_Pull Request decoration is available as part of [Developer Edition](https://redirect.sonarsource.com/editions/developer.html) and [above](https://www.sonarsource.com/plans-and-pricing/)._
-You can add SonarQube analysis and a Quality Gate to your Pull Requests (PR) directly in your ALM provider's interface.
+You can add SonarQube analysis and a Quality Gate to your Pull Requests (PR) in your ALM provider's interface.
## Pull Request Decoration by provider
Click your ALM provider below to expand the instructions on decorating your Pull Requests.
[[collapse]]
-| ## GitHub Enterprise
+| ## GitHub Enterprise and GitHub.com
|
-|*Minimum GitHub Enterprise Version 2.14*
+|*For GitHub Enterprise, the minimum version is Version 2.14*
|
| ### Creating a GitHub App
|
| | Permission | Access |
| |---------------------|--------------|
| | Checks | Read & write |
-| | Repository metadata | Read-only |
+| | **GitHub Enterprise:** Repository metadata <br/> **GitHub.com:** Metadata | Read-only |
| | Pull Requests | Read-only |
| | Commit statuses | Read-only |
|
| 1. Click **Create GitHub App**. This will take you to your new GitHub App's page.
| 1. Scroll down to the bottom of your app page and click **Generate Private Key**. This downloads a `.pem` file that you'll use in the **Setting your global settings** section.
|
-| ### Installing your app
-| To install your app in your GitHub organizations:
+| ### Installing your app
|
-| 1. Go to your GitHub App URL. GitHub App URLs are formatted as: `https://<your-github-enterprise-address>/github-apps/<YourAppName>`.
-| For example, if your GitHub Enterprise address is `github-enterprise-1.yoursite.com` and your app name is `SonarQubePRChecks`, your GitHub App URL will be `https://github-enterprise-1.yoursite.com/github-apps/SonarQubePRChecks`.
-| 2. From your GitHub App page, click the **Install** or **Configure** button.
-| 3. Choose the organization where you want to install your app from the list.
-| 4. Click the **Install** button.
+| Install your GitHub App from the app's settings page. See the [GitHub instructions](https://developer.github.com/apps/installing-github-apps/) for more information.
|
| ### Setting your global settings
|
-| Go to **[Administration > Configuration > General Settings > Pull Requests](/#sonarqube-admin#/admin/settings?category=pull_request_decoration/)**, select the **GitHub Enterprise** tab, and click the **Create configuration** button to set your Configuration Name, ALM Instance URL, GitHub App ID, and your GitHub App's Private Key (that was generated above in the **Creating a GitHub App** section).
+| To set your global settings in SonarQube:
+|
+| 1. Navigate to **Administration > Configuration > General Settings > Pull Request Decoration**.
+| 1. Select the **GitHub** tab.
+| 1. Click the **Create configuration** button.
+|
+| From here, set your **Configuration Name**, **GitHub Instance URL**, **GitHub App ID**, and your GitHub App's **Private Key** (that was generated above in the **Creating a GitHub App** section).
|
| **Note:** Make sure the Configuration name is succinct and easily recognizable as it will be used at the project level to identify the correct ALM configuration.
|
| ### Setting your project settings
|
-| Go to **Administration > General Settings > Pull Request decoration**, select your Configuration Name (created in the previous section), then set your Repository identifier.
+| Go to **Administration > General Settings > Pull Request Decoration**, select your **Configuration Name**, and set your **Repository identifier**.
[[collapse]]
| ## Bitbucket Server
|
| ### Setting your global settings
|
-| Go to **[Administration > Configuration > General Settings > Pull Requests](/#sonarqube-admin#/admin/settings?category=pull_request_decoration/)**, select the **Bitbucket Server** tab, and click the **Create configuration** button to set your Configuration name, Bitbucket Server URL, and Personal Access token.
+| A Bitbucket Server user account is used to decorate Pull Requests. You need a [Personal Access Token](https://confluence.atlassian.com/bitbucketserver0515/personal-access-tokens-961275199.html) from this account with **Write** permission.
+|
+| To set your global settings in SonarQube:
+| 1. Navigate to **Administration > Configuration > General Settings > Pull Request Decoration**.
+| 1. Select the **Bitbucket Server** tab.
+| 1. Click the **Create configuration** button.
+|
+| From here, set your **Configuration name**, **Bitbucket Server URL**, and the **Personal Access Token** of the account you're using to decorate your Pull Requests.
|
| **Note:** Make sure the Configuration name is succinct and easily recognizable as it will be used at the project level to identify the correct ALM configuration.
|
| ### Setting your project settings
|
-| Go to **Administration > General Settings > Pull Request decoration**, select your Configuration name, then set your Project Key and Repo Slug.
+| Go to **Administration > General Settings > Pull Request Decoration**, select your **Configuration name**, and set your **Project Key** and **Repo Slug**.
[[collapse]]
| ## Azure DevOps Server
|
| ### Setting your global settings
|
-| Go to **[Administration > Configuration > General Settings > Pull Requests](/#sonarqube-admin#/admin/settings?category=pull_request_decoration/)**, select the **Azure DevOps Server** tab, and click the **Create configuration** button to set your Configuration name and Personal Access token.
+| An Azure DevOps Server user account is used to decorate Pull Requests. You need a [Personal Access Token](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=tfs-2017&tabs=preview-page) from this account with the scope authorized for **Code > Read & Write**.
+|
+| To set your global settings in SonarQube:
+| 1. Navigate to **Administration > Configuration > General Settings > Pull Request Decoration**.
+| 1. Select the **Azure DevOps Server** tab.
+| 1. Click the **Create configuration** button.
+|
+| From here, set your **Configuration name** and the **Personal Access Token** of the account you're using to decorate your Pull Requests.
|
| **Note:** Make sure the Configuration name is succinct and easily recognizable as it will be used at the project level to identify the correct ALM configuration.
|
| ### Setting your project settings
|
-| Go to **Administration > General Settings > Pull Request decoration** and select your Configuration name.
+| Go to **Administration > General Settings > Pull Request Decoration** and select your **Configuration name**.
## Multiple ALM instances
SonarQube lets you decorate Pull Requests from multiple ALM instances. To do this, you can create a configuration (as shown in the previous section) for each of your ALM instances. That instance configuration can then be assigned to the appropriate projects.
Using Http header authentication is an easy way integrate your SonarQube deployment with an in-house SSO implementation.
## GitHub Authentication
-You can delegate authentication to GitHub Enterprise using a dedicated GitHub OAuth application. Alternately, if you're using the pull request decoration provided as part of [Developer Edition](https://redirect.sonarsource.com/editions/developer.html) and [above](https://www.sonarsource.com/plans-and-pricing/) you can harness the [GitHub application needed for PR decoration](/analysis/pr-decoration/) to also provide authentication.
+You can delegate authentication to GitHub Enterprise and GitHub.com using a dedicated GitHub OAuth application. Alternately, if you're using the pull request decoration provided as part of [Developer Edition](https://redirect.sonarsource.com/editions/developer.html) and [above](https://www.sonarsource.com/plans-and-pricing/) you can harness the [GitHub application needed for PR decoration](/analysis/pr-decoration/) to also provide authentication.
### Dedicated GitHub OAuth application
1. You'll need to first create a GitHub OAuth application. Click [here](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/) for general instructions:
1. "Homepage URL" is the public URL to your SonarQube server, for example "https://sonarqube.mycompany.com". For security reasons HTTP is not supported. HTTPS must be used. The public URL is configured in SonarQube at **[Administration -> General -> Server base URL](/#sonarqube-admin#/admin/settings)**
- 1. "Authorization callback URL" is <Homepage URL>/oauth2/callback, for example "https://sonarqube.mycompany.com/oauth2/callback"
+ 1. For **GitHub Enterprise** "Authorization callback URL" and for **GitHub.com** "User authorization callback URL" is <Homepage URL>/oauth2/callback, for example "https://sonarqube.mycompany.com/oauth2/callback"
1. In SonarQube, navigate to **[Administration > Configuration > General Settings > Security > GitHub](/#sonarqube-admin#/admin/settings?category=security)**:
1. Set **Enabled** to `true`
1. Set the **Client ID** to the value provided by the GitHub developer application
projects / sonarqube.git / commitdiff