Hey Przemek, Let me check that for you
I believe it isn’t specifically related to Bitbucket. The SSO runs through Atlassian Access or Atlassian ID
The app is called “Atlassian Cloud” Here is the app page Here is more documentation about it
I hope it’s helpful.
PS. It’s worth mentioning that this setup used to work and stopped at some point. Unfortunately, I’m unable to say when exactly.
I’m not sure I’m getting you correctly. Let me describe the setup.
Is your Bitbucket repository already bound to your existing project?
We have existing projects in Bitbucket and Bitbucket pipeline reports to existing SonarCloud project
Example
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=ansarada_serverless-platform-account-data-migration&branch=master
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AXTcMs4oxXUEPJu5ZEXN
INFO: Analysis total time: 13.734 s
But I’m unable to set up the widget for in the project mentioned above.
Summary
What works
Bitbucket pipeline reports successfully code analysis to SonatCloud project.
What does not work
Unable to set up the widget as Bitbucket SonarCloud setting page falls into the infinite loop and is unable to authenticate a user to select existing SonarCloud project.
It’s not very clear to me what it means to setup the widget.
Let me try to explain things from a different angle.
The recommended path to integrate a new repository in an existing Bitbucket Cloud organization with SonarCloud:
Go to the SonarCloud UI
Click the plus icon in the top-right corner, and select Analyze new project
Select the already imported Bitbucket Cloud organization
Tick the box for the new repository to integrate
The widget should not be used in this scenario. The project selector in the widget exists today for the use case when the repository was already analyzed by SonarCloud, has significant history you don’t want to lose, and you would like to integrate. Since SonarCloud UI is not able to support this scenario by itself, the widget can be used to make the connection between the project on SonarCloud and the repository on Bitbucket Cloud.
What is still not clear to me is which use case is yours. Are you integrating the Bitbucket Cloud repo for the first time, or has it already been integrated previously. If you’re starting to integrate this repository now, then I recommend to delete the existing project on SonarCloud, and follow the recommended path I described above. This path doesn’t require to touch anything in the widget settings on Bitbucket Cloud side. If you’ve been using this integration already, then I you don’t need to worry about the widget settings at all.
I hope this clarifies the purpose of the widget settings. I suspect you don’t really need this settings.
However, the fact that the widget settings asks you to login is an indicator of a problem. And I suspect the problem you are having is that the widget is not displayed on the repository, and that’s what you’d like to fix. I also suspect your repository is private. Please confirm these assumptions.
We have a good idea of this problem. It seems browsers are gradually releasing stricter policies for the SameSite attribute of cookies. This makes them not include the SonarCloud session cookies when the Bitbucket Cloud UI is making requests to SonarCloud. We’re working on a fix for this issue, and we expect to deploy it very soon.
Let me know if this makes sense, or if you think it doesn’t match your situation somehow.
Let’s continue after Oct 12th, and I’m on holiday next week.
Would it be possible to have a call?
I also suspect your repository is private
Yes, it’s private under Ansarada organisation.
What is still not clear to me is which use case is yours.
My repository was integrated some time ago, and I’m not very keen on losing SonarCloud history.
Some other notes
We have over 100 Bitbucket projects integrated with SonarCloud, and most of them present widgets correctly. Like the screenshot above for licensing project
We have a few Bitbucket projects integrated with SonarCloud already that we did not set up widget in the past. The issue I’m describing is for these few projects. We want to enable the widget for these projects.
I see: we’re talking about existing projects on SonarCloud, that were not bound using the modern way (plus icon, Analyze new project, and so on). In this case you do need the widget, it’s the only way to make the connection between the Bitbucket Cloud repos and existing SonarCloud projects.
The fix for the cookie forwarding issue is in progress, which should fix the widget settings to show the list of projects correctly, when you are logged into SonarCloud. I’ll update this thread when that’s ready.
Update
The fix is in production (since Oct 2): the session cookies use an explicit SameSite: None.