We are integrating sonarcloud with gitlab; all our repositories are private. We are using a token generated by us, the same for all the projects and that token is defined as a group variable on gitlab. For some reason the token stored on sonarcloud is changing and the sonar check job fails due to authentication failure, as expected.
We tried to solve the issue overriding the token on sonarcloud but for some reason gets changed to a random token again
As we cannot figure out why this is happening, could you please indicate any reasons you believe might be causing this issue?
CI system used
GitLab CI/CD
Scanner command used when applicable
Maven integration as described in the documentation
Environment variables in GitLab CI/CD at group level (same for all projects)
Languages of the repository
Java
Error observed
The execution of the sonar check on the pipeline is behaving as expected because the environment variable SONAR_TOKEN is not different for the Token defined in sonarcloud web UI
Potential workaround
Delete the project from the organisation on sonarcloud and create the project again (as you can imagine we can’t go on like this)
Could you clarify what you mean by ‘overriding the token on SonarCloud’ and how you are doing that?
I invite you, if you haven’t done so yet, to go over this documentation page.
By design and for security reasons, generated tokens are shown once. That is why when you go through the tutorial page another time you are proposed to generate a new token.
When it comes to onboarding additional projects, I expect you would not need to trigger the tutorial for each project, but can simply run your CIs provided the SonarCloud token is correct and the permissions to the target project are correct.
I wonder if you have any ideas of what I could look into in order to explain (and fix) why for no apparent reason, SonarCloud returns authorisation error. I say for no apparent reason because I’m sure the token in GitLab hasn’t change and the token in SonarCloud project hasn’t change either. I wonder if something on the GitLab side could make SonarCloud unhappy about the token we are sending. I’ve looked everywhere I could think of (without judging whether it made sense or not) on the side of pipelines definition, project code/dependencies and I couldn’t find anything that could have introduced the problem. A bit of inspiration would be very helpful
If the error is truly an authorization error (and not an authentication error), then you may want to check what permissions the user owning the token you are using is entitled to on the targeted projects. I would typically check the ‘execute analysis permission’ for instance.