Must-share information (formatted with Markdown):
-
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Sonarqube - Enterprise Edition - Version 9.4 (build 54424) -
what are you trying to achieve
I want my PR Analysis to fail when new code smells or bugs appear. -
what have you tried so far to achieve this
I have been attempting to run PR analysis in my front-end application project. Unfortunately, it doesn’t work when I introduce new code smells into my application to test this behaviour.
When I run the project in my PR pipeline stage in GoCD, it sets the following variables in my sonar-project.properties file:
sonar.pullrequest.key=<id>
sonar.pullrequest.branch=<branch>
sonar.pullrequest.base=main
When I run the project manually and I git checkout the , it fails, as follows:
git checkout <branch>
docker run \
--rm \
-e SONAR_HOST_URL=<URL> \
-e SONAR_LOGIN=<SONAR_TOKEN> \
-v "$(pwd):/usr/src" \
sonarsource/sonar-scanner-cli
If I don’t manually check out the , it seems to be constantly running against the main branch instead, always being successful at the end, which is not the behaviour I am expecting.
Is the sonar-scanner-cli, either in docker, maven or any other version, supposed to check out the PR branch to be analysed or do we have to do it manually?