Pull Request Analysis
Pull Request analysis is available as part of Developer Edition and above.
Pull Requests (PRs) are visible in SonarQube from the branches and pull requests dropdown menu of your project.
PR analysis allows you to:
- see your PR's Quality Gate status in the SonarQube UI.
- automatically decorate your PRs with SonarQube issues in your SCM provider's interface.
Quality Gate
The PR quality gate:
- Focuses on new code – The PR quality gate only uses your project's quality gate conditions that apply to "on New Code" metrics.
- Assigns a status – Each PR shows a quality gate status reflecting whether it Passed (green) or Failed (red).
When PR decoration is enabled, SonarQube publishes the status of the analysis (Quality Gate) on the PR.
PR analyses on SonarQube are deleted automatically after 30 days with no analysis. This can be updated in Configuration > General > Number of days before purging inactive short living branches.
Analysis Parameters
Pull Request Analysis in SonarQube
These parameters enable PR analysis:
Parameter Name | Description |
---|---|
sonar.pullrequest.branch |
The name of your PR Ex: sonar.pullrequest.branch=feature/my-new-feature |
sonar.pullrequest.key |
Unique identifier of your PR. Must correspond to the key of the PR in GitHub or TFS. E.G.: sonar.pullrequest.key=5 |
sonar.pullrequest.base |
The long-lived branch into which the PR will be merged. Default: master E.G.: sonar.pullrequest.base=master |
Pull Request Decoration
To activate PR decoration, you need to:
- (For GitHub Enterprise) Specify your pull request provider, create a GitHub App and configure your SonarQube instance, and set your GitHub parameters.
- (For Azure DevOps and Bitbucket) Specify your pull request provider and set an authentication token/personal access token.
Specifying Your Pull Request Provider
Parameter Name | Description |
---|---|
sonar.pullrequest.provider |
github or vsts . This is the name of the system managing your PR. In Azure DevOps, when the SonarQube Extension for Azure DevOps is used, sonar.pullrequest.provider is automatically populated with "vsts". |
Note: if you were relying on the GitHub Plugin, its properties are no longer required and they must be removed from your configuration: sonar.analysis.mode
, sonar.github.repository
, sonar.github.pullRequest
, sonar.github.oauth
.
Creating Your GitHub App
To add PR decoration to Checks in GitHub Enterprise, an instance administrator needs to create a GitHub App and configure your SonarQube instance. See GitHub Enterprise Integration for more information.
Setting Your GitHub Parameters
Parameter Name | Description |
---|---|
sonar.pullrequest.github.repository |
SLUG of the GitHub Repo |
Setting Your Authentication Token/Personal Access Token
If you are using Azure DevOps or Bitbucket, you need to configure the authentication token/personal access token that will be used by SonarQube to decorate the PRs. This can be configured in Administration > General Settings > Pull Requests > VSTS > Personal access token.
Bitbucket Server Parameters
Parameter Name | Description |
---|---|
sonar.pullrequest.bitbucketserver.serverUrl |
The base URL for your Bitbucket Server instance. Usually defined in global server settings. Ex.: https://bitbucket.company.com/ |
sonar.pullrequest.bitbucketserver.project |
Bitbucket project key. Can be set in project settings, or passed through scanner properties. Ex.: MYPRJ |
sonar.pullrequest.bitbucketserver.repository |
SLUG of the Bitbucket repository. Can be set in project settings, or passed through scanner properties. Ex.: my-repo |
Issue links
During pull request decoration, individual issues will be linked to their SonarQube counterparts automatically. However, for this to work correctly, the instance's Server base URL (Administration > General) must be set correctly. Otherwise the links will default to localhost
.