SonarCloud Pull Request Run not working

SonarCloud
, ,
21

Hi @hitika26

You don’t need to provide a value with the flag --location. To confirm, if a valid PAT is provided, you will get information back from running the command. If not, no info will be returned. Additionally, with the --verbose flag, you can see more info about unauthorized access.

This is an example of a command using a dummy PAT I ran locally using --verbose (I removed some non relevant info) with fails with a 401 Unauthorized response.

curl --location --request GET <URL> --header 'Authorization: BASIC dummy' --verbose
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying x.x.x.x:443...
* Connected to dev.azure.com (x.x.x.x) port 443 (#0)
...
* Server certificate:
*  subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=dev.azure.com
*  start date: Feb 21 17:47:20 2023 GMT
*  expire date: Feb 16 17:47:20 2024 GMT
*  subjectAltName: host "dev.azure.com" matched cert's "dev.azure.com"
*  issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 05
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
...
* Using Stream ID: 1 (easy handle 0x7f9153811400)
> GET <URL> HTTP/2
> Host: dev.azure.com
> user-agent: curl/7.86.0
> accept: */*
> authorization: BASIC dummy
>
< HTTP/2 401 <----- Unauthorized
...

If the PAT provided in the curl command doesn’t work, it will confirm the problem is with the PAT.

Another interesting thing to notice, the URL I sent you should authenticate you with Azure DevOps, which makes me think your user might not have indeed access to this PR. If your user is the one creating the PAT, perhaps that’s why it’s failing.

Other than the curl command, could you please check on your side if another user with more privileges can create the PAT?

You can check here the documentation about how to setup the connection with the required permissions and configuration in Azure DevOps for SonarCloud. In particular, please review the sections Location of Personal Access Tokens in SonarCloud and Use a technical user.

Let me know your findings,