We have been using the Sonar Scanner for MSbuild for a long time, and is constantly upgrading to the latest version.
Version 5.13.0 added support for sonar.token
instead of deprecated sonar.login
.
At least according to the PR #1520 the sonar.login
is deprecated. The parameter documentation does not mention neither the old field being deprecated or the new field sonar.token
.
Switcing to token resulted in an error:
Working code using 5.12.0 and 5.13.0 with sonar.login:
run: SonarSource/SonarScanner.MSBuild.exe begin /k:"myOrg_${{ github.event.repository.name }}" /o:"myOrg" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
[…]
run: SonarSource/SonarScanner.MSBuild.exe end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
Failing code using 5.13.0 with sonar.token:
run: SonarSource/SonarScanner.MSBuild.exe begin /k:"myOrg_${{ github.event.repository.name }}" /o:"myOrg" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
[…]
run: SonarSource/SonarScanner.MSBuild.exe end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
The error we now get is:
INFO: Check ALM binding of project ‘xx’
WARN: Failed to check if project ‘xx’ is bound
INFO: Detected project binding: ERROR
INFO: Check ALM binding of project ‘xx’ (done) | time=485ms
Looks like there might be a bug in the scanner when using token?
Attached log file:
SonarCloud.log (4.0 KB)
(organization and repository names are replaced with placeholders)