Pull Requests in AzureDevOps monorepos not found

Dear Sonar community,

We are experiencing some issues with the SonarCloud-AzureDevOps integration in the context of analysing pull requests. We use AzD both for hosting the Git repositories as well as for CI/CD pipelines.
For the integration we use the managed tasks SonarCloudPrepare, SonarCloudAnalyze, and SonarCloudPublish with CLI scanner mode.

The issue started when the token for SonarCloud to connect to AzureDevOps expired and we renewed it for all projects.
For most projects the renewal did not cause any issues, but for some projects slightly different problems showed up, namely that the
AzD task to run the Sonar analysis cannot find the Pull Request on Sonar side during the Run Code Analysis task:

##[error]ERROR: Error during SonarScanner execution

ERROR: Could not find the pullrequest with key '12345'

ERROR: Caused by: Error 404 on https://sonarcloud.io/api/alm_integration/show_pullrequest?project=PROJECT&pullrequestKey=12345 : {"errors":[{"msg":"Unable to find the pullrequest with key \u002762850\u0027"}]}

We use TypeScript and Go and both are equally affected.

Only six out of roughly 100 projects are affected. What these projects have in common is that they have a monorepo setup, i.e. there are multiple Sonar projects for the same AzD repository.

We already checked in the SonarCloud console if the monorepo flag is still set for these projects. In fact, for some of these projects it was not set. However, enabling it again did not resolve the issue.

In addition, we already checked that the tokens for the AzureDevOps-SonarCloud integration are valid for both directions.

It also works for the analysis of the main/master branch in our release pipelines for these projects, just not for Pull Requests.

We already found this issue (Unable to find the pullrequest with key `X`), but it did not help. Any other hints?

Hi @tomz , welcome to our Community.

Please apologize for the delay to start investigating your issue, I will take care of it.

First, I would like to check if you still have this issue, and if yes, how many projects are affected (mono repo or not). I will send you a private message so you can share with me some details that are required for this investigation.

Since this issue is usually related to misconfiguration and/or PAT issues, I would ask if you did double checked our documentation:

  1. How to configure the pipeline for monorepo
  2. How to configure Pull Requests analysis in Azure pipelines
  3. Our documentation about Pull Requests and other types of pipelines (mono repo) - Please note that there is a dedicated PAT configuration for Pull Requests analysis, which can explain your issue.

Hi Alexandre,

Thanks for getting back to us. Yes, we still have this problem in six projects/two repos, all being monorepos. I’ve checked the documentation, but found nothing new. Will reply to your DM with more details.

Hi @tomz , thanks for sharing the information. I can see in our logs that one critical request into Azure DevOps API is failing with an HTTP 401, which means the request was unauthorized by Azure DevOps API when our services tried to use the token that you provided (for Pull Request usage, which is different from the token that you configure at the organization level).

Azure DevOps does not provide further information for us, since the token does not have enough permissions. I believe the token is invalid and/or expired, otherwise, we would have received an HTTP 403 (access forbidden, because in this scenario the token has authorization, but not enough permissions).

Could you please double-check the token?

1 Like

Hi Alexandre,

Thanks for looking into the logs! We found out that indeed an expired token caused the issue, but not the project-specific tokens for pull request usage, but the one on organization level. It seems that the organization-level token is used by the Azure pipeline tasks in the case of monorepos, while this is not the case for normal repos.

It would be highly appreciated if there was an endpoint to update the organization-level token via API as well so that this could be scripted on our side.

1 Like

Hi @tomz , thanks a lot for your feedback! We should improve Azure DevOps integration, mainly regarding PAT management.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.