Sonarqube-quality-gate-action 401 error exit code 22

Must-share information:

  • which versions are you using: 9.9.0.65466
  • how is SonarQube deployed: Docker
  • what are you trying to achieve: Add sonarqube-quality-gate-action to my build.yml file
  • what have you tried so far to achieve this: sonarqube-scan-action@master works fine, my PR report show up on my sonarqube branch/PR options and it detects things correctly, but as soon as I add sonarqube-quality-gate-action@master to the yml file I get the error:
curl: (22) The requested URL returned error: 401
Error: Process completed with exit code 22.

Here is my git action response:

Run sonarsource/sonarqube-scan-action@master
  with:
    projectBaseDir: .
  env:
    SONAR_TOKEN: ***
    SONAR_HOST_URL: ***
/usr/bin/docker run --name c04425410372005764917a3f6b993e7b02ce0_afe86a --label 6c0442 --workdir /github/workspace --rm -e "SONAR_TOKEN" -e "SONAR_HOST_URL" -e "INPUT_ARGS" -e "INPUT_PROJECTBASEDIR" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true --entrypoint "/entrypoint.sh" -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/boostr-frontend/boostr-frontend":"/github/workspace" 6c0442:5410372005764917a3f6b993e7b02ce0
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /github/workspace/sonar-project.properties
INFO: SonarScanner 4.8.0.2856
INFO: Java 11.0.18 Alpine (64-bit)
INFO: Linux 5.15.0-1034-azure amd64
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Analyzing on SonarQube server 9.9.0.65466
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=373ms
INFO: Server id: 5A6367D0-AYMEWgiVNo9RGfOzNm0x
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=136ms
INFO: Load/download plugins (done) | time=7717ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=12ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: boostr-frontend
INFO: Base dir: /github/workspace
INFO: Working dir: /github/workspace/.scannerwork
INFO: Load project settings for component key: 'boostr-frontend'
INFO: Load project settings for component key: 'boostr-frontend' (done) | time=80ms
INFO: Load project branches
INFO: Load project branches (done) | time=70ms
INFO: Load branch configuration
INFO: Detected branch/PR in 'GitHub Action'
INFO: Auto-configuring pull request '6660'
INFO: Load branch configuration (done) | time=7ms
INFO: Auto-configuring with CI 'Github Actions'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=119ms
INFO: Load active rules
INFO: Load active rules (done) | time=3845ms
INFO: Load analysis cache
INFO: Load analysis cache | time=739ms
INFO: Pull request 6660 for merge into develop from sonarqube-github-integration
INFO: Load project repositories
INFO: Load project repositories (done) | time=126ms
INFO: SCM collecting changed files in the branch
INFO: Merge base sha1: b7982443a80903fc0150f381e27f5dc512ea2ea2
INFO: SCM collecting changed files in the branch (done) | time=282ms
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: **/node_modules/**, **/*.spec.ts # only collect these for test-coverage
INFO:   Included tests: **/*.spec.ts # only collect these for test-coverage
INFO:   Excluded sources for coverage: src/app/v1/**, src/assets/**, src/environments/**, src/app/**/*.html, src/app/**/*.scss
INFO: Some of the project files were automatically excluded because they looked like generated code. Enable debug logging to see which files were excluded. You can disable bundle detection by setting sonar.javascript.detectBundles=false
INFO: 4163 files indexed
INFO: 4164 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for css: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for ts: TS Boostr
INFO: Quality profile for web: HTML Boostr
INFO: ------------- Run sensors on module boostr-frontend
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=75ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=4ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=13ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor HTML [web]
INFO: Sensor HTML is restricted to changed files only
INFO: Sensor HTML [web] (done) | time=206ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Sensor TextAndSecretsSensor is restricted to changed files only
INFO: Sensor TextAndSecretsSensor [text] (done) | time=17ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=6ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=16ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor JavaScript analysis [javascript]
INFO: 385 source files to be analyzed
INFO: 385/385 source files have been analyzed
INFO: Hit the cache for 385 out of 385
INFO: Miss the cache for 0 out of 385
INFO: Sensor JavaScript analysis [javascript] (done) | time=5587ms
INFO: Sensor TypeScript analysis [javascript]
INFO: Found 1 tsconfig.json file(s): [/github/workspace/tsconfig.json]
INFO: Creating TypeScript program
INFO: TypeScript configuration file /github/workspace/tsconfig.json
INFO: 2236 source files to be analyzed
INFO: Creating TypeScript program (done) | time=4689ms
INFO: Starting analysis with current program
INFO: Analyzed 2236 file(s) with current program
INFO: 2236/2236 source files have been analyzed
INFO: Hit the cache for 2236 out of 2236
INFO: Miss the cache for 0 out of 2236
INFO: Sensor TypeScript analysis [javascript] (done) | time=5824ms
INFO: Sensor CSS Rules [javascript]
INFO: Sensor CSS Rules is restricted to changed files only
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=3ms
INFO: Sensor JavaScript/TypeScript Coverage [javascript]
INFO: No LCOV files were found using coverage/lcov.info
WARN: No coverage information will be saved because all LCOV files cannot be found.
INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=273ms
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=3ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=31ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: Sensor IaC Docker Sensor is restricted to changed files only
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=96ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=2ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=2ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /github/workspace/.scannerwork/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=2ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /github/workspace/.scannerwork/ir/python
INFO: No IR files have been included for analysis.
INFO: Sensor pythonbugs [dbd] (done) | time=2ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=3ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/ucfg_cs2
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/js
INFO: 10:44:22.4556 Building Runtime Type propagation graph
INFO: 10:44:22.75596 Running Tarjan on 35862 nodes
INFO: 10:44:22.788089 Tarjan found 35862 components
INFO: 10:44:22.850549 Variable type analysis: done
INFO: 10:44:22.853157 Building Runtime Type propagation graph
INFO: 10:44:23.090865 Running Tarjan on 35862 nodes
INFO: 10:44:23.14313 Tarjan found 35862 components
INFO: 10:44:23.194835 Variable type analysis: done
INFO: Analyzing 7217 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 386
INFO: Running symbolic analysis for 'JS'
INFO: Taint analysis: done.
INFO: Sensor JsSecuritySensor [security] (done) | time=8137ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=2ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=22ms
INFO: CPD Executor 779 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 1842 files
INFO: CPD Executor CPD calculation finished (done) | time=644ms
INFO: SCM writing changed lines
INFO: Merge base sha1: b7982443a80903fc0150f381e27f5dc512ea2ea2
INFO: SCM writing changed lines (done) | time=37ms
INFO: Analysis report generated in 389ms, dir size=618.9 kB
INFO: Analysis report compressed in 1392ms, zip size=1.1 MB
INFO: Analysis report uploaded in 474ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: ***/dashboard?id=boostr-frontend&pullRequest=6660
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at ***/api/ce/task?id=AYcs-CCBlJJ1z-aTg6nB
INFO: Time spent writing ucfgs 0ms
INFO: Analysis total time: 42.683 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 54.072s
INFO: Final Memory: 232M/543M
INFO: ------------------------------------------------------------------------
Run sonarsource/sonarqube-quality-gate-action@master
  with:
    scanMetadataReportFile: .scannerwork/report-task.txt
  env:
    SONAR_TOKEN: ***
Run $GITHUB_ACTION_PATH/script/check-quality-gate.sh .scannerwork/report-task.txt
  $GITHUB_ACTION_PATH/script/check-quality-gate.sh .scannerwork/report-task.txt
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    SONAR_TOKEN: ***
  
curl: (22) The requested URL returned error: 401
Error: Process completed with exit code 22.

Here is the yml file:

name: SonarQube

on:
  push:
    branches: [master, develop, staging]
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  build:
    name: Scan & Quality Gate
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting.
        fetch-depth: 0

    # Triggering SonarQube analysis as results of it are required by Quality Gate check.
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@master
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

    # Check the Quality Gate status.
    - name: SonarQube Quality Gate check
      id: sonarqube-quality-gate-check
      uses: sonarsource/sonarqube-quality-gate-action@master
      # Force to fail step after specific time.
      timeout-minutes: 5
      env:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} #OPTIONAL

    # Optionally you can use the output from the Quality Gate in another step.
    # The possible outputs of the `quality-gate-status` variable are `PASSED`, `WARN` or `FAILED`.
    - name: "Example show SonarQube Quality Gate Status value"
      run: echo "The Quality Gate status is ${{ steps.sonarqube-quality-gate-check.outputs.quality-gate-status }}"

Found the problem!
The Sonar Token was expired, but that doesn’t explain why/how the scan was still working tho… I hope it’s not some sort of security issue

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.