Issue:
We are trying to setup pull request decoration for GitHub. However even though it’s blocking the PR when issues are found, it’s not posting those issues as comments on the PR, just like it would with an Azure DevOps integration.
Can someone help us find why the comments are not being posted on the PR.
Below you can see the details of the PR with the issue we were trying to create, the SQ configuration, the GitHub configuration, SQ logs & CI pipeline logs.
The SQ logs contains multiple attempts of this trying it to work. The project names have been anonymized, and the testing the Pull request decoration have been tested in the Git branch ‘ci/sonar-integration-test’
Hi Ann, if you look at the second line of the permissions section of the screenshot, you can see the bits that have read/write which should cover checks and PR’s.
Here is part of the configuration UI to show in more details:
Sorry about misreading the screenshot. You’re right.
And I think perhaps there’s a misunderstanding here. The 5th screenshot in the OP shows the code diff view. That’s not where we add commentary. We did that in an early implementation & there were problems with stale issue comments that we couldn’t find a good way to resolve. So now the “extra” communication only shows up in the Conversations tab. Can you check there?
And BTW, while conversation updates are on by default, they can be turned off at a project level. So that would be the place to check if you’re not seeing conversation updates.
Not a problem. But the 6th screenshot it shows the ‘analysis summary’ enabled on project level.
So that’s what you were referring to right? Also in the 4th screenshot above the ‘Some checks were not successful’ it shows ‘There aren’t yet any conversations on this pull request.’ Because in the latest SQ version, that is where they would show up correct?
Hey @Bob_Sanders, it means something is preventing SonarQube to detect that this is a PR. It should work out of the box, as the GH Action reads the environment variables.
Let’s start with something simple: the parameter sonar.pullrequest.github.repository is deprecated and should not be used. The information is retrieved from SonarQube project, so it’s not needed anymore: you can simply remove it.
If that does not solve the issue, could you please share the background task scanner context of the task that should be a PR? You will find this in your project settings > Background Task
Thanks for the help.
We tried removing the ‘sonar.pullrequest.github.repository’ parameter. Unfortunately the result is still the same: task scanner context.txt (4.0 KB)
I did see we have two warnings though in the same place:
Thanks for the provided details. It look likes you are using sonarsource/sonarcloud-github-action instead of sonarsource/sonarqube-scan-action in your Github Action yml file. Please make sure you follow the documentation for Github action integration with SonarQube here.
That makes sense. My colleague said he did try that at one point and it didn’t make a difference, but I want to double check it. He has one week of vacation, so there will be radio silence until he is back. I’ll keep you posted.
Thank you all for your patience and effort helping us investigate.
Unfortunately there are some unforeseen developments on our side and we will have to stop investigating this issue at this time.
We can close this thread for now and we will open a new thread once it becomes relevant again.
I’ll keep you posted.