[Integration][SonarQube] Bug handling of live events in sonarqube

[Lanrey]

User description

Description

What -
Added selectors to webhook processors to match selectors on resync
reorder webhook processors to temporarily fix issues with project blueprint failing when issues blueprint

Why -
Differences between webhooks data and resync data due to selector changes

How -
Add the selector filters to all the webhook processor

Type of change

Please leave one option from the following and delete the rest:

• [ x] Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• New Integration (non-breaking change which adds a new integration)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Non-breaking change (fix of existing functionality that will not change current behavior)
• Documentation (added/updated documentation)

All tests should be run against the port production environment(using a testing org).

Core testing checklist

• Integration able to create all default resources from scratch
• Resync finishes successfully
• Resync able to create entities
• Resync able to update entities
• [] Resync able to detect and delete entities
• Scheduled resync able to abort existing resync and start a new one
• Tested with at least 2 integrations from scratch
• Tested with Kafka and Polling event listeners
• Tested deletion of entities that don't pass the selector

Integration testing checklist

• Integration able to create all default resources from scratch
• Resync able to create entities
• Resync able to update entities
• Resync able to detect and delete entities
• Resync finishes successfully
• If new resource kind is added or updated in the integration, add example raw data, mapping and expected result to the examples folder in the integration directory.
• If resource kind is updated, run the integration with the example data and check if the expected result is achieved
• If new resource kind is added or updated, validate that live-events for that resource are working as expected
• Docs PR link here

Preflight checklist

• Handled rate limiting
• Handled pagination
• Implemented the code in async
• Support Multi account

Screenshots

Include screenshots from your environment showing how the resources of the integration will look.

API Documentation

Provide links to the API documentation used for this integration.

---

PR Type

Bug fix

---

Description

• Fix webhook processors to use selectors matching resync behavior
• Reorder webhook processors to prevent project blueprint failures
• Switch analysis from task-based to project-based approach
• Add fallback data handling for webhook events

---

Changes walkthrough 📝

	Relevant files
Formatting	2 files client.py Minor formatting and comment fixes                                              +6/-1      integration.py Remove trailing comma from metrics list                                    +1/-1
Bug fix	4 files main.py Reorder webhook processor registration                                      +2/-1      analysis_webhook_processor.py Switch from task-based to project-based analysis                  +34/-8    issue_webhook_processor.py Add selector support and fallback handling                              +39/-7    project_webhook_processor.py Add selector support and fallback handling                              +34/-5
Enhancement	1 files utils.py Add selector metrics extraction utility function                  +16/-1
Miscellaneous	1 files base_webhook_processor.py Add debug logging for payload validation                                  +1/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Debug Code A debug print statement has been added to the validate_payload method which should be removed before production deployment. print("payload", payload) return "project" in payload Logic Error The analysis webhook processor has inconsistent logic between on-premise and cloud versions. The cloud version fetches all analysis data but may append the webhook payload as fallback, which could lead to data inconsistency. async for updated_analysis in sonar_client.get_analysis_by_project(project): if updated_analysis: analysis_data.extend(updated_analysis) if not analysis_data: analysis_data.append(payload) Type Safety The selector is cast to SonarQubeGAProjectResourceConfig but the method handles both PROJECTS and PROJECTS_GA kinds, which may cause runtime errors if the wrong resource config type is used. selector = cast(SonarQubeGAProjectResourceConfig, resource_config).selector sonar_client.metrics = selector.metrics

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Add null safety checks Add proper error handling for the case where resource_config.selector is None or doesn't exist. The current code could raise an AttributeError if selector is None. integrations/sonarqube/utils.py [29-41] def get_selector_metrics(resource_config: ResourceConfig) -> List[str]: """ Extract metrics from a resource config selector if available. Args: resource_config: The resource configuration containing the selector Returns: List of metric strings, empty list if no metrics are configured """ - if hasattr(resource_config.selector, 'metrics'): + if hasattr(resource_config, 'selector') and hasattr(resource_config.selector, 'metrics'): return resource_config.selector.metrics return [] Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a potential AttributeError if resource_config lacks a selector attribute. The proposed change adds a necessary check, improving the code's robustness and preventing a runtime crash.	Medium
Security	✅ Remove debug print statement Suggestion Impact: The debug print statement was removed exactly as suggested, eliminating potential security risk and log pollution code diff: - print("payload", payload) Remove the debug print statement as it can expose sensitive data in production logs and is not appropriate for production code. integrations/sonarqube/webhook_processors/base_webhook_processor.py [53-55] async def validate_payload(self, payload: EventPayload) -> bool: - print("payload", payload) return "project" in payload [Suggestion processed] Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a debug print statement that was likely left in by mistake. Removing it is important for production code to avoid polluting logs and potentially exposing sensitive information.	Medium
Update

[aws-amplify-eu-west-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-1804.d1ftd8v2gowp8w.amplifyapp.com

[cursor]

🚨 BugBot couldn't run

BugBot is experiencing high demand right now. Try again in a few minutes by commenting "bugbot run" (requestId: serverGenReqId_f4feee94-6350-4232-aa1e-3429d3c7d068).

[cursor]

Bug: Webhook Processing Errors in SonarQube

The SonarQube webhook processor introduces two issues:

1. Non-On-Premise (SonarCloud): The analysis webhook now processes all project analyses using get_analysis_by_project instead of the specific analysis that triggered the event via get_analysis_for_task. This fundamentally changes webhook behavior, leading to excessive data fetching, performance issues, and potentially irrelevant data.
2. On-Premise: The sonar_client is initialized without required metrics. This causes the get_measures_for_all_pull_requests method to fail with a ValueError due to an empty self.metrics property, preventing on-premise webhook processing.

integrations/sonarqube/webhook_processors/analysis_webhook_processor.py#L24-L38

ocean/integrations/sonarqube/webhook_processors/analysis_webhook_processor.py

Lines 24 to 38 in 52c73e2

	sonar_client = init_sonar_client()
	analysis_data = []
	project = await sonar_client.get_single_component(payload["project"])
	if ocean.integration_config["sonar_is_on_premise"]:
	analysis_data = await sonar_client.get_measures_for_all_pull_requests(
	project["key"]
	)
	else:
	async for updated_analysis in sonar_client.get_analysis_by_project(project):
	if updated_analysis:
	analysis_data.extend(updated_analysis)

Fix in Cursor • Fix in Web

---

Bug: SonarQube Client Missing Metrics Initialization

The analysis_webhook_processor no longer initializes the sonar_client with metrics. Previously, metrics were extracted from the webhook payload and passed to init_sonar_client. This change is inconsistent with other webhook processors (e.g., project, issue) that configure metrics, causing the SonarQube client to operate without required metrics and potentially leading to missing or incorrect analysis data.

integrations/sonarqube/webhook_processors/analysis_webhook_processor.py#L24-L25

ocean/integrations/sonarqube/webhook_processors/analysis_webhook_processor.py

Lines 24 to 25 in 52c73e2

	sonar_client = init_sonar_client()

Fix in Cursor • Fix in Web

---

Was this report helpful? Give feedback by reacting with 👍 or 👎