Here is the problem:
- existing PR on GitHub let’s say with number #7
- all good when analysis is run with sonar.pullrequest.key=7
- mistakenly analysing the pull request passing `sonar.pullrequest.key=8. Analysis on SQ side successful and PR decoration fails with 404 (as the PR with the id is not existent)
- mistakenly analysing the pull request passing sonar.pullrequest.key=1. SQ analysis successful (details below) PR Decoration taking place on the PR #7 (because the SHA1 of the commit is used as a coordinate)
What happens on SonarQube side in the latter case however is that another PR gets created, pulling meta-data from already closed PR #1:
Parallel to this the correct PR gets decorated on the GitHub side because of the SHA1.
We should have additional checks to prevent this happening, and perhaps fail the CE task.