SonarCloud doesn't add gate status comment on my PR

SonarQube Cloud
, , , ,
1

Hello,

I’m trying to setup a Maven Java project with SonarQube Cloud and I can’t seem to get the analysis report comment from SonarQube Cloud on my Pull Request.

Example of what I want on my PR :

3370ee4df638b7a29a881784fcf3005d6d204a75
3370ee4df638b7a29a881784fcf3005d6d204a751001×311 15.2 KB

I’m using Github with Github Actions, using the org.sonarsource.scanner.maven:sonar-maven-plugin:sonar plugin.

name: Java CI Build with Maven and SonarQube

on:
  workflow_dispatch:
  push:
    branches: [ "main" ]
  pull_request:
    types: [ opened, synchronize, reopened ]

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read

    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Set up JDK 25
        uses: actions/setup-java@v5
        with:
          java-version: '25'
          distribution: 'temurin'
          cache: maven

      - name: Cache SonarQube packages
        uses: actions/cache@v5
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar

      - name: Cache Maven packages
        uses: actions/cache@v5
        with:
          path: ~/.m2
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven

      - name: Build, test and generate reports with Maven
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} -Dsonar.qualitygate.wait=true
  • And here is the SonarScanner context log from the latest analysis :
SonarCloud plugins:
  - Text Code Quality and Security 2.42.0.10784 (textenterprise)
  - IaC Code Quality and Security 2.8.0.19776 (iac)
Project server settings:
  - sonar.abap.file.suffixes=.abap,.ab4,.flow,.asprog
  - sonar.apex.file.suffixes=.cls,.trigger
  - sonar.autoscan.enabled=false
  - sonar.azureresourcemanager.file.suffixes=.bicep
  - sonar.c.file.suffixes=.c,.h
  - sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp,.ixx,.mxx,.cppm,.ccm,.cxxm,.c++m
  - sonar.cs.file.suffixes=.cs,.razor
  - sonar.css.file.suffixes=.css,.less,.scss,.sass
  - sonar.dart.file.suffixes=.dart
  - sonar.docker.file.patterns=*.dockerfile,Dockerfile,dockerfile
  - sonar.flex.file.suffixes=as
  - sonar.go.file.suffixes=.go
  - sonar.groovy.file.suffixes=groovy,gvy,gy,gsh
  - sonar.html.file.suffixes=.html,.xhtml,.cshtml,.vbhtml,.aspx,.ascx,.rhtml,.erb,.shtm,.shtml,.cmp,.twig,.htm
  - sonar.ipynb.file.suffixes=ipynb
  - sonar.java.file.suffixes=.java,.jav
  - sonar.java.jvmframeworkconfig.file.patterns=**/src/main/resources/**/*app*.properties,**/src/main/resources/**/*app*.yaml,**/src/main/resources/**/*app*.yml
  - sonar.javascript.file.suffixes=.js,.jsx,.cjs,.mjs,.vue
  - sonar.jcl.file.suffixes=.jcl
  - sonar.json.file.suffixes=.json
  - sonar.jsp.file.suffixes=.jsp,.jspf,.jspx
  - sonar.kotlin.file.suffixes=.kt,.kts
  - sonar.objc.file.suffixes=.m
  - sonar.php.file.suffixes=php,php3,php4,php5,phtml,inc
  - sonar.pli.file.suffixes=.pli
  - sonar.plsql.file.suffixes=sql,tab,pkb
  - sonar.pullrequest.github.summary_comment=true
  - sonar.python.file.suffixes=py
  - sonar.rpg.file.suffixes=.rpg,.rpgle,.sqlrpgle,.RPG,.RPGLE,.SQLRPGLE
  - sonar.ruby.file.suffixes=.rb
  - sonar.rust.file.suffixes=.rs
  - sonar.scala.file.suffixes=.scala
  - sonar.shell.file.suffixes=.sh,.bash
  - sonar.swift.file.suffixes=.swift
  - sonar.terraform.file.suffixes=.tf
  - sonar.tsql.file.suffixes=.tsql
  - sonar.typescript.file.suffixes=.ts,.tsx,.cts,.mts
  - sonar.vb.file.suffixes=.bas,.frm,.ctl
  - sonar.vbnet.file.suffixes=.vb
  - sonar.xml.file.suffixes=.xml,.xsd,.xsl,.config
  - sonar.yaml.file.suffixes=.yaml,.yml
Project scanner properties:
  - sonar.binaries=/home/runner/work/blackflash/blackflash/target/classes
  - sonar.dynamicAnalysis=reuseReports
  - sonar.groovy.binaries=/home/runner/work/blackflash/blackflash/target/classes
  - sonar.host.url=https://sonarcloud.io
  - sonar.java.binaries=/home/runner/work/blackflash/blackflash/target/classes
  - sonar.java.coveragePlugin=jacoco
  - sonar.java.enablePreview=false
  - sonar.java.jdkHome=/opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/25.0.2-10/x64
  - sonar.java.libraries=/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-actuator/4.0.4/spring-boot-starter-actuator-4.0.4.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/4.0.4/spring-boot-starter-4.0.4.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/4.0.4/spring-boot-starter-logging-4.0.4.jar,/home/runner/.m2/repository/ch/qos/logback/logback-classic/1.5.32/logback-classic-1.5.32.jar,/home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.32/logback-core-1.5.32.jar,/home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.25.3/log4j-to-slf4j-2.25.3.jar,/home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.17/jul-to-slf4j-2.0.17.jar,/home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar,/home/runner/.m2/repository/org/yaml/snakeyaml/2.5/snakeyaml-2.5.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-micrometer-metrics/4.0...
  - sonar.java.source=25
  - sonar.java.target=25
  - sonar.java.test.binaries=/home/runner/work/blackflash/blackflash/target/test-classes
  - sonar.java.test.libraries=/home/runner/work/blackflash/blackflash/target/classes,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-actuator/4.0.4/spring-boot-starter-actuator-4.0.4.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/4.0.4/spring-boot-starter-4.0.4.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/4.0.4/spring-boot-starter-logging-4.0.4.jar,/home/runner/.m2/repository/ch/qos/logback/logback-classic/1.5.32/logback-classic-1.5.32.jar,/home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.32/logback-core-1.5.32.jar,/home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.25.3/log4j-to-slf4j-2.25.3.jar,/home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.17/jul-to-slf4j-2.0.17.jar,/home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar,/home/runner/.m2/repository/org/yaml/snakeyaml/2.5/snakeyaml-2.5.jar,/home/runner/.m2/repository/org/springfr...
  - sonar.junit.reportPaths=/home/runner/work/blackflash/blackflash/target/surefire-reports
  - sonar.junit.reportsPath=/home/runner/work/blackflash/blackflash/target/surefire-reports
  - sonar.language=java
  - sonar.libraries=/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-actuator/4.0.4/spring-boot-starter-actuator-4.0.4.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/4.0.4/spring-boot-starter-4.0.4.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/4.0.4/spring-boot-starter-logging-4.0.4.jar,/home/runner/.m2/repository/ch/qos/logback/logback-classic/1.5.32/logback-classic-1.5.32.jar,/home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.32/logback-core-1.5.32.jar,/home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.25.3/log4j-to-slf4j-2.25.3.jar,/home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.17/jul-to-slf4j-2.0.17.jar,/home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar,/home/runner/.m2/repository/org/yaml/snakeyaml/2.5/snakeyaml-2.5.jar,/home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-micrometer-metrics/4.0...
  - sonar.links.ci=
  - sonar.links.homepage=https://github.com/poulpy2k/blackflash
  - sonar.links.issue=
  - sonar.links.scm=https://github.com/poulpy2k/blackflash
  - sonar.links.scm_dev=scm:git:ssh://github.com/poulpy2k/blackflash.git
  - sonar.moduleKey=poulpy2k_blackflash
  - sonar.organization=poulp2k
  - sonar.projectBaseDir=/home/runner/work/blackflash/blackflash
  - sonar.projectBuildDir=/home/runner/work/blackflash/blackflash/target
  - sonar.projectDescription=Blackflash is a Discord music bot.
  - sonar.projectKey=poulpy2k_blackflash
  - sonar.projectName=blackflash
  - sonar.projectVersion=pull-2-merge-SNAPSHOT
  - sonar.pullrequest.key=2
  - sonar.qualitygate.wait=true
  - sonar.scanner.apiBaseUrl=https://api.sonarcloud.io
  - sonar.scanner.app=ScannerMaven
  - sonar.scanner.appVersion=5.5.0.6356/3.9.13
  - sonar.scanner.arch=x86_64
  - sonar.scanner.os=linux
  - sonar.scanner.sonarcloudUrl=https://sonarcloud.io
  - sonar.scanner.truststorePassword=******
  - sonar.scanner.truststorePath=/usr/lib/jvm/temurin-25-jdk-amd64/lib/security/cacerts
  - sonar.scanner.wasEngineCacheHit=true
  - sonar.scanner.wasJreCacheHit=HIT
  - sonar.sourceEncoding=UTF-8
  - sonar.sources=/home/runner/work/blackflash/blackflash/pom.xml,/home/runner/work/blackflash/blackflash/src/main
  - sonar.tests=/home/runner/work/blackflash/blackflash/src/test/java
  - sonar.token=******
  - sonar.working.directory=/home/runner/work/blackflash/blackflash/target/sonar

I tried adding the -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} key to the Maven Github Action in order the force the PR mention, but it doesn’t seem to make a difference.

Thank you in advance and have a great day.

2

After tinkering a bit more, I found what my problem was.

The SonarQube Cloud App on GitHub had permissions for only one repository. Changing it to “All” fixed it for me.

image
image1972×1018 140 KB