SonarQube + TFS pull request integration

[Andy Milbeck]

Hello all,

I've run into an issue that has me confused with the VSTS/TFS SonarQube extension. For context, I'm on SonarQube 6.2, TFS 2017 (on premises), and the SonarQube extension for TFS.

My understanding was that the plugin allows for integration into pull request so that we can scan PRs and have some visibility into potential issues before they are merged to master. It was also my understanding that setting the option to fail the build on quality gate failure during PRs would do what it says, fail on quality gate failure. From what I can tell, it works with CI builds but not for PRs. To me this kind of defeats the whole purpose of PR integration. It makes sense that when using this setting, if a PR failed a quality gate, the build would fail and be blocked from a merge until the issues have been resolved and the quality gate has passed. However, this is not what happens. 

I've noticed these messages in the build logs of PRs that fail the quality gate Ignoring the setting of breaking the build on quality gate failure because the build was triggered by a pull request. 

Why is this a thing? Not failing the PR build on quality gate failures allows people to merge issues to master which seems backwards. Isn't the whole purpose of PR integration to help prevent devs from merging issues into master? Am I misunderstanding the way the plugin is supposed to work or be used? Is there something I should be doing instead to fail PR builds on quality gate failures? I'm not sure why I would even bother scanning pull requests if I can't fail a build on quality gate failure. Here is a screenshot of the setting for pretty much all of the builds we have setup. Please let me know if there is something I can do differently to get this working.

Thanks, 

-Andy

[G. Ann Campbell]

Hi Andy,

First thanks for including all your context the first time around! :-)

PR analysis is not going to fail the quality gate because quality gate status is computed on the server side at the end of analysis report processing. But PR analysis doesn't send anything to the server. This is because you don't want PR results to update your main project and if PR analysis did send a report to the server, that's what would happen today. 

On the plus side, it's in our roadmap to improve branch (and PR) handling this year, but I can't give you any timelines.

Ann

[Andy Milbeck]

Thanks for the response Ann. Looks like I just misunderstood the article I read about it. I was under the impression that it was already working. In any case, looking forward to having this feature in the future.

-Andy

[f...@mca.mk]

Hi Ann,

I get your point about the PR not affecting the master branches Quality Gate, that is fine.

However, why doesn't SonarCube not comment on the PR? If it's the first time we commit the code (by setting a different project), it comments on the code in the PR.

Thanks in advance.

(We use TFS 2017 as well)

[G. Ann Campbell]

Hi,

I don't see anything in your original post about failing to comment on a PR. (Or did I miss something?)

You'll have to give more context.

Ann

[Andy Milbeck]

Different person posted that question. :-)

[G. Ann Campbell]

Ah! I see that now. Then, though related, this second question probably counts as a "hijack", and a new thread should be opened instead.

:-)

Ann

[Mike McLaughlin]

Maybe this is a dumb question.  How do I enable SonarQube integration with pull requests in TFS?  Right now I have a CI build that gets kicked with changes on the develop branch and you can only merge into develop from a pull request.  I would rather see the SonarQube results before completing the pull request.