Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-1219

Decorate Bitbucket Cloud pull requests


    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: None
    • Labels:


      Context - Why

      In the same way we are decorating PR on GitHub, teams on Bitbucket Cloud expect SonarCloud to decorate their PR.

      Use Cases - What

      As a developer using Bitbucket Cloud, when I create a pull request, I expect SonarCloud to analyse it and "decorate it" with:

      • A summary at the beginning of the PR
      • For each issue that was found, a comment with:
        • The issue message
        • A link to the rule on SonarCloud
        • A "See it in SonarCloud" link to the issue in SonarCloud

      Ideally, I would expect to be able to configure Bitbucket Cloud to prevent the merge of the PR if the status provided by SonarCloud is not green.

      Implementation - How

      Integration with Bitbucket pipeline

      Today Pipeline only trigger build on branches. The strategy will be to dynamically switch between a branch and a PR analysis. Pipeline users will not pass any sonar.branch.* or sonar.pullrequest.* property to the scanner. At the very beginning of the scanner execution, scanner will read the repo owner/name + branch name from env variables. Then we'll do some REST API calls to Bitbucket Cloud in order to decide if we should do a branch or a PR analysis.

      • If there is at least one open PR with source branch = current branch then do a PR analysis.
      • Else if current branch is not the main branch then do a branch analysis

      To do the REST API calls, we need to use the credentials of the App installed for the team. The scanner can't directly do the calls from the pipeline container, so we'll use a SonarCloud internal WS as a "proxy". Scanner <> SonarCloud <> Bitbucket Cloud

      Available env variable for pipelines: https://confluence.atlassian.com/bitbucket/environment-variables-794502608.html

      Reporting issues as inline comments

      Since build/analysis is triggered on the code of the branch, and not on the merge commit, there is some difficulty to map issue lines to the Bitbucket PR lines. Also, due to a limitation on Bitbucket side, even if we are using the App credentials to create the comments, they still appear as if they have been created by the owner of the repo.


          Issue Links



              • Assignee:
                fabrice.bellingard Fabrice Bellingard
                fabrice.bellingard Fabrice Bellingard
              • Votes:
                0 Vote for this issue
                5 Start watching this issue


                • Created: