GitHub integration when maven repositories are private

Hello, I’m using Sonar 8.8.0.42792 Developer Edition with an eval license. I am attempting to integrate with GitHub so my team will have PR decorations from SonarQube. I’ve worked through all the instructions, but am stuck on the step that requires GItHub to build and analyze the project.

When GitHub attempts to run:
mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar

I get a fatal error:

Could not find artifact com.jamasoftware… in central (https://repo.maven.apache.org/maven2)

The problem is our artifacts are not in the central maven repo, but in a private repo not accessible by GitHub. Is this going to be a blocker for us? Is there any way to proceed with GitHub unable to access our private artifact repository?

Hey there.

The project must be built/analysed somewhere, but not necessarily by GitHub (SonarQube is what decorates the Pull Request, not the scan). Where do your build/analyses happen today?

Ok, gotcha. We use Team City for the build and analysis. Are there instructions on integrating the Pull decoration with TeamCity?

I think the TeamCity SonarQube Plugin (owned by JetBrains, not SonarSource) has worked out the auto-configuration of this.

  • SonarQube Branches & Pull Requests Build Feature

Branches and Pull-Requests analysis parameters automatically provided on build from VCS build information, using SONARQUBE_SCANNER_PARAMS environment variable. It requires TeamCity v2019.2 and SonarQube Developer Edition or above.

I have not tried this out myself.