SonarQube.com, Travis-CI and "external" PRs

35 views

github

Skip to first unread message

Michel Pawlak

unread,

Nov 10, 2016, 8:51:48 AM11/10/16

to SonarQube

Hi,

The context:

I can successfully analyze GitHub PRs when the PR is made from a repository clone. However, when it is done from a repository fork, then the Travis-CI build fails during SQ analysis. Indeed, as GitHub credentials and SQ token are Travis-CI secured environment variables, their value is set to blank when the PR is external. The only way I found to have the build succeed is to remove the secure flag for these variables... (which is not a viable approach) or ask people to make PRs from a repository clone instead of a fork (which is not convenient for contributors)

The questions:

- Is there a way to analyze PRs made from a GitHub repository fork with SonarQube.com and Travis-CI ?

- If yes, can you please explain it ?

- If not, are you working on this topic (with Travis-CI team for instance) ?

Thanks and CU,

Michel

Fabrice Bellingard

unread,

Nov 16, 2016, 2:53:00 AM11/16/16

to Michel Pawlak, SonarQube

On Thu, Nov 10, 2016 at 2:51 PM, Michel Pawlak <michel...@gmail.com> wrote:

Hi,

Hi Michel,

The context:

I can successfully analyze GitHub PRs when the PR is made from a repository clone. However, when it is done from a repository fork, then the Travis-CI build fails during SQ analysis. Indeed, as GitHub credentials and SQ token are Travis-CI secured environment variables, their value is set to blank when the PR is external. The only way I found to have the build succeed is to remove the secure flag for these variables... (which is not a viable approach) or ask people to make PRs from a repository clone instead of a fork (which is not convenient for contributors)

The questions:

- Is there a way to analyze PRs made from a GitHub repository fork with SonarQube.com and Travis-CI ?

This is possible, but this implies some tricks and security trade-offs that are annoying.

- If yes, can you please explain it ?
- If not, are you working on this topic (with Travis-CI team for instance) ?

We are fully aware of this (as we have the same needs for our OSS projects), and we'll be working on this beginning 2017.

Thanks and CU,

Michel

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e06d0e93-9f55-4e86-b1f3-1ce7398b1ab6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages