Relationship between GitHub Action and GitHub App / Access without Personal Access Token

There is both a GitHub Action and a GitHub App.

The GitHub App SonarCloud should be able to provide authentication to the action, as per my understanding.

However the docs seem to assume that you create an Access Token and use that in the Action.

I would like to use the App itself to authenticate in GitHub Actions. Right now Access Tokens are bound to users, which isn’t ideal. Is it possible?


While the GitHub Application allows for SonarCloud to interact with GitHub itself (adding a check, for example, or importing a repository), it does not allow for authentication with SonarCloud, which is why a token still must be generated SonarCloud-side and stored as SONAR_TOKEN.

Stated another way (maybe it helps wrap your head around it) – the GitHub Application is only used for SonarCloud → GitHub communication. The GitHub Action running on the runner is not aware of the application.

Thanks, I thought so.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.