GitHub Actions Merge Queue reporting branch as main branch

When running sonar-scanner in github actions merge checks, it correctly detects the branch and only reports issues from that branch, but when when the same PR is sent to the github merge queue, when we invoke the sonar-scanner the report is showing it as the main branch for the git repository.

Do we need to manually specify the branch in order for this to work in the github merge queue? It seems related to how for builds for a github merge queue can be grouped together and a temporary branch is created.

Does sonar-scanner/sonarcloud properly work for github merge queue?

Hey there.

I don’t think we’ve tested this. Can you share your GitHub Actions YML so we can try and reproduce this?

name: build-all
on:
  pull_request:
    branches:
      - "*"
  merge_group:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build-ubuntu-20-04:
    runs-on: [self-hosted, Linux, X64, ubuntu-20-04]
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
    steps:
      - name: Clean working directory
        run: sudo rm -rf *
        working-directory: .

      - name: Check out code
        uses: actions/checkout@v3.5.3
        with:
          submodules: recursive
          token: ${{ env.ACTIONS_TOKEN }}
          fetch-depth: 1

      - name: Set correct Go version
        uses: actions/setup-go@v4.0.1
        with:
          go-version: "^1.19.1"
          cache: false

      - name: Add our CMAKE to GitHub PATH
        run: echo "$HOME/tools/cmake/bin" >> $GITHUB_PATH

      - name: Add build-wrapper-linux to GitHub PATH
        run: echo "$HOME/.local/bin" >> $GITHUB_PATH

      - name: Setup Java JDK
        uses: actions/setup-java@v3.12.0
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Configure build system with CMake
        run: cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release -DAZURE_STORAGE_TOKEN=${{ secrets.AZURE_STORAGE_TOKEN }}

      - name: Build all
        run: build-wrapper-linux-x86-64 --out-dir sonar-out ninja -d stats -j 2
        working-directory: build

      - name: SonarCloud Scan
        run: sonar-scanner

This is run on a self-hosted runner, and we have the sonar-scanner (version 5.0.1.3006) installed on the $PATH

$ sonar-scanner -v
INFO: Scanner configuration file: /home/swxtchadmin/tools/sonar-scanner-5.0.1.3006-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Linux 5.15.0-1042-azure amd64

This is in a mono-repo of sorts, which includes, C/C++, go, typescript, terraform, etc.

Hi @nwoodswxtch !

I guess you found an unsupported case where our software doesn’t detect the real branch appropriately when in the merge queue. I’ll dig further into it.

As a workaround, and with a limited knowledge of the GitHub merge queue at the moment, could you try specifying the parameters manually?

If you are analyzing a pull request, the parameter is: -Dsonar.pullrequest.key=1234
If it is a regular branch, then it is: -Dsonar.branch.name=my/cool/branch

Hi, there was any progress about this? I’ve just faced the same issue. It seems it fails to pick up the branch name and reports it incorrectly to the default branch, also incorrectly picking a diff from it, instead the base from the branch protection

Hello!

I’m happy to see your interest in our product!

Sadly, no progress so far - we are working on our roadmap, and there are already many things in it!
We have taken good note of your interest in that feature though.

If you wish, you can have a look at our roadmap and also submit ideas and vote here: SonarCloud Roadmap

Thanks a lot for your patience,
Claire