The workflow is not valid. .github/workflows/Main Workflow.yml (Line: 22, Col: 22):

Hello,
I added Main Workflow.yml file into my git repo and tried to run this file but it throws error like

Unexpected symbol: '2e4ce68d4e3feec97e992821e6391166943f4d49’
|GitHub Actions/ Main Workflow
Invalid workflow file
The workflow is not valid. .github/workflows/Main Workflow.yml (Line: 22, Col: 22): Unexpected symbol: ‘<hash_value>’. Located at position 9 within expression: secrets.<hash_value>|

My codes are below
sonar-scanner.properties

#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here
#----- Default SonarQube server
sonar.host.url=https://sonarcloud.io/
#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
sonar.organization=sahasudipta
sonar.projectKey=005e9d8a-15fe-46a2-8f4d-a4c706e4d732
#sonar.projectKey=ruko
sonar.projectName=Toolsdemo
sonar.projectVersion=1.0
sonar.sources=https://github.com/sahasudipta/Toolsdemo
sonar.sourceEncoding=UTF-8

AND

on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
name: Main Workflow
jobs:
sonarcloud:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@v1.3
env:
GITHUB_TOKEN: {{ secrets.d7c0952be1e24f019c97548bcc56a0f1057181e9 }} SONAR_TOKEN: {{ secrets.2e4ce68d4e3feec97e992821e6391166943f4d49 }}

What am I doing wrong? I tried to run this workflow many times but same result . Please help

Hello Sudipta,

In the env section, it looks like you have combined the GitHub secrets syntax with the literal values of your tokens.

You should define the secrets GITHUB_TOKEN and SONAR_TOKEN to hold the literal values and then use the variable substitution syntax like this:

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

See here, here, and here, for more details.

Alternatively, you could use the literal tokens directly in your YML file, like this:

env:
  GITHUB_TOKEN: d7c0952be1e24f019c97548bcc56a0f1057181e9
  SONAR_TOKEN: 2e4ce68d4e3feec97e992821e6391166943f4d49

But this is not good practice and should be avoided.