Skip to content

docs(skill): diagnose SonarCloud green-on-PR but red-on-main#91

Merged
CybotTM merged 1 commit into
mainfrom
docs/sonarcloud-branch-gate
Jun 21, 2026
Merged

docs(skill): diagnose SonarCloud green-on-PR but red-on-main#91
CybotTM merged 1 commit into
mainfrom
docs/sonarcloud-branch-gate

Conversation

@CybotTM

@CybotTM CybotTM commented Jun 21, 2026

Copy link
Copy Markdown
Member

Adds a Quick Diagnostics entry for a confusing CI state: a PR passes SonarCloud's new-code quality gate (0 new issues) but the default-branch gate goes red after merge.

Root cause: the branch gate evaluates conditions the PR analysis doesn't — most often new_security_hotspots_reviewed (must be 100%) and overall coverage. Security Hotspots require reviewing (marked Safe/Fixed in the UI), not code fixes, and are frequently pre-existing in files the PR never touched. Entry includes the project_status and hotspots/search API calls to confirm before blaming the merge. Sourced from a real session.

Copilot AI review requested due to automatic review settings June 21, 2026 00:56
@github-actions github-actions Bot added documentation Improvements or additions to documentation skill labels Jun 21, 2026
@github-actions

github-actions Bot commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a new section to SKILL.md explaining why SonarCloud might pass on a PR but fail on the main branch, along with helper commands to query the SonarCloud API. The feedback suggests making the jq parsing in these commands more robust by utilizing optional chaining and default fallbacks to prevent errors from missing or null fields.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread skills/github-project/SKILL.md Outdated
A PR can pass SonarCloud's new-code gate while the default-branch gate fails on
new_security_hotspots_reviewed (must be 100%) or overall coverage. Hotspots need
reviewing (marked Safe/Fixed), not fixing, and are often pre-existing in untouched
files. Add a section to security-config.md with the project_status and hotspots
API calls. (Kept out of SKILL.md, which is at its 500-word cap.)

Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
@CybotTM CybotTM force-pushed the docs/sonarcloud-branch-gate branch from c180fd1 to 6dac42b Compare June 21, 2026 10:06
@CybotTM CybotTM merged commit 13e697b into main Jun 21, 2026
18 checks passed
@CybotTM CybotTM deleted the docs/sonarcloud-branch-gate branch June 21, 2026 10:10
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation skill

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants