Hello!
We are using SonarQube (Enterprise Edition) version 10.6.0
and it is deployed with Helm to GKE
Following the documentation to get PR (MR) decorations in our Gitlab, we have an access token created as per the documentation, reporter
permissions and read_api
scope (GitLab integration)
I can see in the following error that it looks to suggest it needs the api
and read_api
scopes, is this the case or should this be working with just read_api
? Ideally we want the least permissions
Error:
2024.07.09 15:11:49 ERROR ce[044af8f5-5290-4819-9e09-2be982a09348][o.s.a.c.g.GitlabApplicationClient] Gitlab API call to [https://gitlab.com/api/v4/projects/<<REDACTED>>/merge_requests/47/notes] failed with 403 http code. gitlab response content : [{"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api read_api"}]
2024.07.09 15:11:49 DEBUG ce[044af8f5-5290-4819-9e09-2be982a09348][c.s.b.D.D.D] post for gitlab merge request decoration has finished after 137 ms
2024.07.09 15:11:49 ERROR ce[044af8f5-5290-4819-9e09-2be982a09348][c.s.b.D.D.F] An exception was thrown during Merge Request decoration : Your GitLab token has insufficient scope
2024.07.09 15:11:49 ERROR ce[044af8f5-5290-4819-9e09-2be982a09348][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Execution of task class com.sonarsource.b.D.C failed
org.sonar.alm.client.gitlab.GitlabServerException: Your GitLab token has insufficient scope
at org.sonar.alm.client.gitlab.GitlabApplicationClient.checkResponseIsSuccessful(GitlabApplicationClient.java:188)
at org.sonar.alm.client.gitlab.GitlabApplicationClient.checkResponseIsSuccessful(GitlabApplicationClient.java:176)
at com.sonarsource.b.D.D.D.postNote(Unknown Source)
at com.sonarsource.b.D.D.F.路(Unknown Source)
at com.sonarsource.b.D.r.路(Unknown Source)
at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(Unknown Source)
at com.sonarsource.b.D.r.路(Unknown Source)
at com.sonarsource.b.D.C.路(Unknown Source)
at java.base/java.util.Optional.ifPresent(Unknown Source)
at com.sonarsource.b.D.C.路(Unknown Source)
at com.sonarsource.b.D.C.좫(Unknown Source)
at org.sonar.ce.async.SynchronousAsyncExecution.addToQueue(SynchronousAsyncExecution.java:27)
at com.sonarsource.b.D.C.路(Unknown Source)
at java.base/java.util.Optional.ifPresent(Unknown Source)
at com.sonarsource.b.D.C.finished(Unknown Source)
at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.executeTask(PostProjectAnalysisTasksExecutor.java:101)
at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.finished(PostProjectAnalysisTasksExecutor.java:92)
at org.sonar.ce.task.step.ComputationStepExecutor.executeListener(ComputationStepExecutor.java:89)
at org.sonar.ce.task.step.ComputationStepExecutor.execute(ComputationStepExecutor.java:61)
at org.sonar.ce.task.projectanalysis.taskprocessor.ReportTaskProcessor.process(ReportTaskProcessor.java:75)
at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.executeTask(CeWorkerImpl.java:212)
at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.run(CeWorkerImpl.java:194)
at org.sonar.ce.taskprocessor.CeWorkerImpl.findAndProcessTask(CeWorkerImpl.java:160)
at org.sonar.ce.taskprocessor.CeWorkerImpl$TrackRunningState.get(CeWorkerImpl.java:135)
at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:87)
at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:53)
at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:76)
at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
2024.07.09 15:11:49 INFO ce[044af8f5-5290-4819-9e09-2be982a09348][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Pull Request decoration | status=FAILED | time=1069ms
Many thanks,
Kieran C