What happened:
Screwdriver creates a new Sonar Project for each pull request. This is not ideal and does not enable a project to make use of Pull Request Analysis. Uses looses out on a unified Quality Gate Status check against Pipeline branch and Pull Requests. This also prevents Screwdriver from offering Pull Request Decorations
What you expected to happen:
How to reproduce it:
Create a Pull Request and observer it's Sonar Project. It's a separate one from the Sonar Project for main repository.
References
This would also need https://github.com/screwdriver-cd/screwdriver/issues/2153 to provide Pipeline branch name in PR build
My opinion on the matter is that
Stretch goal consideration:
Adding: we're also missing the "source of truth" project key, which is to say, the Parent Job's project key, which is likely known by the engine. We have a local workaround in that we set a certain meta value to tell Screwdriver which project to get the required key from, but it would be easier for integration to have something such as PR_PARENT_SQ_PROJECT_ID.
Tasks
SD_SONAR_ENTERPRISE=false (by default)SD_PR_PARENT_JOB_ID in this API call https://github.com/screwdriver-cd/coverage-sonar/blob/master/commands.txt#L6SD_PR_PARENT_JOB_IDSD_SONAR_OPTS="-Dsonar.pullrequest.key=$SD_PULL_REQUEST -Dsonar.pullrequest.branch=${PR_BRANCH_NAME#*/} -Dsonar.pullrequest.base=${PR_BASE_BRANCH_NAME#*/}"Pending design consideration is to determine whether we should use pipelineID as Sonar Project Key. Concerns are
pipelineId is project key ?Downside of not associating with project key is that Sonar Enterprise will count number of lines 3 times for above scenario.
@kumada626 thoughts ?
We can workaround concerns by providing users a hook (an env vairable to still create separate project key for each job. Eg: pipeline:id:job:id can be the Sonar projectKey if user sets an env variable SD_SONAR_JOB_PROJECT=true for a Job
Actually I've been thinking about this myself, and in this case I have to introduce a new concept: an SQ_Truth _map_.
There are use-cases where multiple projects, covering single parts of a given repository, have their own jobs, both for PR and Commit events (possibly separate jobs at certain points).
~commit, ~pr) it becomes relatively easy and can be considered an "automatic" process where using an sd-cmd with auto-filled values can be used, and the source of truth is thus relayed~commit or ~pr, not both at once ), we need to be able to specify that a given job is the source of truth for a given "string", which technically we can consider to be the job name. This is essentially what has been done in some projects under my control, as we specify an "SQ_SOURCE_OF_TRUTH" target and then use an sd-cmd to get the sonarqube project ID out of it. Streamlining this into a directly-invoked command without any other arguments than the target job name would simplify things. The concept of "map" comes in as, essentially, the jobID would be (as an illustration) _keyed_ to the job_name (by default), and using a command with only a target job name as input would be akin to fetching a value from a map.
We will support both pipeline and job level granularity
Updated Proposal
SD_SONAR_ENTERPRISE=false or some config which is false by default to determine whether Sonar serve is enterprise or not.true (Enterprise Sonar), do the followingSD_PIPELINE_ID in this API call https://github.com/screwdriver-cd/coverage-sonar/blob/master/commands.txt#L6 when generating Sonar Tokenpipeline:SD_PIPELINE_IDscrewdriver.cd/coverageGranularity: pipeline/job with pipeline as default. This controls whether project key should be job or pipeline.pipeline:ID:job:ID for Sonar Enterprise & job:ID for Sonar Community Edition.SD_SONAR_OPTS="-Dsonar.pullrequest.key=$SD_PULL_REQUEST -Dsonar.pullrequest.branch=${PR_BRANCH_NAME#*/} -Dsonar.pullrequest.base=${PR_BASE_BRANCH_NAME#*/}"Changes in current implementation when using with Sonar Community Edition
~1. Project key changes from job:ID to pipeline:ID:job:ID~
I think that the proposal of support both pipeline and job level granularity is reasonable.
However, why job level project key includes pipeline:ID?
I think it is enough only includes job:ID as current.
If job level project key changes to pipeline:ID:job:ID, there is no continuity with the past data event if using Sonar Community Edition?
@kumada626 makes sense. updated Point 3. to Keep existing behavior for Sonar Community Edition
Most helpful comment
Tasks
SD_SONAR_ENTERPRISE=false(by default)SD_PR_PARENT_JOB_IDin this API call https://github.com/screwdriver-cd/coverage-sonar/blob/master/commands.txt#L6SD_PR_PARENT_JOB_IDSD_SONAR_OPTS="-Dsonar.pullrequest.key=$SD_PULL_REQUEST -Dsonar.pullrequest.branch=${PR_BRANCH_NAME#*/} -Dsonar.pullrequest.base=${PR_BASE_BRANCH_NAME#*/}"