GitHub Sonar analysis not commenting on Pull Request

[kevin.m...@learnosity.com]

Hey everyone,

Apologies if this is the wrong forum or I miss some context.

During implementation of the github plugin it successfully commented on one pull request (PR). Now that I am finished working on the feature, I find that it is updating the PR with a green tick but not commenting on issues it should be finding.

I need to debug why sonar is not commenting on my pull requests but I can't see anything useful in the logs. The above PR mentioned has since been merged so I have recreated it and as above I have found that the sonar analysis of pull requests is not picking up on issues. I have also created PR's for branches which have major issues



Can anyone help me understand why sonar can be updating the PR with green tick but not commenting? The sonar user has write access to the repo, and repo scope for private repos. It is also a maintainer for its group in github

Thanks in advance,
Kevin


INFO:


previously found issue

// FIXME - Add the additional methods.

Sonar:

MAJOR Take the required action to fix the issue indicated by this "FIXME" comment.

Command I am executing:

sonar-runner -X -Dsonar.analysis.mode=preview -Dsonar.github.pullRequest=212 -Dsonar.github.repository=project -Dsonar.github.oauth=**** -Dsonar.host.url=http://sonar.domain.com -Dsonar.login=***

Versions
SonarQube: 5.6.1
GitHub: 1.3
Python: 1.6


Logs

INFO: Scanner configuration file: /opt/sonar-scanner/sonar-scanner-2.5/conf/sonar-runner.properties
INFO: Project configuration file: /var/lib/jenkins/jobs/api-data-sonar-pull-request/workspace/sonar-project.properties
INFO: SonarQube Scanner 2.5
INFO: Java 1.8.0_05 Oracle Corporation (64-bit)
INFO: Linux 3.13.0-92-generic amd64
INFO: Error stacktraces are turned on.
DEBUG: cache: /var/lib/jenkins/.sonar/ws_cache/http%3A%2F%2Fsonar.domain.net/global
INFO: User cache: /var/lib/jenkins/.sonar/cache
DEBUG: Extract sonar-runner-batch in temp...
DEBUG: Get bootstrap index...
DEBUG: Download: http://sonar.domain.net/batch_bootstrap/index
DEBUG: Get bootstrap completed
DEBUG: Create isolated classloader...
DEBUG: Start temp cleaning...
DEBUG: Temp cleaning done
DEBUG: Execution getVersion
DEBUG: Execution start
DEBUG: Issues global mode
INFO: Load global repositories
DEBUG: GET 200 http://sonar.domain.net/batch/global | time=51ms
INFO: Load global repositories (done) | time=107ms
INFO: User cache: /var/lib/jenkins/.sonar/cache
INFO: Exclude plugins: devcockpit, buildstability, pdfreport, report, scmstats, buildbreaker, views, jira
INFO: Load plugins index
DEBUG: GET 200 http://sonar.domain.net/deploy/plugins/index.txt | time=3ms
INFO: Load plugins index (done) | time=8ms
DEBUG: Load plugins
DEBUG: Load plugins (done) | time=9ms
DEBUG: API compatibility mode is enabled on plugin Git [scmgit] (built with API lower than 5.2)
DEBUG: API compatibility mode is enabled on plugin PHP [php] (built with API lower than 5.2)
DEBUG: API compatibility mode is enabled on plugin Karma JUnit Reporting [karmajsunitreport] (built with API lower than 5.2)
DEBUG: Plugins:
DEBUG: * GitHub 1.3 (github)
DEBUG: * Python 1.6 (python)
DEBUG: * Java 4.0 (java)
DEBUG: * Git 1.2 (scmgit)
DEBUG: * PHP 2.8 (php)
DEBUG: * Karma JUnit Reporting 1.0.0.5-SNAPSHOT (karmajsunitreport)
DEBUG: * JavaScript 2.14 (javascript)
INFO: Default locale: "en_US", source code encoding: "UTF-8"
DEBUG: Work directory: /var/lib/jenkins/jobs/api-data-sonar-pull-request/workspace/.sonar
DEBUG: Execution getVersion
DEBUG: Execution execute
INFO: Process project properties
DEBUG: Process project properties (done) | time=2ms
INFO: Load project repositories
DEBUG: GET 200 http://sonar.domain.net/batch/project.protobuf?key=com.company%3Adata&issues_mode=true | time=25ms
INFO: Load project repositories (done) | time=92ms
INFO: Execute project builders
INFO: Starting analysis of pull request: https://github.com/company/data/pull/212
INFO: Execute project builders (done) | time=3548ms
DEBUG: Available languages:
DEBUG: * Python => "py"
DEBUG: * Java => "java"
DEBUG: * PHP => "php"
DEBUG: * JavaScript => "js"
INFO: Load quality profiles
DEBUG: GET 200 http://sonar.domain.net/api/qualityprofiles/search.protobuf?projectKey=com.company%3Adata | time=20ms
INFO: Load quality profiles (done) | time=23ms
INFO: Load active rules
DEBUG: GET 200 http://sonar.domain.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=java-sonar-way-38282&p=1&ps=500 | time=126ms
DEBUG: GET 200 http://sonar.domain.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=js-sonar-way-09400&p=1&ps=500 | time=50ms
DEBUG: GET 200 http://sonar.domain.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=php-sonar-way-14106&p=1&ps=500 | time=51ms
DEBUG: GET 200 http://sonar.domain.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=py-sonar-way-50152&p=1&ps=500 | time=33ms
INFO: Load active rules (done) | time=314ms
INFO: Issues mode
INFO: Scanning only changed files
DEBUG: Start recursive analysis of project modules
INFO: ------------- Scan Data API
INFO: Language is forced to php
INFO: Load server rules
DEBUG: GET 200 http://sonar.domain.net/api/rules/list.protobuf | time=46ms
INFO: Load server rules (done) | time=60ms
DEBUG: Initializers :
INFO: Base dir: /var/lib/jenkins/jobs/api-data-sonar-pull-request/workspace
INFO: Working dir: /var/lib/jenkins/jobs/api-data-sonar-pull-request/workspace/.sonar
INFO: Source paths: src/latest/company
INFO: Test paths: src/latest/company/Tests
INFO: Source encoding: UTF-8, default locale: en_US
INFO: Index files
INFO: Excluded sources:
INFO: src/latest/company/Tests/**
DEBUG: Declared extensions of language Python were converted to sonar.lang.patterns.py : **/*.py
DEBUG: Declared extensions of language Java were converted to sonar.lang.patterns.java : **/*.java,**/*.jav
DEBUG: Declared extensions of language PHP were converted to sonar.lang.patterns.php : **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
DEBUG: Declared extensions of language JavaScript were converted to sonar.lang.patterns.js : **/*.js
DEBUG: Language of file 'src/latest/company/Dal/file.php' is detected to be 'php'
TRUNCATED HERE
DEBUG: Language of file 'src/latest/company/Dal/file.php' is detected to be 'php'
INFO: 42 files indexed
INFO: 14 files ignored because of inclusion/exclusion patterns
INFO: Quality profile for php: Sonar way
DEBUG: KarmaJunitReporterJsTestDriverSensor will not execute since "sonar.javascript.karmajstestdriver.reportsPath" configuration was not found.
DEBUG: 'Python Squid Sensor' skipped because there is no related file in current project
DEBUG: 'SurefireSensor' skipped because there is no related file in current project
DEBUG: 'JaCoCoSensor' skipped because there is no related file in current project
DEBUG: 'JaCoCoItSensor' skipped because there is no related file in current project
DEBUG: 'JaCoCoOverallSensor' skipped because there is no related file in current project
DEBUG: 'JavaSquidSensor' skipped because there is no related file in current project
DEBUG: 'JavaScript Squid Sensor' skipped because there is no related file in current project
DEBUG: Sensors : XmlFileSensor (wrapped)
INFO: Sensor XmlFileSensor (wrapped)
INFO: Sensor XmlFileSensor (wrapped) (done) | time=1ms
INFO: Load server issues
DEBUG: GET 200 http://sonar.domain.net/batch/issues.protobuf?key=com.company%3Adata | time=45ms
INFO: Load server issues (done) | time=90ms
INFO: Performing issue tracking
INFO: 60/60 components tracked
INFO: ANALYSIS SUCCESSFUL
DEBUG: Post-jobs : GitHub Pull Request Issue Publisher (wrapped)
INFO: Executing post-job GitHub Pull Request Issue Publisher (wrapped)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 8.100s
INFO: Final Memory: 43M/110M
INFO: ------------------------------------------------------------------------
DEBUG: Execution getVersion
DEBUG: Execution stop

[Julien HENRY]

Hi Kevin,

The plugin will only report "new" issues: it means issues that are not already in the latest analysis on your SonarQube server. If you already merged your P/R on master, maybe a real analysis containing those issues was already published on your SonarQube server?

++

Julien

[Kevin McDonnell]

Julien,

Thanks for the reply.

The screenshot I posted is a P/R for a branch which has not been merged and which has not been analysed by the SonarQube server

[Julien HENRY]

Can you check in the Sonar Way (PHP) quality profile that the rules you are expecting to trigger are still enabled?

I'm sure the plugin is working well (we are using it every days), so it should be some configuration issue but this is not obvious.

++

[Kevin McDonnell]

1. I created a new branch for one of our python projects.
2. I committed a line which is 360 char long.
3. I created the PR and started the analysis of the branch.

This should violate the line length rule which is enabled and set to default value but I just get a green tick. No comments

I also tried editing the rule to be a blocker in sonar, to see if this would give a warning on the PR.
I reran the analysis and It still gives a green tick.

Permissions:
We created a sonar user, and added to a CI group in our organisation
We created a token for that user and gave it the above scope
The user has write access to the repo
The repos are private

Are there any logs to know if it is failing on permissions?

[Julien HENRY]

Hi,

GitHub permission is only needed to update pull request status (the green tick). As long as you provide some credentials (having access to your private repo of course) it should be fine to comment on P/R.

Rule severity is also not involved here.

Could you please enable verbose mode on your scanner, and send me the logs just in case I see something wrong?

++

[Kevin McDonnell]

Thank you Julien for finding the issue

I was running the analysis on jenkins while having the master branch of the project checked out.

I needed to checkout the branch I wanted to analyse before I ran the analysis.