Hello!
We are running a self-hosted GitLab together with a self-hosted SonarQube.
SonarQube documentation instructs us to use a technical user when integrating SonarQube to GitLab:
- Personal Access Token: A GitLab user account is used to decorate Merge Requests. We recommend using a dedicated GitLab account with at least Reporter permissions (the account needs permission to leave comments). Use a personal access token from this account with the api scope authorized for the repositories you’re analyzing. Administrators can encrypt this token at Administration > Configuration > Encryption. See the Settings Encryption section of the Security page for more information. This personal access token is used to report your quality gate status to your pull requests. You’ll be asked for another personal access token for importing projects in the following section.
Now, GitLab does have technical users, in GitLab terms, bot users, that are created when you create group access tokens or project access tokens. However, SonarQube’s GitLab documentation is unclear on whether technical user refers to these or just regular user accounts not associated with a human.
As the docs are ambiguous, I went looking around in the forums and found these posts
- Using a Gitlab Service Account
- SonarCloud creates GitLab Bot User - #7 by rbe
- SonarCloud API access token rights with Gitlab - #9 by Oleksiy_Pikalo
I believe they suggest we cannot use group or project access tokens. Am I correct?
It would be nice if you could update the docs to be less ambiguous here, explicitly mentioning whether bot users work or don’t.
In our use case, since the SonarQube instance is not GitLab-wide but only used by one of our groups, group access token would be a perfect solution, as it does not use a seat (meaning it would be quite a bit cheaper for us!), not to mention the hassle of having an actual user with passwords and 2FA etc.