GitHub Actions Merge Queue reporting branch as main branch

nwoodswxtch · September 12, 2023, 1:58pm

When running sonar-scanner in github actions merge checks, it correctly detects the branch and only reports issues from that branch, but when when the same PR is sent to the github merge queue, when we invoke the sonar-scanner the report is showing it as the main branch for the git repository.

Do we need to manually specify the branch in order for this to work in the github merge queue? It seems related to how for builds for a github merge queue can be grouped together and a temporary branch is created.

Does sonar-scanner/sonarcloud properly work for github merge queue?

Colin · September 13, 2023, 6:09am

Hey there.

I don’t think we’ve tested this. Can you share your GitHub Actions YML so we can try and reproduce this?

nwoodswxtch · September 13, 2023, 1:49pm

name: build-all
on:
  pull_request:
    branches:
      - "*"
  merge_group:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build-ubuntu-20-04:
    runs-on: [self-hosted, Linux, X64, ubuntu-20-04]
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
    steps:
      - name: Clean working directory
        run: sudo rm -rf *
        working-directory: .

      - name: Check out code
        uses: actions/checkout@v3.5.3
        with:
          submodules: recursive
          token: ${{ env.ACTIONS_TOKEN }}
          fetch-depth: 1

      - name: Set correct Go version
        uses: actions/setup-go@v4.0.1
        with:
          go-version: "^1.19.1"
          cache: false

      - name: Add our CMAKE to GitHub PATH
        run: echo "$HOME/tools/cmake/bin" >> $GITHUB_PATH

      - name: Add build-wrapper-linux to GitHub PATH
        run: echo "$HOME/.local/bin" >> $GITHUB_PATH

      - name: Setup Java JDK
        uses: actions/setup-java@v3.12.0
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Configure build system with CMake
        run: cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release -DAZURE_STORAGE_TOKEN=${{ secrets.AZURE_STORAGE_TOKEN }}

      - name: Build all
        run: build-wrapper-linux-x86-64 --out-dir sonar-out ninja -d stats -j 2
        working-directory: build

      - name: SonarCloud Scan
        run: sonar-scanner

This is run on a self-hosted runner, and we have the sonar-scanner (version 5.0.1.3006) installed on the $PATH

$ sonar-scanner -v
INFO: Scanner configuration file: /home/swxtchadmin/tools/sonar-scanner-5.0.1.3006-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Linux 5.15.0-1042-azure amd64

This is in a mono-repo of sorts, which includes, C/C++, go, typescript, terraform, etc.

Claire_Villard · September 20, 2023, 5:42am

Hi @nwoodswxtch !

I guess you found an unsupported case where our software doesn’t detect the real branch appropriately when in the merge queue. I’ll dig further into it.

As a workaround, and with a limited knowledge of the GitHub merge queue at the moment, could you try specifying the parameters manually?

If you are analyzing a pull request, the parameter is: -Dsonar.pullrequest.key=1234
If it is a regular branch, then it is: -Dsonar.branch.name=my/cool/branch