GitHub sonar analysis failing after analise - POST 403

Hello,
I am trying to run sonar analysis on our project.
I am using GitHub actions to run CI and try to run sonar via this.
Command I am using:

mvn package -DskipTests org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=EmbedITCZ_jbehave-support -Dsonar.organization=embeditcz -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=${{ secrets.SONAR_TOKEN }} -Dsonar.coverage.jacoco.xmlReportPaths=/home/runner/work/jbehave-support/jbehave-support/jacoco/jacoco.xml,/home/runner/work/jbehave-support/jbehave-support/jacoco-it/jacoco.xml

Our CI first build project, run unit and integration tests then run sonar (without clearing project as I am donwloading jacoco results from previous steps).

As SONAR_TOKEN we have token generated on sonarcloud by our organization owner. (defined in master project secrets, in my fork I have my own token from sonar_cloud).
As GITHUB_TOKEN we use default one.
You can see pipeline in PR (it is the first attemps to set up pipeline) and branch originated in my fork not in master.

Maven run in pipeline fails with error:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project jbehave-support: You’re not authorized to run analysis. Please contact the project administrator. -> [Help 1]

Last successful lines are:

[INFO] Analysis report generated in 127ms, dir size=345 KB
[INFO] Analysis report compressed in 164ms, zip size=212 KB

Can you please help me with setup? I have no idea what I’m doing wrong.

edit:
Branch analysis si completed: https://sonarcloud.io/dashboard?branch=sonar5&id=EmbedITCZ_jbehave-support
but build still fails.

edit:
Here is a part of debug log:

[INFO] 08:27:32.041 Analysis report compressed in 189ms, zip size=212 KB
[INFO] 08:27:32.041 Analysis report generated in /home/runner/work/jbehave-support/jbehave-support/target/sonar/scanner-report
[DEBUG] 08:27:32.042 Upload report
[DEBUG] 08:27:32.589 POST 403 https://sonarcloud.io/api/ce/submit?organization=embeditcz&projectKey=EmbedITCZ_jbehave-support&projectName=jbehave-support&characteristic=pullRequest%3D272 | time=547ms
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for jbehave-support 1.0.10-SNAPSHOT:
[INFO]
[INFO] jbehave-support-core-test … SUCCESS [ 0.008 s]
[INFO] jbehave-support-core-test-oxm … SUCCESS [ 6.384 s]
[INFO] jbehave-support-core-test-app-domain … SUCCESS [ 3.584 s]
[INFO] jbehave-support-core-test-app … SUCCESS [ 4.660 s]
[INFO] jbehave-support … FAILURE [01:11 min]
[INFO] jbehave-support-core … SUCCESS [ 16.536 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:44 min
[INFO] Finished at: 2020-01-23T08:27:32Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project jbehave-support: You’re not authorized to run analysis. Please contact the project administrator. -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project jbehave-support: You’re not authorized to run analysis. Please contact the project administrator.
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)

Welcome to the community!

Since I see successful analyses of your project on SonarCloud (of master, of sonar5 branch, of PR#278), I’m a bit puzzled. Do you still have an issue, or have you found a way to make it work?

If the successful analyses visible on SonarCloud were produced by launching mvn in a different environment than your target (GitHub Actions), then you need to find what is different in the two environments. My first suspicion is this part of the command you mentioned:

-Dsonar.login=${{ secrets.SONAR_TOKEN }}

Are you sure that the variable is correctly substituted there? Perhaps you could add an echo statement to verify. If you run the same command manually from your PC, does it work?

Hello, thanks for welcome and answer.
I am sorry I forgot to update issue. We found somewhere that it is not possible to run analysis on PR from fork.
So we just added this to CI:

sonar:
name: Sonar integration
if: github.ref == ‘refs/heads/master’

And now it runs only on master and works fine.
Issue we faced was that analisys on fork runs succesfuly but CI stills fail, probably when it’s tries to comment on PR. So sollution was to check only master after push.