SonarQube Server does not analyze Git submodules in Pull Requests #2373
Description
Context
In our GitHub Actions CI pipeline, the SonarQube server does not detect or analyze Git submodules during Pull Request analysis.
Branch analysis works as expected, but submodules are completely ignored by the SonarQube server when the analysis is triggered from a PR.
Environment
CI: GitHub Actions
SonarQube (Gradle)
JDK: 21 (Temurin)
Build tool: Gradle
Repository contains multiple Git submodules
Current configuration
sonar:
name: Sonar Analysis
runs-on:
group: test-deploy
needs: [build, test]
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v6
with:
submodules: recursive
token: ${{ env.GITHUB_TOKEN }}
fetch-depth: 0
- name: Setup Java 21
uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '21'
cache: gradle
- name: 'Download Jacoco Report'
uses: actions/download-artifact@v5
with:
name: jacoco-report
- name: Setup Gradle
uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884
- name: 'Report Code coverage and quality'
run: ./gradlew -xtest build jacocoTestReport sonar
env:
JAVA_OPTS: "-Dfile.encoding=UTF-8 -Dsonar.projectKey=${{ secrets.SONAR_PROJECTKEY }} -Dsonar.coverage.jacoco.xmlReportPaths=jacocoTestReport.xml -Dsonar.log.level=INFO "
Observed behavior
Submodules are correctly cloned locally during the CI job.
SonarQube analysis on Pull Requests ignores the submodule code.
The issue does not occur on branch analysis (only on PRs)