We are using SonarCloud and the integration with Azure DevOps portal. We set the Personal Access Token in the Integration with Azure DevOps Services section of the settings to allow SonarCloud interact with Azure Devops. We have set the token’s expiration date to be far in the future and it is not being regenerated or revoked.
Once we set it up it works for few days (analyses the code on PR) but after few days it stops working and we have to re-enter the same token on SonarCloud settings page to make it work again. We have quite a few project and it is very annoying because it happens very often.
the status of the quality gate sonar cloud task when it is run by AzureDevops on PR is grayed out so it suggests that the sonarcloud cannot access the Azure DevOps. Also it starts working again when I re-enter the code in the SonarCloud settings
Do you have a “Publish Quality Gate result” task in your build ? If yes, does it work ? Do you have the quality gate in the summary of the build just executed ?
Do you have any warning on SonarCloud’s side ? When you go on the “Background tasks” under administration of your project, does all of them succeeded ?
I have, and everything is working fine when I set it up (the sonarcloud is adding comments to PR and blocking the merge if for example the coverage is not sufficient…). But then, as I mentioned, occasionally it stops working and I have to update the key (usually just pasting again the same key is enough).
There are only Success messages in background tasks, nothing failed or cancelled.
yes, it is not that. you have to check in the code why would re-entering same DevOps key in SonarCloud fix the issue (even if the key has the expiration time far in the future)
Sorry to ask again, but I would like to be sure to understand your issue. You have generated a token on Azure side, and set it in SonarCloud settings here:
It works for a while, but after some time, you have to re-enter the same token. Am I correct?
Here is what you could investigate: Is the token somehow cleared/altered on SonarCloud side? This can be easily checked using web API to query the parameter unobfuscated value: https://sonarcloud.io/api/settings/values?component=<your project key>&keys=sonar.pullrequest.vsts.token.secured
(you need admin permission on the project)
Yes, you are correct.
Thanks, next time we encounter this issue I will try to use this url to check the token.
I checked the warning messages, I am not sure was that at the time of the issue, but on some runs we get “Pull request decoration failed because the token specified in the settings does not have sufficient rights. Please check the permissions of this token.”. We haven’t change any permissions for the token in the meantime so not sure why would that occur.
The setup is exactly the same as in your screenshot, we don’t have multiple status policies within the branch, scope is read & write for Code and Read for Packaging