Template for a good new topic, formatted with Markdown:
ALM used: Azure DevOps
CI system used: Azure DevOps
Languages of the repository: several repositories, PHP, Kotlin, JS, Swift
Error observed:
Around 30 March 2023, all our pipelines started to fail at the SonarCloudAnalyze@1 task with error “ERROR: Could not find a default branch to fall back on.”
We also noticed in the logs that now there is a line
“INFO: Detected project binding: NONEXISTENT”
In previous successful runs this same line shows
“INFO: Detected project binding: NOT_BOUND”
Things we have done to check:
SonarCloud service integration is ok
Organisation setting for Azure Active Directory Conditional Access Policy Validation is disabled
Suspecting the access token used to bind the projects have expired, we changed the access token for one project to test. All the tokens we tried have failed.
Changed to a “fake” token guaranteed to fail
Changed to a token with full access
Changed to a token with code (read & write) access
I have just realised that I should try to change the Personal Access Token at the organization level and not at the project level as mentioned in the getting started doc.
I think I need to unbind my Azure Devops from SonarCloud and redo the binding. Could anyone help with this please?
I have partly solved the problem by recreating the service connection in Azure Devops with a new token, and now able to run the SonarCloud analysis from my pipelines.
but I cannot add analyse a new project. The error seen:
The Azure DevOps access token is not valid Reasons: The token doesn’t have the required permissions (Code: Read & Write)
You can check your account permission to make sure you have enough permission to create a new project. You can visit this for more information Managing Permissions | SonarCloud Docs
I’m a bit confused. It looks like the initial problem was that your Azure PAT had expired. You replaced it and analyses began working, but you can’t add new projects. The error message you’re getting is coming from Azure:
So that’s about the PAT’s permissions to access projects on the Azure side.
It looks like you’ve come to the conclusion that you need to unbing and re-bind, but unfortunately, it’s currently not possible to unbind an organization and bind it to something else. You can vote for adding this feature here.
The only way to have your organization bound to a different DevOps Platform currently is to create a new organization and re-import your repositories there. Unfortunately, that means you’ll lose the results of previous analyses on these projects.
If you have a yearly subscription for your current organization, a new coupon can be issued for your new organization by reaching out to your sale representative.
If you have a monthly subscription by credit card, you can simply stop your subscription on the old organization and re-subscribe on the new one.
You have understood my problem correctly. My apologies for any confusion.
It looks like you’ve come to the conclusion that you need to unbing and re-bind
That is my conclusion but not what I want to do. To give you some context how I came to this conclusion:
my issue started when the account of the person that set up the integration was deleted from Azure DevOps, which led me to assume the token he generated is no longer valid. Another reason is the token could have become invalid because it expired. So I am trying to change the PAT in SonarCloud to a new PAT
If you later need to update the value of this token you can find it under Your Organization > >Administration > Organization Settings > Azure DevOps connectivity management .
However I don’t appear to be able to do so, and there is no section in the settings for Azure DevOps connectivity management
I read other scenarios (as linked above) that appeared to have been solved with unbinding and rebinding the organisation and I concluded that is what needs to be done
So if I can just change the token without unbinding and rebinding that would be the solution I am looking for. I do not want to change to a different DevOps Platform.
@ganncamp I have managed to solve this issue on my own. This is how I did it:
I realised that although I am an admin of my organization in SonarCloud, I use Github to login. I hypothesised that this was the reason for this (possible bug).
I created an alternate account in SonarCloud using Azure Devops to login to SonarCloud, and made this alternate account an admin in my organisation.
When I login with my alternate account, I was able to see the settings as expected: