We are using SonarCloud for our maven project in Github Actions CI. It seems like that the sonarscanner-for-maven documentation is not quite right.
The docs says:
The SonarScanner for Maven automatically picks up the value directly from the environment variable. If you use an environment variable, it is not necessary to pass the token on the mvn command line.
However, this is not case. We had to explicitly pass SONAR_TOKEN in sonar.login property as part of maven cli parameters. Even through, SONAR_TOKEN is configured in the repo secrets. Also, properties like sonar.organization, sonar.projectKey and sonar.host.url are part of pom.xml.
The above command works without complaining about SONAR_TOKEN.
If SONAR_TOKEN is not passed explicitly, we get the following error:
[INFO] ------------------------------------------------------------------------
Error: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project scheduler: Project not found. Please check the ‘sonar.projectKey’ and ‘sonar.organization’ properties, the ‘SONAR_TOKEN’ environment variable, or contact the project administrator -> [Help 1]
How does it look for you if you run such a command? Are the environment variables actually making it to the job when you don’t specify -Dsonar.login=${{ secrets.SONAR_TOKEN }}?
In the attached PR(above), I have linked the failed Sonar job which does not have the SONAR_TOKEN passed as env. Here is the output of the github action
Also, I tried to create a test test-PR to print out SONAR_TOKEN and it worked. The issue was also sporadic (happened at different intervals).Additionally, we have atleast 10 failed sonar jobs which had the above mentioned issue.
What I’m suggesting is that you check the env output on a build where you haven’t added -Dsonar.login=${{ secrets.SONAR_TOKEN }} to the scanner command. I couldn’t find a run where this was tried (please let me know if I missed it).