Sonarcloud quality gate failed, but pr mergable

Hi team,

I am experiencing an issue with getting Sonarcloud to fail a PR in GitHub when a quality check fails. Sonarcloud correctly reports that there has been code added that is a duplication of other code. However, the CI reports that it is successful and allows a merge. The Sonar code analysis has been set up to be required to pass in the settings of the repo.

Here is the failure message in GitHub

Screenshot 2024-08-07 at 11.07.08 AM959×388 31.3 KB

And here is the CI results

Screenshot 2024-08-07 at 11.12.17 AM923×619 70.6 KB

• ALM used: GitHub
• CI system used: GitHub Actions
• Languages of the repository: Java
• SonarCloud project is private
• Steps to reproduce
  • duplicate a controller in a backend repo to trigger sonarcloud’s duplication logic to execute
  • submit a pr with duplicate code
  • All tests will pass and allow merge, but sonarcloud will report a quality gate failure

Note: Sonarcloud does have access to all of our private repos.

Screenshot 2024-08-07 at 11.21.25 AM1920×1200 91.4 KB

I finally figured out what the issue was. We are using the gradle plugin and a dockerfile to run the scan. I had to add the property -Dsonar.qualitygate.wait=true. This waited for sonar to return the quality gate and fail the build.

RUN --mount=type=secret,id=sonarToken,target=/run/secrets/sonarToken,required=true \
    --mount=type=secret,id=githubToken,target=/run/secrets/githubToken,required=true \
      SONAR_TOKEN=$(cat /run/secrets/sonarToken) \
      GITHUB_TOKEN=$(cat /run/secrets/githubToken) \
     ./gradlew sonar \
    -Dsonar.pullrequest.key=${PR_KEY} \
    -Dsonar.pullrequest.branch=${PR_BRANCH} \
    -Dsonar.pullrequest.base=${PR_BASE} \
    -Dsonar.pullrequest.provider=github \
    -Dsonar.qualitygate.wait=true