I am working on a PoC for a project where I want to integrate Sonarqube scans as part of Azure DevOps pipelines for a Java based application.
For the purpose, I am running the Community version on a server as virtual machine and using version 220.127.116.11709 of the Sonar code. For the pipelines I am using the latest maven plugin version by default (currently 18.104.22.1684).
I was able to get the analysis uploaded to the server if I create a project in Sonarqube GUI prior to running the analysis and either a) passing the project key to the maven config or b) setting the key in sonarqube as to what the maven plugin will send by default. So far so good, confirming the user whose token I am using has Global analysis and also Project analysis permissions.
What I am failing as though is to upload the analysis resuts if the project does not exist prior the initial run in Sonarqube. As per my understanding of the documentation, if there is no project existing, a new one should be created.
For that purpose, I granted the user global create project and global run analysis permissions. I recreated the user token and updated the connection details in Azure. I also made sure to grant run analysis permissions for the “creator” in the default projects template. The default option for new projects is for them to be Private, but I also tested with Public option - much to the same result. The error I am getting is:
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:22.214.171.1244:sonar (default-cli) on project Playground-Java: Failed to upload report: You’re not authorized to run analysis. Please contact the project administrator. → [Help 1]
The debug version of the maven execution shows that I am getting 403 on the POST to the sonarqube API.
Am I missing something in the configuration as such, or is it a version limitation?
Any help would be greatly appreciated, as I am fresh out of ideas.
Thank you in advance!