We are trying to setup pull request decoration for GitHub. However even though it’s blocking the PR when issues are found, it’s not posting those issues as comments on the PR, just like it would with an Azure DevOps integration.
Can someone help us find why the comments are not being posted on the PR.
The conversation tab remains empty.
- Enterprise Edition
- Version 8.9.5 (build 50698)
Below you can see the details of the PR with the issue we were trying to create, the SQ configuration, the GitHub configuration, SQ logs & CI pipeline logs.
The SQ logs contains multiple attempts of this trying it to work. The project names have been anonymized, and the testing the Pull request decoration have been tested in the Git branch ‘ci/sonar-integration-test’
sonarqube_ce-anonymized.log (225.7 KB)
Your very first screenshot shows that SonarQube only has read permissions to your GitHub repo…?
With only read access, it won’t be able to comment on PRs. The docs indicate that read/write perms are required on Checks and Pull Requests.
Hi Ann, if you look at the second line of the permissions section of the screenshot, you can see the bits that have read/write which should cover checks and PR’s.
Here is part of the configuration UI to show in more details:
Do you have any other ideas of things we could validate?
Welcome to the community!
Sorry about misreading the screenshot. You’re right.
And I think perhaps there’s a misunderstanding here. The 5th screenshot in the OP shows the code diff view. That’s not where we add commentary. We did that in an early implementation & there were problems with stale issue comments that we couldn’t find a good way to resolve. So now the “extra” communication only shows up in the Conversations tab. Can you check there?
And BTW, while conversation updates are on by default, they can be turned off at a project level. So that would be the place to check if you’re not seeing conversation updates.
Not a problem. But the 6th screenshot it shows the ‘analysis summary’ enabled on project level.
So that’s what you were referring to right? Also in the 4th screenshot above the ‘Some checks were not successful’ it shows ‘There aren’t yet any conversations on this pull request.’ Because in the latest SQ version, that is where they would show up correct?
FYI, I’ve just edited the OP to add actual numbering next to the screenshots.
And I’m out of my depth & have flagged this for more expert attention.
Hi @Bob_Sanders, @boro2g, how the analysis result looks like in SonarQube? Does it appear as a branch analysis, or as a Pull Request analysis?
It looks like branch analysis. the pull request tab is empty.
Although I am not sure what that means and how (if needed) how to change it.
@ganncamp Thanks for the formatting!
Hey @Bob_Sanders, it means something is preventing SonarQube to detect that this is a PR. It should work out of the box, as the GH Action reads the environment variables.
Let’s start with something simple: the parameter
sonar.pullrequest.github.repository is deprecated and should not be used. The information is retrieved from SonarQube project, so it’s not needed anymore: you can simply remove it.
If that does not solve the issue, could you please share the background task scanner context of the task that should be a PR? You will find this in your project settings > Background Task
@pierreguillot Thanks Pierre, Sorry for the delay. We are going to try this out.
Nick is OOO, so we can try this this week.
Thanks for the help.
We tried removing the ‘sonar.pullrequest.github.repository’ parameter. Unfortunately the result is still the same: task scanner context.txt (4.0 KB)
I did see we have two warnings though in the same place:
Thanks for the provided details. It look likes you are using
sonarsource/sonarcloud-github-action instead of
sonarsource/sonarqube-scan-action in your Github Action yml file. Please make sure you follow the documentation for Github action integration with SonarQube here.
That makes sense. My colleague said he did try that at one point and it didn’t make a difference, but I want to double check it. He has one week of vacation, so there will be radio silence until he is back. I’ll keep you posted.
Thank you all for your patience and effort helping us investigate.
Unfortunately there are some unforeseen developments on our side and we will have to stop investigating this issue at this time.
We can close this thread for now and we will open a new thread once it becomes relevant again.