I have the following update_sonar job in my CI pipeline:

stage: update_sonar
  allow_failure: false
  image: sonarscanner:4.7-n14
  tags:
    - "ocp_l"
  script:
    - sonar-scanner
        -Dsonar.projectKey=${SONAR_PROJECT_KEY}
        -Dsonar.host.url=${SONAR_URL}
        -Dsonar.login=${SONAR_USER}
        -Dsonar.password=${SONAR_PASSWORD}
        -Dsonar.links.homepage=$CI_PROJECT_URL
        -Dsonar.qualitygate.wait=true
        -Dsonar.sourceEncoding=UTF-8
        -Dsonar.projectVersion=$(cat next_version)
        -Dsonar.sources=$SRC_FOLDERS
        -Dsonar.tests=$SRC_TEST_FOLDERS
        -Dsonar.python.xunit.reportPaths=report.xml
        -Dsonar.python.coverage.reportPaths=coverage.xml
        -Dsonar.python.pylint.reportPaths=pylint-report.txt
        -Dsonar.scm.disabled=False
        -Dsonar.scm.provider=git
  retry: 2
  needs:
    - code_quality
  except:
    - tags

In SonarQube, the 'New Code' setting is the following for every branch, except master: Reference branch: master , and for the master branch : Previous version.

When running a commit which is suppose to add a code smells (e.g. too many instance args; variable unused in a function), the pipeline passes, allowing to launch the merge. And then when merging, the pipeline fails.

Does someone have an idea?

Possible fix:

It's seems that the issue could be that I didn't rebase on master after a new release (created branch from v1.00 when v1.01 was release in the mean time). Could that do the trick?