c28e16e0b5
The plugin historically left old comments in place but resolved conversations where comments had become outdated or the underlying issue had been resolved. However, in Gitlab, the summary comments always remained visible even when resolved as they were the first comment in the thread so were not minimised by the Gitlab UI. For a merge request being scanned multiple times as issues are being fixed, other review comments responded to, and rebasing activities performed, this can lead to a number of summary comments being added where the last comment is typically only the one that developers are about. As editing comments is not good practice since it's unclear what any resulting comments in the thread are referring to and Gitlab does not send emails to notify that comments have changed, the summary comment is continuing to be posted as a new comment, but the old summary comments are now being deleted. Where a thread has spawned from an old summary comment, that comment will not be deleted, but a note added to notify the users that the summary comment is outdated and the thread can be resolved once the discussion reaches a conclusion.
Sonarqube Community Branch Plugin
A plugin for SonarQube to allow branch analysis in the Community version.
Support
This plugin is not maintained or supported by SonarSource and has no official upgrade path for migrating from the SonarQube Community Edition to any of the Commercial Editions (Developer, Enterprise, or Data Center Edition). Support for any problems is only available through issues on the Github repository or through alternative channels (e.g. StackOverflow) and any attempt to request support for this plugin directly from SonarSource or an affiliated channel ( e.g. Sonar Community forum) is likely to result in your request being closed or ignored.
If you plan on migrating your SonarQube data to a commercial edition after using this plugin then please be aware that this may result in some or all of your data being lost due to this compatibility of this plugin and the official SonarQube branch features being untested.
Compatibility
Use the following table to find the correct plugin version for each SonarQube version
| SonarQube Version | Plugin Version |
|---|---|
| 10.6 | 1.22.0 |
| 10.5 | 1.20.0 |
| 10.4 | 1.19.0 |
| 9.9 (LTS) | 1.14.0 |
Older versions are listed on the Github release page but are no longer supported.
Features
The plugin is intended to support the features and parameters from the SonarQube documentation.
Installation
Manual Install
Please ensure you follow the installation instructions for the version of the plugin you're installing by looking at the README on the relevant release tag.
Either build the project or download a compatible release version of the plugin JAR .
- Copy the plugin JAR file to the
extensions/plugins/directory of your SonarQube instance - Add
-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=webto thesonar.web.javaAdditionalOptsproperty in your Sonarqube installation'sconf/sonar.propertiesfile, e.g.sonar.web.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=webwhere ${version} is the version of the plugin being worked with. e.g1.8.0 - Add
-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=ceto thesonar.ce.javaAdditionalOptsproperty in your Sonarqube installation'sconf/sonar.propertiesfile, e.g.sonar.ce.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=ce - Start Sonarqube, and accept the warning about using third-party plugins
Docker
The plugin is distributed in the mc1arke/sonarqube-with-community-branch-plugin Docker image, with the image versions matching the up-stream Sonarqube image version.
Note: If you're setting the SONAR_WEB_JAVAADDITIONALOPTS or SONAR_CE_JAVAADDITIONALOPTS environment variables in
your container launch then you'll need to add the javaagent configuration to your overrides to match what's in the
provided Dockerfile.
Docker Compose
A docker-compose.yml file is provided.
It uses the env variables available in .env.
To use it, clone the repository and execute docker-compose up. Note that you need to have docker-compose installed in your system and added to your PATH
Kubernetes with official Helm Chart
When using
Sonarqube official Helm Chart,
you need to add the following settings to your helm values, where ${version} should be replaced with the plugin
version (e.g. 1.11.0). Beware of the changes made in helm chart version 6.1.0:
helm chart version < 6.1.0
plugins:
install:
- https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/${version}/sonarqube-community-branch-plugin-${version}.jar
lib:
- sonarqube-community-branch-plugin-${version}.jar
jvmOpts: "-javaagent:/opt/sonarqube/lib/common/sonarqube-community-branch-plugin-${version}.jar=web"
jvmCeOpts: "-javaagent:/opt/sonarqube/lib/common/sonarqube-community-branch-plugin-${version}.jar=ce"
helm chart version >= 6.1.0
plugins:
install:
- https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/${version}/sonarqube-community-branch-plugin-${version}.jar
sonarProperties:
sonar.web.javaAdditionalOpts: "-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=web"
sonar.ce.javaAdditionalOpts: "-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=ce"
Issues with file path with persistency
If you set persistence.enabled=true on SonarQube chart, the plugin might be copied to this path, based on the helm chart version, mentioned above (${plugin-path} equals lib/common or extensions/plugins):
/opt/sonarqube/${plugin-path}/sonarqube-community-branch-plugin-${version}.jar/sonarqube-community-branch-plugin-${version}.jar
instead of this:
/opt/sonarqube/${plugin-path}/sonarqube-community-branch-plugin-${version}.jar
As a workaround either change the paths in the config above, or exec into the container and move file up the directory to match the config.
Configuration
Global configuration
Make sure sonar.core.serverBaseURL in SonarQube /admin/settings is properly
set in order to for the links in the comment to work.
Set all other properties that you can define globally for all of your projects.
How to decorate a Pull Request
In order to decorate your Pull Request's source branch, you need to analyze your target branch first.
Run analysis of branches
If the scan is being run from a CI supporting auto-configuration then the scanner can be launched without any branch
parameters. Otherwise, the analysis needs the following setting:
sonar.branch.name = branch_name (e.g master)
Run analysis of the PR branch
Carefully read the official SonarQube guide for pull request decoration
In there you'll find the following properties that need to be set, unless your CI support auto-configuration.
sonar.pullrequest.key = pull_request_id (e.g. 100)
sonar.pullrequest.branch = source_branch_name (e.g feature/TICKET-123)
sonar.pullrequest.base = target_branch_name (e.g master)
⚠️ There must not be any sonar.branch properties like sonar.branch.name arguments set when you analyze a
pull-request. These properties indicate to sonar that a branch is being analyzed rather than a pull-request so no
pull-request decoration will be executed.
Serving images for PR decoration
By default, images for PR decoration are served as static resources on the SonarQube server as a part of Community Branch Plugin.
If you use a SonarQube server behind a firewall and/or PR service (Github, Gitlab etc.) doesn't have access to SonarQube
server, you should change Images base URL property in General > Pull Request settings.
Anyone needing to set this value can use the
URL https://raw.githubusercontent.com/mc1arke/sonarqube-community-branch-plugin/master/src/main/resources/static, or
download the files from this location and host them themself.
Building the plugin from source
If you want to try and test the current branch or build it for your development execute ./gradlew clean build
inside of the project directory. This will put the built jar under libs/sonarqube-community-branch-plugin*.jar