SonarSource/sonarcloud-github-action 403

In our Github Enterprise pipeline we use the action SonarSource/sonarcloud-github-action

Since the latest update v3.1.0 we get a 403 error

We use an ubuntu runner.
The usage of the action is pretty standard:

- name: SonarCloud Scan
        uses: sonarsource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONARCLOUD_URL: ${{ secrets.SONAR_HOST_URL }}

This is the error:

java.lang.IllegalStateException: Error status returned by url [https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64]: 403
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:163)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callApi(ScannerHttpClient.java:126)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callRestApi(ScannerHttpClient.java:104)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.getJreMetadata(JavaRunnerFactory.java:159)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.getJreFromServer(JavaRunnerFactory.java:138)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.createRunner(JavaRunnerFactory.java:85)
	at org.sonarsource.scanner.lib.internal.ScannerEngineLauncherFactory.createLauncher(ScannerEngineLauncherFactory.java:53)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:123)
	at org.sonarsource.scanner.cli.Main.analyze(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:63)

We have downgraded to version 3.0.0 and it works again

Any idea on why could this be happening?
I have seen another post related to this 403 error but as this happened specifically due to the update of the action I considered better to open a new thread.

Thanks

Hi @jvfresco

Thanks for raising this issue.
We are investigating it, and we will come back to you with more information.

Thank you for your patience,
Claire

Hi @jvfresco

Would you mind trying to remove the SONARCLOUD_URL: ${{ secrets.SONAR_HOST_URL }} line from your pipeline, and also remove the SONAR_HOST_URL secret?
This is all useless since this action is made to analyze with SonarCloud.

This should not have any impact, but who knows (and your pipeline will be cleaner anyway).