Github Action CI Build Fail with set the SONAR_TOKEN env variable

Hey @RCheesley

This is a highly requested feature, and you can add your feedback/vote here.

I know it’s something we want to tackle this year.

Right now – I’m not aware of any workarounds.

OK, is there any way we can specify the things we’re specifying in our project settings file, using automatic analysis?

For example directories, location of our code coverage file (which is generated during the test.yml GitHub Action), and so forth?

If not, we literally can’t use the product until this is resolved which would be a big shame :frowning:

I am seeing similar issues. I am setting the sonar_token and sonar_host_url as an action secrete but it appears that sonarqube-scan action is not able to read the variables. I am following this exact setup with no success. it is only working if I hard code the secret and url which is not ideal.

- uses: actions/checkout@v2
    # Disabling shallow clone is recommended for improving relevancy of reporting
    fetch-depth: 0
- name: SonarQube Scan
  uses: sonarsource/sonarqube-scan-action@master
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

Having the same issue, but only on PRs that are automatic by dependabot. All other PRs work fine. Any ideas why this happens?

Hi Mihai,

We also had the same problem i.e; Dependabot PRs failed due to absence of SONAR_TOKEN.

For you dependabots PRs, SONAR_TOKEN should be added to the Dependabot secrets (repo settings->secrets>Dependabot). Then the dependabot will expose the secret to the github secret context.

“Dependabot secrets are added to the secrets context and referenced using exactly the same syntax as secrets for GitHub Actions.” Ref: Github Reference.

Hope it helps.


1 Like