Command:
sonar-scanner \
-Dsonar.projectKey=demo \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.example.com \
-Dsonar.token=sqa_xxxxxxxxxx
Works fine locally, but fails in GitHub Actions with error:
ERROR: You’re not authorized to analyze this project or the project doesn’t exist on SonarQube and you’re not authorized to create it. Please contact an administrator.
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
Versions:
- scanner: 4.8.0.2856
- sonar: 10.0.0.68432
Notes:
- Note that there is no environment variables and etc, everything is hardcoded by intent
- I did tried global analysis token and user token (but does it matter if it works locally)
- I did tired to check “Execute Analysis” security setting for users, groups and project (but once again it works locally)
- Did tried to run it with -X flag, nothing useful here, everything fails on
DEBUG: POST 403 https://sonarqube.example.com/api/ce/submit?projectKey=demo
- In the same logs I see succesfull responses
DEBUG: GET 200 https://sonarqube.example.com/api/metrics/search?ps=500&p=1
- By locally I mean running sonar-scanner installed with brew, but also tried inside docker with ubuntu - works fine
- Did tried to run docker inside github action but result is still negative
- Did tried to run sonarqube itself with log level set to trace - but nothing printed there at all
Just to be clear here is GitHub Actions workflow definition:
name: sonar
on:
pull_request:
branches:
- main
jobs:
common:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: sonar
run: |
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856.zip -O /tmp/sonar-scanner.zip
unzip /tmp/sonar-scanner.zip -d /tmp
mv /tmp/sonar-scanner-* /tmp/sonar-scanner
rm /tmp/sonar-scanner.zip
export PATH="$PATH:/tmp/sonar-scanner/bin"
sonar-scanner -X \
-Dsonar.projectKey=demo \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.example.com \
-Dsonar.token=sqa_xxxxxxxxx