GitHub pull request decoration and SonarCloud Code Analysis check stopped working after switch to pull_request_target


After switching to pull_request_target Github trigger event, sonarcloud bot stopped to post a comment in pull request. Also Sonar Cloud Code Analysis pull request check disappeared.

  • ALM used: GitHub
  • CI system used GitHub Actions

This is how the relevant jobs of the workflow look like:

      - master
      - opened
      - reopened
      - edited
      - synchronize

    runs-on: ubuntu-latest

      # Downloads a copy of the code in your repository before running CI tests
      - name: Check out repository code
        uses: actions/checkout@v2
          ref: ${{ github.event.pull_request.head.sha }}
          ssh-key: ${{ secrets.PRIVATE_GITHUB_SSH_PRIVATE_KEY }}
          fetch-depth: 0
          persist-credentials: false
          submodules: recursive

      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
          GITHUB_TOKEN: ${{ secrets.PRIVATE_GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          projectBaseDir: auth-code-service
          args: >
            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
            -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
            -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }}

The configuration is done according to recommendations from GitHub comments stopped working in GitHub action after switch to pull_request_target.

The background task id that is connected with the analysis that comment was not delivered to the pull request is: AXzBZqufSPwfurilYH_p

Please help to solve this issue.

Thank you.

Hello Eugene! And welcome to the community!

We had a look at your analysis id and it seems like your SC project and Github repository are not bound, so you might want to do that first.

And if it still doesn’t do the PR decoration you could try to add the following property, just keep in mind that it’s deprecated and we do not really encourage to use it, it’s normally done automatically by our Github Action when using pull_request:

  • sonar.pullrequest.github.repository=slug_of_your_repo

On a side note you might also want to specify the target of the PR with:

  • sonar.pullrequest.base=master

I hope it will help!