Github Actions. Public repo. You’re not authorized to run analysis

Description:

When member of organisation creates a PR - sonar works like a charm.
But when a random contributor creates PR - sonar crash with the error.
Is it by design or is it some misconfiguration on our organisation’s sonar settings?

Hello @vladimir_abr, can you give more information about the random contributor? It is someone that is not part of the organisation and forked the project in order to create a PR? In that case, forked repositories will not have the SONAR_TOKEN properly configured, since it is a secret stored at the repo variable settings (does not matter if it is a public one). We are working to make possible run analysis on external PR (without using the current token you have configured, which is private and should not be shared in a public context), i can also update you here when this is done.

Hi @Alexandre_Holzhey

Yes, this is exactly the case. PR from external fork.
Thanks! Looking forward!

So for now, it is better to first check if ‘SONAR_TOKEN’ is present and than perform analysis?

It is up to you, the analysis will fail when the token is invalid or missing. Maybe you want a cleaner output, so go for it! :wink:

You can also follow the new feature progress here if you want: https://jira.sonarsource.com/browse/MMF-1371 but i will update here as well as i mentioned.