Setting up the pull request analysis
Pull request analysis is available starting in Developer Edition.
Prerequisites
The pull request analysis must be integrated into a CI pipeline. For more information, see Integration into your CI pipeline on the SonarQube analysis overview page.
Before analyzing your pull requests, make sure that:
- The pull request source branch is checked out in the CI/CD host's local repository.
- The branch being targeted by the pull request (target branch) is fetched in the CI/CD host's local repository (This is usually done through the cloning of the remote repository by the CI pipeline).
- The CI/CD host's local repository contains valid repository metadata (e.g. the
.gitfolders have not been removed). Avoid any attempt at previewing the merge or actions involving your main branch.
See Verifying the code checkout step. - The code in the CI/CD host's local repository matches the code in the remote repository (e.g once a PR is issued, no code is added to the local branch on the CI side before analysis).
- If you use AWS CodeBuild, the
LOCAL_SOURCE_CACHEfeature must be disabled for accurate pull request analysis (otherwise, new code won't be properly detected).
Setting up the pull request analysis
To set up the pull request analysis:
- Add the SonarQube analysis step to your pull request CI pipeline. See the corresponding section of your CI tool in this documentation:
- Make sure that the SonarScanner gets the pull request parameters required for the project analysis: see Setting up the pull request parameters below.
- In addition, you can configure the pull request decoration: see Configuring the quality gate status report below.
Setting up the pull request parameters
The SonarScanner can automatically detect the pull request parameters when running on the following CI services (you don’t need to perform any additional setup):
- Azure Pipelines
- Bitbucket Pipelines
- Cirrus CI
- Codemagic
- GitHub Actions
- GitLab CI/CD
- Jenkins (with the Branch Source plugin configured)
The table below lists the analysis parameters specific to the pull request analysis that are required by the SonarScanner. See Analysis parameters for information about the setup of analysis parameters for the scanner.
| Parameter Name | Description |
|---|---|
| sonar.pullrequest.key | Unique identifier of your pull request. Must correspond to the key of the pull request in your DevOps Platform. Example: |
| sonar.pullrequest.branch | The name of the branch that contains the changes to be merged. Example: |
| sonar.pullrequest.base | The branch into which the pull request will be merged (target branch). Default: main branch Example: |
Manually setting pull request parameters overrides automatic detection.
Configuring the quality gate status report
You can report the pull request analysis and quality gate status directly in your DevOps platform's interface (pull request decoration). For projects bound in SonarQube to their DevOps platform repository (this requires the integration setup of your DevOps platform with SonarQube), the quality gate status report is automatically set up. For more information, see the DevOps platform integration page that corresponds with your DevOps platform:
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
