python-template icon indicating copy to clipboard operation
python-template copied to clipboard
verified publisher icon NLeSC

Warning when Sonar analysis is performed on external PR

Open sverhoeven opened this issue 4 years ago • 2 comments

A external contributor will fork the repo and create a pull request according to contributing docs. The Sonar cloud analysis workflow will fail, because secrets are not available on external pull requests. It would be nice if we skip the analysis and give a nice warning why it was skipped.

There are some discussions on Sonarcloud forums, but there is currently no way to run analysis on pull requests of a forked repository.

sverhoeven avatar Apr 22 '21 06:04 sverhoeven

Adding a if condition in a step to the GA workflow to check the secret might be the solution.

fdiblen avatar Apr 28 '21 09:04 fdiblen

Not linting pull requests from external repositories is not very inviting to external contributors. It will also lead to poor quality code getting merged and then you need to fix this as the maintainer. Wouldn't it be better to use a listing service that supports pull requests from external repos?

bouweandela avatar May 18 '21 09:05 bouweandela