Sonar cannot be run on PR from a fork

When I make a PR from a branch internal to my organization Sonar runs fine. But if a fork is created and a PR is made from that fork I get the following error:

Error: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project todo-backend: Project not found. Please check the ‘sonar.projectKey’ and ‘sonar.organization’ properties, the ‘SONAR_TOKEN’ environment variable, or contact the project administrator → [Help 1]

This is because GitHub does not pass secret per documentation:

Note: With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.

Does anyone have a better suggestion / work around?

This is not possible out-of-the-box, but some users have found a workaround.

You may also want to vote on this roadmap item here: https://portal.productboard.com/sonarsource/1-sonarcloud/c/50-sonarcloud-analyzes-external-pull-request

1 Like

This seems to be the 2nd highest voted item. Any chance that this gets fixed/implemented, actually?

Hello, Is there any workaround for that when someone is working with PRs from forks?

There is a work around. We use it in the Kroxylicious project. The work around is clunky but it works.

The basic scheme is to run the actual Sonar scan in the project rather than PR context (i’m not sure what the proper GitHub terminology is). To do that our PR build uploads a text file containing the PR number. We then have a dependent build job which pulls that down, and then checkouts the PR and runs the sonar scan on that.

The dependent build is our sonar.yaml and you can find the PR upload in this snippet.

HTH