PR Analysis for Merging Code from Forked Repo

yigedaboluo · August 21, 2024, 10:39pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
10.3
how is SonarQube deployed: zip, Docker, Helm
Helm
what are you trying to achieve
Merging code from a forked repo; When SonarQube does PR analysis, it should compare forked repo’s feature branch and original repo’s mian branch.
what have you tried so far to achieve this
I read SonarQube documentations about PR analysis.
I tried to use sonar.pullrequest.github.repository and set it to original repo.
I tried to include original repo directly in sonar.pullrequest.base

Hi Sonar Community,

When SonarQube does PR analysis for merging code from a forked repo, it is comparing code in feature branch and base branch of forked repo.

What I want to achieve here is comparing code in feature branch of forked repo with code in main branch of original repo.

Example:
Org org1 has original Repo A, has main branch, org1/A:main
Org org2 has Forked Repo B, has main branch and feature1 branch, org2/B:main and org2/B:feature1.

When merging org2/B:feature1 into org1/A:main, I want SonarQube to compare those branches and do analysis. However, it is comparing org2/B:feature1 to org2/B:main

I have set sonar.pullrequest.branch to feature1.

What I tried so far:

set sonar.pullrequest.github.repository to org1/A:main.
set sonar.pullrequest.base to org1/A:main.

Neither of them worked for me.

Any help would be greatly appreciated.

ganncamp · August 23, 2024, 3:35pm

Hi,

From some internal documentation (we’re working on the user-facing docs):

The refs from both remotes must be present locally

% git remote add target git@github.com:original-repo/sonar-training-app.git
% git remote -v
origin	git@github.com:forked-repo/sonar-training-app.git (fetch)
origin	git@github.com:forked-repo/sonar-training-app.git (push)
target	git@github.com:original-repo/sonar-training-app.git (fetch)
target	git@github.com:original-repo/sonar-training-app.git (push)`

make sure to have all the refs available locally

% git fetch --all
Fetching origin
Fetching target

the analysis can now run as follows, on the main branch of the forked project, with target/main set as sonar.pullrequest.base

% git branch
* main
% sonar-scanner -Dsonar.projectKey=github-actions-sonar-training-app -Dsonar.pullrequest.branch=main -Dsonar.pullrequest.key=30 -Dsonar.pullrequest.base=target/main

HTH,
Ann

Topic		Replies	Views
How does SonarQube define New Code in a Pull Request? SonarQube Server / Community Build sonarqube	2	59	August 21, 2024
Issue with integrating PR analysis Sonar Report in Bitbucket SonarQube Server / Community Build sonarqube , bitbucket	0	561	December 9, 2021
Forked Pull Request analysis does not work when is into main from main SonarQube Cloud scanner , dotnet , sonarqube-cloud	4	734	February 13, 2023
Sonar-scanner branch analysis across forks, without creating a pull request SonarQube Server / Community Build scanner	1	751	May 24, 2021
PR analysis for original repo which doesn't have SonarCloud project SonarQube Cloud pull-request	7	865	April 20, 2020

PR Analysis for Merging Code from Forked Repo

Related topics