Continuing the discussion from Github pull request decoration failing, missing commit SHA:
-
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube 10.6.0.92116sonarsource/sonarqube-github-c-cpp@v1sonar-scanner-5.0.1.3006-linux
-
how is SonarQube deployed: zip, Docker, Helm
zip -
what are you trying to achieve
I was updating my GitHub Actions workflows to usesonarsource/sonarqube-github-c-cpp@v1for scanning C/C++ projects. -
what have you tried so far to achieve this
I have configured a workflow that is triggered on pull request events (opened,synchronizeandreopened). Most of the times it works fine, but sometimes it fails due to a “missing” commit.
Initially, I got a warning in SonarQube when usingactions/checkout@v4as described in the docs. By default, the checkout action usesGITHUB_SHA, which according to the GitHub Docs may not be the commit ID for the last commit to the head branch.
To address this, I made the checkout action to usegithub.event.pull_request.head.sha, which should be the commit ID for the most recent commit to the head branch of the pull request. Although the GitHub actions workflow seems to consistently check out the correct commit, the scanner seems to still be using theGITHUB_SHAcommit, which sometimes isn’t the correct commit.
Do you have any suggestions on how to resolve this issue?