SonarSource/sonarqube-scan-action@v4 fails with 403

I have a C++ (cmake) project on GitHub.
I created the following configuration GH workflow:

name: SonarCube analysis

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  sonarcube:
    name: SonarCloud Analysis
    runs-on: ubuntu-latest
    container: ghcr.io/${{ github.repository }}:latest
    env:
      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Install build wrapper
        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v4
      - name: Run build wrapper
        run: |
          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make coverage
      - name: Run SonarCloud scan
        uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          args: >
            --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"

The make coverage runs cmake, ninja and ctest -T Tests -T Coverage.

The sonar action fails with:
ERROR Error during SonarScanner CLI execution java.lang.IllegalStateException: Error status returned by url [https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64]: 403

I’m pretty sure it used to work before as I have a few successful builds.

Detailed log:

Run SonarSource/sonarqube-scan-action@v4
  with:
    args: --define sonar.cfamily.compile-commands="build_wrapper_output_directory/compile_commands.json"
  
    scannerVersion: 6.2.1.4610
    scannerBinariesUrl: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
  env:
    BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
    SONAR_HOST_URL: https://sonarcloud.io
    SONAR_TOKEN: ***
Run ${GITHUB_ACTION_PATH}/scripts/sanity-checks.sh
  ${GITHUB_ACTION_PATH}/scripts/sanity-checks.sh
  shell: bash --noprofile --norc -e -o pipefail {0}
  env:
    BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
    SONAR_HOST_URL: https://sonarcloud.io
    SONAR_TOKEN: ***
    INPUT_PROJECTBASEDIR: 
Run actions/cache@v4
  with:
    path: /home/runner/work/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64
    key: sonar-scanner-cli-6.2.1.4610-Linux-X64
    enableCrossOsArchive: false
    fail-on-cache-miss: false
    lookup-only: false
    save-always: false
  env:
    BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
    SONAR_HOST_URL: https://sonarcloud.io
    SONAR_TOKEN: ***
    SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
/usr/bin/docker exec  4c1c6433898748bd5670898bc4c0e5de8079fdfa0fc8b6e6b9c768e4ea44c895 sh -c "cat /etc/*release | grep ^ID"
Cache hit for: sonar-scanner-cli-6.2.1.4610-Linux-X64
Received 58008995 of 58008995 (100.0%), 72.9 MBs/sec
Cache Size: ~55 MB (58008995 B)
/usr/bin/tar -xf /__w/_temp/ab7fbedc-da20-48c4-9afe-10af1072f325/cache.tgz -P -C /__w/r4r/r4r -z
Cache restored successfully
Cache restored from key: sonar-scanner-cli-6.2.1.4610-Linux-X64
Run echo "${RUNNER_TEMP}/sonar-scanner-cli-6.2.1.4610-Linux-X64/bin" >> $GITHUB_PATH
  echo "${RUNNER_TEMP}/sonar-scanner-cli-6.2.1.4610-Linux-X64/bin" >> $GITHUB_PATH
  shell: bash --noprofile --norc -e -o pipefail {0}
  env:
    BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
    SONAR_HOST_URL: https://sonarcloud.io
    SONAR_TOKEN: ***
Run ${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner-cli.sh --define sonar.cfamily.compile-commands="build_wrapper_output_directory/compile_commands.json"
  ${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner-cli.sh --define sonar.cfamily.compile-commands="build_wrapper_output_directory/compile_commands.json"
  shell: bash --noprofile --norc -e -o pipefail {0}
  env:
    BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
    SONAR_HOST_URL: https://sonarcloud.io
    SONAR_TOKEN: ***
    INPUT_PROJECTBASEDIR: 
    SONAR_SCANNER_JRE: /home/runner/work/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64/jre
+ sonar-scanner --define sonar.cfamily.compile-commands=build_wrapper_output_directory/compile_commands.json
09:10:11.939 INFO  Scanner configuration file: /__w/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64/conf/sonar-scanner.properties
09:10:11.943 INFO  Project root configuration file: /__w/r4r/r4r/sonar-project.properties
09:10:11.973 INFO  SonarScanner CLI 6.2.1.4610
09:10:11.975 INFO  Java 17.0.12 Eclipse Adoptium (64-bit)
09:10:11.976 INFO  Linux 6.8.0-1021-azure amd64
09:10:12.004 INFO  User cache: /root/.sonar/cache
09:10:12.649 INFO  JRE provisioning: os[linux], arch[x86_64]
09:10:13.637 INFO  EXECUTION FAILURE
09:10:13.639 INFO  Total time: 1.703s
09:10:13.639 ERROR Error during SonarScanner CLI execution
java.lang.IllegalStateException: Error status returned by url [https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64]: 403
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:163)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callApi(ScannerHttpClient.java:126)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callRestApi(ScannerHttpClient.java:104)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.getJreMetadata(JavaRunnerFactory.java:159)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.getJreFromServer(JavaRunnerFactory.java:138)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.createRunner(JavaRunnerFactory.java:85)
	at org.sonarsource.scanner.lib.internal.ScannerEngineLauncherFactory.createLauncher(ScannerEngineLauncherFactory.java:53)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:123)
	at org.sonarsource.scanner.cli.Main.analyze(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:63)
09:10:13.642 ERROR 
09:10:13.642 ERROR Re-run SonarScanner CLI using the -X switch to enable full debug logging.
Error: Process completed with exit code 1.

Hey there!

Does the user for whom you’ve generated the token (being supplied to SONAR_TOKEN) have Execute Analysis permissions on the project? (docs).

Yes, the execute analysis permissions is set correctly. With no changes to any settings in the cloud app nor in the workflow, it resumed working.