Sonar Token does not work with dotnet-sonarscanner but works with sonarqube-scan-action

SonarQube
,
1

Please provide

  • Operating system: github-actions bash shell
  • Programming language you’re coding in: C#
  • Connected to SonarQube : Enterprise Edition Version 9.6.1 (build 59531)

Running in github actions the dotnet-sonarscanner (5.13.0) tool fails to log into sonar with a token, but the same token works with sonarqube-scan-action.

Error Message:
You can invoke the tool using the following command: dotnet-sonarscanner
#step:10:35)Tool ‘dotnet-sonarscanner’ (version ‘5.13.0’) was successfully installed.
#step:10:36)SonarScanner for MSBuild 5.13
#step:10:37)Using the .NET Core version of the Scanner for MSBuild
#step:10:38)Pre-processing started.
#step:10:39)Preparing working directories…
#step:10:40)16:51:34.818 Updating build integration targets…
#step:10:41)16:51:35.374 Unauthorized: Access is denied due to invalid credentials. Please check the authentication parameters.
#step:10:42)16:51:35.391 Pre-processing failed. Exit code: 1
#step:10:43)

2

Hey there.

How have you configured your GitHub Actions? Feel free to share the YML here.

:warning: Make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported. :smiley:

3

Here is the full yaml

name: Application - Build

on:
  workflow_dispatch:
  push:
    branches:
      - main
    paths:
      - 'src/**'
      - '.github/workflows/app-build.yml'
      - '.github/workflows/app-deploy.yml'
      - '.github/workflows/app-release.yml'
      - '.github/workflows/app-app-deploy.yml'
      - '!**.md'
  pull_request:
    branches:
      - main
    paths:
      - 'src/**'
      - '.github/workflows/app-build.yml'
      - '!**.md'

env:
  APP_NAME: desp-topic-router
  ARTIFACTORY_NUGET_SOURCE: https://xxxx.jfrog.io/artifactory/api/nuget/v3/nuget-local
  ARTIFACTORY_API_KEY: ${{secrets.ARTIFACTORY_API_KEY}}
  ARTIFACTORY_USERNAME: ${{secrets.ARTIFACTORY_USERNAME}}
  DOTNET_VERSION: 6.0.x
  LANDING_ZONE: xx
  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

jobs:
  build:
    name: Build
    runs-on: [ self-hosted, kubernetes, on-prem ]
    defaults:
      run:
        working-directory: ./src

    steps:
      - name: Checkout 
        uses: actions/checkout@v2
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting
          fetch-depth: 0

      - name: Git Version
        id: vars
        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"

      - name: Setup config
        id: config
        uses: xxx/fst-landing-zone-set-context@v1
        with:
          landing-zone-name: ${{env.LANDING_ZONE}}
          environment: dev
          region: eastus2

      - name: Setup .NET Code SDK ${{env.DOTNET_VERSION}}
        uses: actions/setup-dotnet@v1.7.2
        with:
          dotnet-version: ${{env.DOTNET_VERSION}}
          
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: 1.11
          
      - name: Add nuget source
        run: dotnet nuget add source ${{env.ARTIFACTORY_NUGET_SOURCE}} -n Artifactory -u ${{env.ARTIFACTORY_USERNAME}} -p ${{env.ARTIFACTORY_API_KEY}} --store-password-in-clear-text
        shell: bash

      - name: Restore dependencies
        run: dotnet restore
        shell: bash

      - name: Sonarqube Begin
        run: |
         dotnet tool install --global dotnet-sonarscanner --version 5.12.0
         export PATH="$PATH:/home/runner/.dotnet/tools"
         dotnet sonarscanner begin /k:FST-DespTopicRouter /d:sonar.host.url=${{ secrets.SONAR_HOST_URL }} /d:sonar.login=${{ secrets.SONAR_TOKEN }} /d:sonar.dotnet.excludeTestProjects=true /s:$GITHUB_WORKSPACE/src/SonarQube.Analysis.xml
      # - name: SonarQube Scan
      #   uses: sonarsource/sonarqube-scan-action@master
      #   env:
      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      #     SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
      #   with:
      #     projectBaseDir: src
      #     args: >
      #       -Dsonar.projectKey=FST-DespTopicRouter

      - name: Build app
        run: dotnet build --configuration Release
        shell: bash

      - name: Run Unit Tests
        run: dotnet test ./xxx.Tests/*.csproj --no-restore --verbosity normal --settings coverlet.runsettings --logger:trx --results-directory ${{github.workspace}}/src/TestResults
        shell: bash

      # - name: End Sonar
      #   run: |
      #     export PATH="$PATH:/home/runner/.dotnet/tools"
      #     dotnet sonarscanner end /d:sonar.login=${{ secrets.SONAR_TOKEN }}
#      
      - name: Parse Trx files
        if: always()
        uses: NasAmin/trx-parser@v0.2.0
        id: trx-parser
        with:
          TRX_PATH: ${{github.workspace}}/src/TestResults
          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Publish app
        run: dotnet publish ./xxx/*.csproj --no-build -c Release -o ${{github.workspace}}/_publish
        shell: bash
        
      - name: Upload Artifact
        uses: actions/upload-artifact@v2
        with:
          name: ${{github.sha}}
          path: ${{github.workspace}}/_publish
        
    outputs:
      registry_name: ${{steps.config.outputs.registry_name}}
      landing_zone_name: ${{steps.config.outputs.name}}
      sha_short: ${{steps.vars.outputs.sha_short}}
        
  docker:
    name: Docker Login & Push
    runs-on: ubuntu-latest
    needs: [ build ]
    
    steps:
      - name: Checkout 
        uses: actions/checkout@v2
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting
          fetch-depth: 0
        
      - name: Docker login
        uses: docker/login-action@v1
        with:
          registry: ${{needs.build.outputs.registry_name}}
          username: ${{env.ARTIFACTORY_USERNAME}}
          password: ${{env.ARTIFACTORY_API_KEY}}
          
      - name: Download Publish Artifacts
        id: download
        uses: actions/download-artifact@v2
        with:
          name: ${{github.sha}}
          path: ./src/xxx/bin/publish

      - name: Docker Build and Push
        uses: docker/build-push-action@v2
        with:
          context: ./src/xxx
          push: true
          tags: |
            ${{needs.build.outputs.registry_name}}/fst/${{env.APP_NAME}}:latest
            ${{needs.build.outputs.registry_name}}/fst/${{env.APP_NAME}}:${{needs.build.outputs.sha_short}}
4

Thanks.

Comparing your setup to the in-UI tutorial, you might do well with some quotes surrounding /d:sonar.host.url=${{ secrets.SONAR_HOST_URL }}, like this:

dotnet sonarscanner begin /k:"fa" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}"

5

Changed to

      - name: Sonarqube Begin
        run: |
          dotnet tool install --global dotnet-sonarscanner
          export PATH="$PATH:/home/runner/.dotnet/tools"
          dotnet sonarscanner begin /k:"xxxx" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.dotnet.excludeTestProjects=true /s:$GITHUB_WORKSPACE/src/SonarQube.Analysis.xml

Getting the same error though

14:33:33.619  Updating build integration targets...
14:33:34.258  Unauthorized: Access is denied due to invalid credentials. Please check the authentication parameters.
14:33:34.277  Pre-processing failed. Exit code: 1
6

Hey there.

I made a mistaken – sonar.token doesn’t exist until v10.0. Try changing it back to sonar.login

          dotnet sonarscanner begin /k:"xxxx" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.dotnet.excludeTestProjects=true /s:$GITHUB_WORKSPACE/src/SonarQube.Analysis.xml

I would also suggest making sure that nothing in your src/SonarQube.Analysis.xml could be overriding the credentials.

7

Changed .token back to .login and checked the SonarQube.Analysis.xml file.
The same authentication error occurs.

8

any update on this one? I see the same issue

Starting: Prepare analysis on SonarQube

Task : Prepare Analysis Configuration
Description : Prepare SonarQube analysis configuration
Version : 5.15.0
Author : sonarsource
Help : Version: 5.15.0. More Information

C:_work_tasks\SonarQubePrepare_15b84ca1-b62f-4a2a-a403-89b77a063157\5.15.0\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe begin /k:*****.API.****
SonarScanner for MSBuild 5.13
Using the .NET Framework version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories…
14:30:33.588 Updating build integration targets…
##[error]14:30:33.714 Unauthorized: Access is denied due to invalid credentials. Please check the authentication parameters.
14:30:33.714 Unauthorized: Access is denied due to invalid credentials. Please check the authentication parameters.
##[error]14:30:33.745 Pre-processing failed. Exit code: 1
14:30:33.745 Pre-processing failed. Exit code: 1
##[error]The process ‘C:_work_tasks\SonarQubePrepare_15b84ca1-b62f-4a2a-a403-89b77a063157\5.15.0\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe’ failed with exit code 1
Finishing: Prepare analysis on SonarQube

9

I am having the same issue, did you found any work around ?