PR Decorations from Sonarqube stay hidden

Johannes Paur November 10, 2021

Hi everyone,

I have an issue setting up the pull request decorations from Sonarqube Enterprise on Bitbucket Server.

Sonarqube actually delivers the decorations to the Bitbucket instance. There should then be a report available on the pull request page, but there is nothing there.

I tested this with a vanilla bitbucket 6.10.14 and a 7.17.1 (as a docker instance) from a Sonarqube Enterprise 8.9.0, 8.9.1, and 8.9.2.

The Log points to this particular spot:
10.18.199.10,10.18.99.10 | http | o@1BKQBINx694x2333x0 | admin | 2021-11-10 11:34:59,219 | "PUT /rest/insights/1.0/projects/TA/repos/alice/commits/0c1cbc5a1f50cbd017a65c331d5de71af1a3d4b8/reports/com.sonarsource.sonarqube HTTP/1.1" | "" "okhttp/4.9.0" | 200 | 573 | 620 | access-token:id:290119840153 | 91 | 14nhufa |

So, the data lands here, it seems, the commit ID is where the branch split off, so before the actual commit in the branch. I have no idea if this is even remotely correct:

https://my-bitbucket/rest/insights/1.0/projects/TA/repos/alice/commits/0c1cbc5a1f50cbd017a65c331d5de71af1a3d4b8/reports/com.sonarsource.sonarqube

{"data":[{"title":"Bugs","value":"0","type":"TEXT"},{"title":"Vulnerabilities","value":"0","type":"TEXT"},{"title":"Code Smells","value":"0","type":"TEXT"},{"title":"Security Hotspots","value":"0","type":"TEXT"},{"title":"Code Coverage","value":"n/a","type":"TEXT"},{"title":"Duplication","value":"n/a","type":"TEXT"}],"createdDate":1636540499206,"details":"Quality Gate passed","key":"com.sonarsource.sonarqube","link":"https://my-sonar/dashboard?id=TA&pullRequest=1","logoUrl":"https://my-sonar/images/embed-doc/sq-icon.svg","result":"PASS","title":"SonarQube","reporter":"SonarQube"}

What do I miss? Is there an additional configuration necessary in Bitbucket to activate the insights reports on the pull requests page? Is the place the report was delivered to correct? Do I need another plugin apart from the default Code Insights?

Thanks & BR,
Johannes

1 answer

1 accepted

1 vote
Answer accepted
Johannes Paur November 19, 2021

Hi everyone,

I figured it out in the end.

This was the crucial bit of information: https://developer.atlassian.com/server/bitbucket/how-tos/code-insights/

[...]As with the build status API, code insights are only displayed if they are associated with the latest commit on a pull request's source branch. [...]

So, if you do the sonar scan from the wrong branch (!= the PR source branch), or you do pre-merge checks (auto merging and creating commit hashes locally on the CI infrastructure only) then the decoration will not be visible. The report is then, as was my hunch, put in the wrong place.

BR, Johannes

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events