ERROR: Error during SonarScanner execution You're not authorized to run analysis. Please contact the project administrator

acki · August 11, 2021, 4:44pm

I am analyzing an open source project with it. The user should have access to run an analysis.
However, I still get:

 16:41:10.637 DEBUG: POST 403 https://sonarcloud.io/api/ce/submit?organization=rttrorg&projectKey=rttrorg_rttr&projectName=rttr&characteristic=pullRequest%3D315 | time=1141ms
16:41:10.659 INFO: ------------------------------------------------------------------------
16:41:10.659 INFO: EXECUTION FAILURE
16:41:10.660 INFO: ------------------------------------------------------------------------
16:41:10.660 INFO: Total time: 5:12.867s
16:41:10.725 INFO: Final Memory: 9M/34M

Github Job: code-quality: add sonar source analysis · rttrorg/rttr@5a847b4 · GitHub

PR: code-quality: add sonar source analysis by acki-m · Pull Request #315 · rttrorg/rttr · GitHub

What setting is missing?

Claire_Villard · August 12, 2021, 9:25am

Hi @acki , welcome to the community forum.

Thanks for the links to the PR!
I see you are trying to analyze the PR from a fork. This feature is currently not supported for CI-based analysis, only for automatic analysis.
It’s already identified on our side, but not planned (some links to follow the progress are on this other thread). You can also vote on that issue: SonarCloud analyzes external Pull Request - SonarCloud | Product Roadmap

Claire

acki · August 12, 2021, 10:47am

actually the analysis is not running on the fork, here you can see:
https://github.com/acki-m/rttr/actions

No analyze with sonar source action

I also added a check whether the action is running on a fork:
https://github.com/rttrorg/rttr/pull/315/files#diff-9a3216554898843f8508e7d7f4e77d2bbd65b77ae944c56a55aa263c0c53af3bR18

So what should I do now?

acki · August 12, 2021, 9:04pm

@Claire_Villard
Okay no when I create a PR from a branch inside the repo it works, sonar cube could upload the report.
And really zero vulnerabilities? Can’t believe it.

However, can you tell me how I can prevent this specific job running, when I got a PR from a fork?

Claire_Villard · August 13, 2021, 6:48am

TBH, I don’t know, this is related to Github workflows and not to SonarSource products, and I never tried that so I can’t help.
I found that forum post that gives solutions to a similar problem, maybe it could help.

Claire