Forked Pull Request analysis does not work when is into main from main

rafaelpadovezi · January 12, 2023, 1:47pm

Hi all,

I’m trying to setup a sonar PR analysis that works with forked repositories at Github with Github Actions. I’ve seen that Sonar team does not support analysis of forked PRs but with this workaround it is kinda working. The problem only arises when the PR is from external-contrib:main to my-org:main. When this happens I get the following log:

...
INFO: Pull request 11 for merge into main from main
...
INFO: Sensor C# Analysis Log [csharp] (done)
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done)
INFO: Sensor Text Sensor [text]
INFO: Sensor Text Sensor is restricted to changed files only
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
...

So no analysis it’s being done.

These are my commands:

          dotnet sonarscanner begin \
              ...
              /v:"$PROJECT_VERSION" \
              /d:sonar.scm.revision="$PROJECT_VERSION" \
              /d:sonar.pullrequest.base=$PR_BASE_REF \
              /d:sonar.pullrequest.branch=$PR_HEAD_REF \
              /d:sonar.pullrequest.key=$PR_NUMBER

          dotnet build

          dotnet sonarscanner end /d:sonar.login="$SONAR_TOKEN"

PROJECT_VERSION is the sha commit of the head branch

I experimented passing other values to /d:sonar.pullrequest.branch but it looks like the scanner is ignoring this argument.
Makes sense to assume that the scanner is not sensing the changes files because of the branch name? If so, is there any argument that I could provide that will change that?

UPDATE: I believe that I understand the problem better now. Sonar is comparing some branch from external-contrib with the main from external-contrib instead of the main from my-org. This way, when I use external-contrib:main there are no changes.

shane.findley · January 24, 2023, 9:38am

Hi Rafael,

As you have mentioned we caurrently don’t support analysis of forked PRs, it is something which is in our roadmap however is currently not being worked on.

I see that you have several repositories on github which are connected to sonarcloud, can I check if you are still experiencing the issue or if you have managed to resolve the issue? If it is still an issue could you confirm which of the repositories you a currently testing on. I can see that the Ziggurat and csharp-api-with-sonar have recent activity.

rafaelpadovezi · January 31, 2023, 2:05pm

Hi Shane, thank you for the reply. I did not resolve the issue. After some tests I figured out that the sonar analysis on the forked branch was comparing the branch with the main of the forked repository. I didn’t find any workaround for that and abandoned to use the sonar analysis on forked branches.

shane.findley · February 1, 2023, 9:37am

Hi Rafael, thank you for the feedback. Yes unfortunately it is not something which is currently supported and is not something which is really feasible to implement effectively without the changes from Sonarcloud. In the future I would hope we are able to support you in this but for now I will close the ticket.

system · February 13, 2023, 8:09am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.