SonarCloud Pull Request Analysis fon GitHub Error

Hi there,

I have been trying to setup SonarCloud Pull request analysis for a GitHub repos of ours. The pull request analysis seems to work fine with the pull request source branch is in the original repo; but when the pull request is created from a fork it seems to fail with the following error;

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project jhonline: Parameter 'sonar.pullrequest.branch' is mandatory for a pull request analysis -> [Help 1]

Below is a GitHub action triggered by a pull request where this failure can be seen;

Also I tried adding the sonar.pullrequest.branch as the error suggests. Then I get a different error;

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project jhonline: You're not authorized to run analysis. Please contact the project administrator. -> [Help 1]

The CI run relevant to adding the sonar.pullrequest.branch can be found here; https://github.com/jhipster/jhipster-online/runs/965109060

I also saw that there is another thread for gradle which has a similar error; but not sure if this one and that one are the same thing.

Any help on this will be greatly appreciated.

Thank you,
Sudharaka.

Hello @SudharakaP,

I think both issues you have are related having an incorrect SONAR_TOKEN. The most probable explanation is that the user that generated the SONAR_TOKEN environment variable does not have the permission to scan the project.

You can generate a new token here, if you’re part of the jhipster organization on SonarCloud you can check which users have the correct permissions here.

Hope that helps

@TomVanBraband: Thanks much for your quick response. Appreciate it. Sure I can try changing the token; but I am wondering then why does it only not working for pull requests from forks? The pull requests created within the repo branches (not from forks) seems to work fine. If the token is wrong shouldn’t it be not working for both cases? :thinking:

You are right, I did not see that it only fails for external PRs.
GitHub does not make secrets available for external PRs (from forked projects). This is to prevent people from stealing the secrets by just logging them to sysout.

We currently do not support an analysis that was triggered from an external PR, but we are planning to do so in the future. You can follow the progress on this ticket.

2 Likes

@TomVanBraband : Thanks much for the information. :smile:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.