I’m trying to setup a sonar PR analysis that works with forked repositories at Github with Github Actions. I’ve seen that Sonar team does not support analysis of forked PRs but with this workaround it is kinda working. The problem only arises when the PR is from
my-org:main. When this happens I get the following log:
... INFO: Pull request 11 for merge into main from main ... INFO: Sensor C# Analysis Log [csharp] (done) INFO: Sensor C# Properties [csharp] INFO: Sensor C# Properties [csharp] (done) INFO: Sensor Text Sensor [text] INFO: Sensor Text Sensor is restricted to changed files only INFO: 0 source files to be analyzed INFO: 0/0 source files have been analyzed ...
So no analysis it’s being done.
These are my commands:
dotnet sonarscanner begin \ ... /v:"$PROJECT_VERSION" \ /d:sonar.scm.revision="$PROJECT_VERSION" \ /d:sonar.pullrequest.base=$PR_BASE_REF \ /d:sonar.pullrequest.branch=$PR_HEAD_REF \ /d:sonar.pullrequest.key=$PR_NUMBER dotnet build dotnet sonarscanner end /d:sonar.login="$SONAR_TOKEN"
PROJECT_VERSION is the sha commit of the head branch
I experimented passing other values to
/d:sonar.pullrequest.branch but it looks like the scanner is ignoring this argument.
Makes sense to assume that the scanner is not sensing the changes files because of the branch name? If so, is there any argument that I could provide that will change that?
UPDATE: I believe that I understand the problem better now. Sonar is comparing some branch from
external-contrib with the main from
external-contrib instead of the main from
my-org. This way, when I use
external-contrib:main there are no changes.