I have been trying to setup SonarCloud Pull request analysis for a GitHub repos of ours. The pull request analysis seems to work fine with the pull request source branch is in the original repo; but when the pull request is created from a fork it seems to fail with the following error;
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project jhonline: Parameter 'sonar.pullrequest.branch' is mandatory for a pull request analysis -> [Help 1]
Below is a GitHub action triggered by a pull request where this failure can be seen;
Also I tried adding the sonar.pullrequest.branch as the error suggests. Then I get a different error;
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project jhonline: You're not authorized to run analysis. Please contact the project administrator. -> [Help 1]
I think both issues you have are related having an incorrect SONAR_TOKEN. The most probable explanation is that the user that generated the SONAR_TOKEN environment variable does not have the permission to scan the project.
You can generate a new token here, if youâre part of the jhipster organization on SonarCloud you can check which users have the correct permissions here.
@TomVanBraband: Thanks much for your quick response. Appreciate it. Sure I can try changing the token; but I am wondering then why does it only not working for pull requests from forks? The pull requests created within the repo branches (not from forks) seems to work fine. If the token is wrong shouldnât it be not working for both cases?
You are right, I did not see that it only fails for external PRs.
GitHub does not make secrets available for external PRs (from forked projects). This is to prevent people from stealing the secrets by just logging them to sysout.
We currently do not support an analysis that was triggered from an external PR, but we are planning to do so in the future. You can follow the progress on this ticket.
