I am running into the following error when running the “SonarCloudAnalyze@1” task from an Azure DevOps pipeline triggered by a Pull Request.
##[error]ERROR: Error during SonarScanner execution
ERROR: Could not find the pullrequest with key '4'
ERROR: Error during SonarScanner execution
##[error]ERROR: Caused by: Error 404 on https://sonarcloud.io/api/alm_integration/show_pullrequest?project=<REDACTED>&pullrequestKey=4 : {"errors":[{"msg":"Unable to find the pullrequest with key \u00274\u0027"}]}
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
ERROR: Caused by: Error 404 on https://sonarcloud.io/api/alm_integration/show_pullrequest?project=<REDACTED>&pullrequestKey=4 : {"errors":[{"msg":"Unable to find the pullrequest with key \u00274\u0027"}]}
Note that the Task succeeds when it is not triggered via a Pull Request. The Azure DevOps Organization is bound to SonarCloud Also, the “Enable Azure Active Directory Conditional Access Policy Validation” is not checked/enabled for the Azure DevOps Organization.
Any assistance to help resolve this error would be greatly appreciated!
Additional Error (may be related)
Also worth mentioning as I feel it may be related; I am seeing the following error on the “Analyze projects” screen:
The Azure DevOps access token is not valid Reasons: The token doesn't have the required permissions (Code: Read & Write)
I think that there may be an issue with the PAT that was used when the Azure DevOps Project was initially setup. I have a hunch it has expired and I don’t see any way to update it in SonarCloud.
Many systems will return a 404 error (i.e. what you’ve asked for doesn’t exist) rather than a 403 error, thus admitting that the resource exists but you just don’t have access to it.
So yes, there’s probably an issue with your the PAT you’ve configured SonarCloud with. You should double-check it.
Thank you for the reply. I would love to double check the PAT token, but I can’t find it anywhere on SonarCloud. So I guess my question now is, how do I check/update the PAT token for a bound organization?
Hi Ann, I have scoured the docs multiple times. This particular documentation says that I can find and update the PAT here: Your Organization > Administration > Organization Settings > Azure DevOps connectivity management.
However, there is nothing about “Azure DevOps connectivity management” on that screen. The following screen-grab is the only thing that I see on that page that mentions Azure DevOps.
I’ve had a look at your issue today and I think since the analysis runs fine when it’s not triggered by a PR you have an issue with mixed PAT.
You can set up a Private Access Token both at the Org level and Project level, in your case, it’s possible that the token at org level is valid, but not the one at project level. I would advise you to make sure you remove the PAT at the project level, so it will use the same token (the org one) everywhere.
You can do it by following the provided screenshot
Hi @quentin.chevrin,
I have tried it both ways. Initially, the PAT at the Project-level was blank; I then provided a new PAT at the Project-level and got the same results. The Project-level PAT has now been removed again. According to the docs, SonarCloud recommends using the Org-level PAT, so that’s what I would prefer to do anyways.
I was a little unclear with what to do with the “Provider” dropdown though. I currently have it set to “Azure DevOps Services” - but I have tried it both ways with the same results.
Yes, we recommend using Org-level PAT, that’s why I suggested that you remove the one at project level.
Could you please run a PR analysis that fails, and give me the Task ID + date/time when it fails ? I will also need the project key and org key. I sent you a private message so you can send the infos there and not have to share it publicly.
Thanks for sharing the infos, I’ve had a look in our logs today.
I am now sure that there is an issue with the private access token rights.
Can you please double check that the token used has all the required rights ? I remember one of our customer also had an issue because the user or group issuing the token didn’t have the rights itself, so you might also check the rights of what is issuing the token.
If you don’t want to mess with your whole org, you can setup the private access token at the project level, and once you find the configuration that works, we advise not to use project level token, so you can move it to org level.
Can you please double check that the token used has all the required rights ?
That’s something I am unable to do because someone else in the AZDO Organization set it up a while back. However, I would like to update the PAT token to a new one, but I cannot find anywhere in SonarCloud to do so.
If you don’t want to mess with your whole org, you can setup the private access token at the project level …
I have tried this at the project-level and it resulted in the same error. I even gave the PAT “Full access” and it did not work.
Next Steps
I guess what I need is a way to change/update the PAT at the org-level but I am unable to find how/where to do this. This has to be a fairly common operation, right? I imagine folks want to rotate out their PAT tokens periodically.
You can update your PAT at org level by going there : Your Organization > Administration > Organization Settings > Azure DevOps connectivity management
Sorry I thought you already updated it at org level.
Alright, so I finally figured it out. I had to create a new SonarCloud user by logging in with the “Azure DevOps” button as opposed to my existing user (GitHub). I then had to add that new user to the SonarCloud Organization and give it the appropriate permissions. Then, I was able to see the PAT settings on the Your Organization > Administration > Organization Settings > Azure DevOps connectivity management screen. That whole section was not visible on the screen with my existing user. This seems pretty awkward to me. I can do everything in SonarCloud with my existing user except for this one thing!? Weird.
Anyways, I appreciate the assistance and we can probably close this issue.
Happy that you could solve your issue. If you can’t see the admininistration menu with a user, this means this user is not admin of the organization. So probably your github user is not admin but your Azure Devops user is.
