PR Analysis for Merging Code from Forked Repo

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    10.3
  • how is SonarQube deployed: zip, Docker, Helm
    Helm
  • what are you trying to achieve
    Merging code from a forked repo; When SonarQube does PR analysis, it should compare forked repo’s feature branch and original repo’s mian branch.
  • what have you tried so far to achieve this
    I read SonarQube documentations about PR analysis.
    I tried to use sonar.pullrequest.github.repository and set it to original repo.
    I tried to include original repo directly in sonar.pullrequest.base

Hi Sonar Community,

When SonarQube does PR analysis for merging code from a forked repo, it is comparing code in feature branch and base branch of forked repo.

What I want to achieve here is comparing code in feature branch of forked repo with code in main branch of original repo.

Example:
Org org1 has original Repo A, has main branch, org1/A:main
Org org2 has Forked Repo B, has main branch and feature1 branch, org2/B:main and org2/B:feature1.

When merging org2/B:feature1 into org1/A:main, I want SonarQube to compare those branches and do analysis. However, it is comparing org2/B:feature1 to org2/B:main

I have set sonar.pullrequest.branch to feature1.

What I tried so far:

  1. set sonar.pullrequest.github.repository to org1/A:main.
  2. set sonar.pullrequest.base to org1/A:main.

Neither of them worked for me.

Any help would be greatly appreciated.

Hi,

From some internal documentation (we’re working on the user-facing docs):

  • The refs from both remotes must be present locally
    % git remote add target git@github.com:original-repo/sonar-training-app.git
    % git remote -v
    origin	git@github.com:forked-repo/sonar-training-app.git (fetch)
    origin	git@github.com:forked-repo/sonar-training-app.git (push)
    target	git@github.com:original-repo/sonar-training-app.git (fetch)
    target	git@github.com:original-repo/sonar-training-app.git (push)`
    
  • make sure to have all the refs available locally
    % git fetch --all
    Fetching origin
    Fetching target
    
  • the analysis can now run as follows, on the main branch of the forked project, with target/main set as sonar.pullrequest.base
    % git branch
    * main
    % sonar-scanner -Dsonar.projectKey=github-actions-sonar-training-app -Dsonar.pullrequest.branch=main -Dsonar.pullrequest.key=30 -Dsonar.pullrequest.base=target/main
    

 
HTH,
Ann

1 Like