Перейти к содержимому

SonarQube Community edition and PR analysis

is awesome tool and it's Community edition (which is free) fulfills almost everything one could dream for in the world of static code analysis. But, you could not analyze PR's with it by default and have to pay for at least Developer edition. Further you could find my attempt to overcome this limitation (it fulfills MY goals and seems to be worth sharing with broader audience).

When I started working with SonarQube back in version 5 and 6 there was one mode which brought me a lot of interesting discoveries and prevented my colleague developers from submitting bad code - preview. In this mode, SonarQube does not stores data on server, but executes analysis and sends results back - and in conjunction with PR decoration plugin it was very useful. But, time goes by and version 7 removed preview mode from Community edition.

So, I tried to mimic this, using a separate project on SonarQube server and created script, which will retrieve quality gate status from current analysis and create bugs in Jira and attach them to some existing issue (actually, that's the added value of this script, which was my target, opposing to default server SonarQube runners, which would just fail your build).

Script seems to be heavily commented and speaks by itself. Feel free to adopt it for your own usage pattern, if you will ever need it. My usage pattern is as follows: analyze result of SonarQube Quality gate and if it is failed - fail the build and create bugs for each quality gate failure. If I could retrieve related issues by getting diff from SQ API - then I will append this data to a bug as well.

I shall note that Developers edition of SonarQube solves the same problem much better - it have PR analysis and built-in PR decorator, but it costs money, while Community edition brings things in for free.