ci: fix sonarcloud scan pr source

[lpape-ionos]

Sonarcloud thinks that every branch is "main" (see https://sonarcloud.io/project/branches_list?id=ionos-cloud_cluster-api-provider-proxmox)

This is an attempt to fix that

Warning: the check run here uses the workflow from main, so I cant be sure if this works. I'd be happy to receive other suggestions

[avorima]

There are a few things to consider here.

I guess you found this page, but another page mentions sonar.branch.name and sonar.branch.target. Then the github action setup docs don't mention any of these.

The scan action seems to have access to GITHUB_EVENT_NAME, but also GITHUB_BASE_REF, GITHUB_HEAD_REF and GITHUB_REF. That should be enough to automatically fill out the required information.

Here are action logs showing the event name:

INFO: Load project pull requests
INFO: Load project pull requests (done) | time=205ms
INFO: Load branch configuration
INFO: Github event: pull_request_target
INFO: Load branch configuration (done) | time=3ms

Then there's this issue https://github.com/SonarSource/sonarqube-scan-action/issues/29 which also mentions that sonar.pullrequest.* should be populated.

I tried looking finding where these variables are used, but couldn't find anything at first glance in https://github.com/SonarSource/sonar-scanner-cli or https://github.com/SonarSource/sonar-scanner-commons

I'm not saying your change won't work, but I think the culprit actually is sonarcloud here. So I'd propose that you open an issue (or reopen the one I linked).

[lpape-ionos]

I agree with you that sonar should already have all the necessary information but I dont think that this is sonar's fault. We are doing an unconventional checkout here:

cluster-api-provider-proxmox/.github/workflows/test.yml

Lines 22 to 29 in 01b3f7f

	- name: Checkout (preview) merge commit for PR ${{ github.event.pull_request.number }}
	if: ${{ github.event_name == 'pull_request_target' }}
	uses: actions/checkout@v4.1.1
	with:
	# Disabling shallow clone is recommended for improving relevancy of reporting
	fetch-depth: 0
	repository: ${{ github.event.pull_request.head.repo.full_name }}
	ref: ${{ github.event.pull_request.head.ref }}

This is a workaround for branches across forks, my theory is that this confuses the sonar scan. I don't know how one would solve that properly

[wikkyk]

Old thread but it doesn't seem like much has changed since and sonarcloud still doesn't support pull_request_target:
https://community.sonarsource.com/t/github-comments-stopped-working-in-github-action-after-switch-to-pull-request-target/42556/12

[wikkyk]

I think this should be sufficient.

[avorima]

Old thread but it doesn't seem like much has changed since and sonarcloud still doesn't support pull_request_target: https://community.sonarsource.com/t/github-comments-stopped-working-in-github-action-after-switch-to-pull-request-target/42556/12

Yeah, that's what I figured. I thought that opening an issue would shed some light on this

[lpape-ionos]

Looks good to me, tested in a test-PR: #91