: 254/254 components tracked
INFO: ANALYSIS SUCCESSFUL
INFO: Task total time: 6.437 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 13.451s
INFO: Final Memory: 48M/438M
INFO: ------------------------------------------------------------------------```

[elboletaire]

Based on your logs, and on the version of sonarqube you said you're using.. I guess there's something wrong in the documentation, because in your logs it clearly shows the warning:

WARN: The use of the issues mode (sonar.analysis.mode=issues) is deprecated. This mode will be dropped in the future.

Whilst in the documentation it says it was dropped on 6.6:

So... I guess it has been marked as deprecated, but we can leave it for now as is. Once they clarify how to proceed in future releases, we'll see again what should we exactly do to properly run both kind of jobs (preview and issues).

[elboletaire]

We'll I'm glad to see we're not the only ones with these doubts: https://github.com/gabrie-allaigre/sonar-gitlab-plugin/issues/132

BTW, after upgrading to sonar 7 you can see that they're splitting the project to individual projects (some with enterprise license). For now it still works, but maybe in a near future we'll need to install an additional sonarqube only for development analysis.

[johnsardine]

@elboletaire Hi, sorry to open this again but i was testing the image you just released and I get an error about the branches

Using Docker executor with image ciricihq/gitlab-sonar-scanner:3.0.0 ...
Pulling docker image ciricihq/gitlab-sonar-scanner:3.0.0 ...
Using docker image sha256:bf562b931209ea7018866b2c6afe9a4ca0f92e5edecf61050ef93327a31e14c2 for ciricihq/gitlab-sonar-scanner:3.0.0 ...

…

$ gitlab-sonar-scanner
INFO: Scanner configuration file: /sonar-scanner-3.0.3.778/conf/sonar-scanner.properties
INFO: Project root configuration file: /builds/Unbabel/vpu-ui/sonar-project.properties
INFO: SonarQube Scanner 3.0.3.778
INFO: Java 1.8.0_171 Oracle Corporation (64-bit)
INFO: Linux 4.10.0-42-generic amd64
INFO: User cache: /root/.sonar/cache
INFO: Publish mode
INFO: Load global settings
INFO: Load global settings (done) | time=155ms
INFO: Server id: AWOxlQu9SrlH2n2noU3s
INFO: User cache: /root/.sonar/cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=937ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=1227ms
INFO: SonarQube server 7.1.0
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Process project properties
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 5.460s
INFO: Final Memory: 44M/318M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Validation of project reactor failed:
  o To use the property "sonar.branch.name", the branch plugin is required but not installed. See the documentation of branch support: https://redirect.sonarsource.com/doc/branches.html.
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

Maybe the logs I provided you gave you the wrong impression of my pipeline status. How can I help you fix this?

[elboletaire]

I'm not really sure why this is failing to you. How are you defining SONAR_BRANCH in your .gitlab-ci.yml?

[johnsardine]

I didn't change my env vars

Currentltly looks like this

SONAR_BRANCH: $CI_COMMIT_REF_NAME

[elboletaire]

@johnsardine And you have it set for a specific reason? I mean... we don’t have it specified and analysis apparently works as expected (at least it works for us commit by commit).

[johnsardine]

I have because otherwise all analysis would land on the same project. If i set the branch, sonar will have a project for each branch. It's not ideal but it works without having to purchase the developer version

[gtrias]

Are you sure sonar will have a project for each branch? Where you see this?

AFAIK they don't allow to use branches anymore unless you pay the license of developer edition. So it's not a limitation of our gitlab-sonar-scanner docker image IMHO

[johnsardine]

@gtrias I rolled back to using 2.1.1 of this image

As you can see sonar generates a project for each branch

[johnsardine]

With v7 or 3.0.0 i get the error i pasted before

[gtrias]

Thanks @johnsardine,

So the changes made in the PR https://github.com/ciricihq/gitlab-sonar-scanner/commit/619c321a8f44a577eba8277d775a37b468fd36f1 will work only if you have the developer edition and sonarqube kept a backwards compatible (despite it says is deprecated) with the original flag sonar.branch. Right?

In that case maybe the best approach would be to have two different branch parameters in our script, one for those who has the developer edition (as the PR) and the legacy flag which creates different projects in sonarqube.

Any thoughts @elboletaire?