GitHub Actions C/C++ GitHub Token on push

SonarQube Cloud
1

Template for a good new topic, formatted with Markdown:

  • ALM used GitHub
  • CI system used GitHub Actions
  • Scanner command used when applicable
sonar-scanner \
          -Dsonar.organization=ruuvi \
          -Dsonar.projectKey=ruuvi_ruuvi.firmware.c \
          -Dsonar.sources=./src \
          -Dsonar.cfamily.build-wrapper-output=bw-output \
          -Dsonar.cfamily.gcov.reportsPath=. \
          -Dsonar.host.url=https://sonarcloud.io \
          -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
          -Dsonar.pullrequest.github.token.secured=${{ secrets.GITHUB_TOKEN }}
  • Languages of the repository: C
  • Only if the SonarCloud project is public, the URL: https://github.com/ruuvi/ruuvi.firmware.c
  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
ERROR: Please add the secret GITHUB_TOKEN as an environment variable to your GitHub Actions workflow. See https://github.com/sonarsource/sonarcloud-github-action for more details.
  • Steps to reproduce
  1. Open a pull request, everything is good
  2. Merge pull request, commit is considered as a push to master (?) and -Dsonar.pullrequest.github.token.secured has no effect.
  • Potential workaround
    Is there sonar.push.github.token.secured or would sonar-scanner read the token from environment?
2

Hello @ojousima,

You only need to expose the GITHUB_TOKEN, which you can do as follows:

# Runs a set of commands using the runners shell
    - name: Run Sonar scanner
      run: |
        ceedling test:all
        ceedling gcov:all utils:gcov
        gcov  -b -c build/gcov/out/*.gcno
        export SONAR_SCANNER_OPTS="-server"
        sonar-scanner \
          -Dsonar.organization=ruuvi \
          -Dsonar.projectKey=ruuvi_ruuvi.firmware.c \
          -Dsonar.sources=./src \
          -Dsonar.cfamily.build-wrapper-output=bw-output \
          -Dsonar.cfamily.gcov.reportsPath=. \
          -Dsonar.host.url=https://sonarcloud.io
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}