SonarCloud loves your build pipelines

by fabrice bellingard|

Pull Requests as first class citizen

Yeah, pull requests now truly exist in SonarCloud!

Once analyzed, your pull requests will appear in the "branches and pull requests" dropdown panel of your project, immediately showing their green or red status to highlight the existence of open issues.

You can then review the issues, decide which ones you will fix and which one you will confirm as debt that should be tackled later. Once the pull request is green, you know you can merge it safely!

If you are on GitHub with Travis CI, the SonarCloud add-on makes it straightforward to activate pull request analysis and decoration on your repositories. If you are not using the Travis add-on, you can manually configure your CI engine to feed the appropriate analysis properties:

sonar.pullrequest.base=master
sonar.pullrequest.branch=feature/my-new-feature
sonar.pullrequest.key=5
sonar.pullrequest.provider=GitHub
sonar.pullrequest.github.repository=my-company/my-repo

Don't forget to specify an authentication token in the "Administration > General Settings > Pull Requests" page of your project so that SonarCloud can decorate your pull requests!

Note that if you were previously feeding any of the following properties, you must remove them by now: sonar.analysis.mode, sonar.github.repository, sonar.github.pullRequest, sonar.github.oauth.

If you are on Microsoft VSTS, nothing to worry about! The "Prepare Analysis Configuration" task of the SonarCloud extension will set the appropriate properties when your build definition is set as a build validation on the pull requests of your projects. Like for GitHub, you just need to specify an authentication token in the "Administration > General Settings > Pull Requests" page of your project.
Note that while the pull requests will appear on SonarCloud side, the decoration inside VSTS (comments and status) will not happen yet (this feature will be deployed in a week or two).

Bitbucket Cloud users, don't be sad! Similar feature will come in a month or two.

Webhook console

If you have integrated SonarCloud analyses in your development processes, you might have already defined some webhooks in SonarCloud to notify your tools about the status of the quality gate and potentially fail a release pipeline. Webhooks now have a dedicated administration console that is available at organization or project level.

On this console, you will be able to:

  • define and update webhooks
  • see at first sight if some of them failed to be delivered
  • detail the list of recent deliveries to understand why a webhook might have failed

New rules for C#, Java and T-SQL

If you are developing with the following languages, you might be interested by new rules that were recently deployed on SonarCloud: