When you push a commit and open a pull request for that commit a few moments later, the CircleCI build will already have been triggered (but without the pullrequest metadata, because the pullrequest was not yet opened). In that case the scanner is configured to trigger a branch analysis, and a branch analysis will never update a GitHub check. Re-running that build when a pull request is already opened will trigger pull request analysis and that will update the GitHub check.
Does that match the behaviour you are experiencing? There is a CircleCI idea open that would fix this.
PS: We recently updated our scanner to detect CircleCI environment variables, so you can simplify your CircleCI config.yml by removing this part of your config:
if [[ ! -z ${CIRCLE_PULL_REQUEST} ]]; then
ADDITIONAL_ARGS="-Dsonar.pullrequest.branch=${CIRCLE_BRANCH} \
-Dsonar.pullrequest.key=${CIRCLE_PULL_REQUEST##*/} \
-Dsonar.pullrequest.provider=github \
-Dsonar.pullrequest.github.repository=${GIT_SLUG} \
-Dsonar.pullrequest.github.endpoint=https://api.github.com"
else
ADDITIONAL_ARGS="-Dsonar.branch.name=${CIRCLE_BRANCH}"
fi