Travis plugin is failing on external pull request

As asked by @Fabrice_Bellingard, I open a topic here.

We are using Travis as CI on the TestNG projects and the SonarCloud plugin is working well on the master branch but not at all on external pull-requests (we didn’t check with internal pull-requests).

The error is:

Unable to execute SonarQube: Fail to get bootstrap index from server: Failed to connect to localhost/ Connection refused

For example, or


1 Like

What’s really weird is that it looks like the SonarCloud Travis Add-on is not loaded during the execution of the build (which explains that the scanner for Maven tries to reach localhost), whereas it seems correctly defined in the Travis YML file.

@dmeneses Do you mind taking a look at this? I’m sure I missed something.

I confirm that it looks like the addon didn’t run at all.
The expected behavior is: the addon should run, see that it’s an unsecure environment and instruct the scanner to skip the analysis (without failing).
I’ve pulled the latest changes in travis-build to check our ITs against it but they are now broken.
I will fix it next week and check if something changed in Travis’ side regarding unsecured builds.

Hi Julien,

Meanwhile, as a workaround, you can define your script with something like this (not tested):

if [ "$TRAVIS_SECURE_ENV_VARS" = true ]; then
   mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install sonar:sonar
  mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install

This is actually the expected behavior since the sonarcloud addon is currently only running in secured environments for security reasons.
Travis will therefore skip it entirely in external (unsecured) pull requests.

Ok, it was my supposition too.

Do you think it is possible that the sonarcloud addon will configure sonar.skip to true in insecure environments?
Otherwise, we have to define a script like you proposed the last time (and maybe it should be documented somewhere).

Actually @Fabrice_Bellingard just reminded me that we changed it at some point, currently it should be the addon to skip the analysis, as you suggest.
There has probably been a regression in Travis, which is skipping the addon in unsecure environments as if the plugin wasn’t safe for such environments.
I’ve created a ticket to track this problem and I’ll check with Travis what’s the situation:

Thanks for reporting it!



The workaround did not work for me. Nevertheless, I’ve investigated the issue, was able to solve it and would like to share my solution.


if [ "${SONAR_SCANNER_HOME}" != "" ]; then
    COMMAND="mvn --batch-mode -q clean org.jacoco:jacoco-maven-plugin:prepare-agent install sonar:sonar -Dsonar.projectKey=citrus"
    COMMAND="mvn --batch-mode -q clean install"

echo ${COMMAND}

Here is the issue concerning this in our project:


There is request for support external pull request

I think good idea is vote for this issue.

1 Like