Wrong error message from sonar-scanner on invalid GitLab Access Token

Hello,

I have a project in GitLab-CI that runs sonar-scanner, and it works well since several months now.

But I discovered today that if I try to convert my pipeline to a merge request pipeline, then it fails.

The GitLab job itself is not modified, it fails if I add to my GitLab yaml file:

workflow:
  rules:
    # run on push to a branch (that must be) associated to a merge request
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

then I get the error Project not found which is a false error message in my opinion (look at the call stack) since not only SONAR_TOKEN is accessible (I can echo it in the CI job) but the logs seem to confirm sonar-scanner can actually find the project.

Here’s the full output:

$ sonar-scanner -X
16:46:13.252 INFO: Scanner configuration file: C:\GitLab-Runner\sonar\sonar-scanner-5.0.1.3006-windows\bin\..\conf\sonar-scanner.properties
16:46:13.269 INFO: Project root configuration file: C:\GitLab-Runner\builds\syEyNXLf\0\lupindental\arsene\software\common\lupin_core\sonar-project.properties
16:46:13.283 INFO: SonarScanner 5.0.1.3006
16:46:13.283 INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
16:46:13.283 INFO: Windows Server 2022 10.0 amd64
16:46:13.362 DEBUG: keyStore is : 
16:46:13.362 DEBUG: keyStore type is : pkcs12
16:46:13.362 DEBUG: keyStore provider is : 
16:46:13.362 DEBUG: init keystore
16:46:13.362 DEBUG: init keymanager of type SunX509
16:46:13.456 DEBUG: Create: C:\.sonar\cache
16:46:13.466 INFO: User cache: C:\.sonar\cache
16:46:13.466 DEBUG: Create: C:\.sonar\cache\_tmp
16:46:13.468 DEBUG: Extract sonar-scanner-api-batch in temp...
16:46:13.470 DEBUG: Get bootstrap index...
16:46:13.470 DEBUG: Download: https://sonarcloud.io/batch/index
16:46:13.750 DEBUG: Get bootstrap completed
16:46:13.767 DEBUG: Create isolated classloader...
16:46:13.812 DEBUG: Start temp cleaning...
16:46:13.844 DEBUG: Temp cleaning done
16:46:13.856 INFO: Analyzing on SonarCloud
16:46:13.856 INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is platform dependent)
16:46:13.858 DEBUG: Work directory: C:\GitLab-Runner\builds\syEyNXLf\0\lupindental\arsene\software\common\lupin_core\.scannerwork
16:46:13.858 DEBUG: Execution execute
16:46:14.017 DEBUG: JVM max available memory: 7 GB
16:46:14.049 DEBUG: SonarCloud 10.6.0.2114
16:46:14.143 DEBUG: Sonar User Home: C:\.sonar
16:46:14.143 DEBUG: Initialize DefaultScannerWsClient
16:46:14.190 DEBUG: Successfully loaded KeyStore of the type [Windows-ROOT] having [26] entries
16:46:14.206 DEBUG: Successfully loaded KeyStore of the type [Windows-ROOT-LOCALMACHINE] having [26] entries
16:46:14.220 DEBUG: Successfully loaded KeyStore of the type [Windows-ROOT-CURRENTUSER] having [26] entries
16:46:14.221 DEBUG: Successfully loaded KeyStore of the type [Windows-MY] having [0] entries
16:46:14.224 DEBUG: Successfully loaded KeyStore of the type [Windows-MY-CURRENTUSER] having [0] entries
16:46:14.225 DEBUG: Successfully loaded KeyStore of the type [Windows-MY-LOCALMACHINE] having [0] entries
16:46:14.226 DEBUG: Loaded [78] system trusted certificates
16:46:14.284 INFO: Load global settings
16:46:14.300 DEBUG: --> GET https://sonarcloud.io/api/settings/values.protobuf
16:46:14.439 DEBUG: <-- 200 https://sonarcloud.io/api/settings/values.protobuf (135ms, unknown-length body)
16:46:14.447 INFO: Load global settings (done) | time=162ms
16:46:14.450 INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
16:46:14.451 DEBUG: Initialize DownloadPluginsScannerWsClient
16:46:14.462 DEBUG: Successfully loaded KeyStore of the type [Windows-ROOT] having [26] entries
16:46:14.474 DEBUG: Successfully loaded KeyStore of the type [Windows-ROOT-LOCALMACHINE] having [26] entries
16:46:14.478 DEBUG: Successfully loaded KeyStore of the type [Windows-ROOT-CURRENTUSER] having [26] entries
16:46:14.488 DEBUG: Successfully loaded KeyStore of the type [Windows-MY] having [0] entries
16:46:14.490 DEBUG: Successfully loaded KeyStore of the type [Windows-MY-CURRENTUSER] having [0] entries
16:46:14.491 DEBUG: Successfully loaded KeyStore of the type [Windows-MY-LOCALMACHINE] having [0] entries
16:46:14.491 DEBUG: Loaded [78] system trusted certificates
16:46:14.494 DEBUG: User cache: C:\.sonar\cache
16:46:14.498 INFO: Loading required plugins
16:46:14.498 INFO: Load plugins index
16:46:14.499 DEBUG: --> GET https://sonarcloud.io/api/plugins/installed
16:46:14.521 DEBUG: <-- 200 https://sonarcloud.io/api/plugins/installed (26ms, unknown-length body)
16:46:14.552 INFO: Load plugins index (done) | time=54ms
16:46:14.554 INFO: Load/download plugins
16:46:14.568 INFO: Load/download plugins (done) | time=14ms
16:46:14.573 DEBUG: Plugins not loaded because they are optional: [abap, sonarapex, csharp, cpp, cobol, dbd, dbdjavafrontend, dbdpythonfrontend, flex, go, web, java, javascript, kotlin, php, pli, plsql, rpg, ruby, sonarscala, swift, tsql, vbnet, vb, security, securitycsharpfrontend, securityjsfrontend, securityjavafrontend, securityphpfrontend, securitypythonfrontend]
16:46:14.584 DEBUG: Plugins loaded:
16:46:14.584 DEBUG:   * License for SonarLint 8.0.0.55018 (license)
16:46:14.588 DEBUG:   * Python Code Quality and Security 4.18.0.15334 (python)
16:46:14.588 DEBUG:   * XML Code Quality and Security 2.10.0.4108 (xml)
16:46:14.588 DEBUG:   * JaCoCo 1.3.0.1538 (jacoco)
16:46:14.588 DEBUG:   * IaC Code Quality and Security 1.31.0.10579 (iac)
16:46:14.588 DEBUG:   * Text Code Quality and Security 2.10.0.2188 (text)
16:46:14.588 DEBUG: --> GET https://sonarcloud.io/api/server/version
16:46:14.600 DEBUG: <-- 200 https://sonarcloud.io/api/server/version (23ms, 11-byte body)
16:46:14.612 DEBUG: Updated analysis started with a difference of -10 milliseconds
16:46:14.616 DEBUG: Started at Mon Jun 10 16:46:14 CEST 2024
16:46:14.757 DEBUG: register org.eclipse.jgit.util.FS$FileStoreAttributes$$Lambda$281/0x00000008012ef8f0@59496961 with shutdown hook
16:46:14.773 INFO: Found an active CI vendor: 'Gitlab CI'
16:46:14.790 INFO: Load project settings for component key: 'lupindental_lupin_core'
16:46:14.790 DEBUG: --> GET https://sonarcloud.io/api/settings/values.protobuf?component=lupindental_lupin_core
16:46:14.836 DEBUG: <-- 200 https://sonarcloud.io/api/settings/values.protobuf?component=lupindental_lupin_core (48ms, unknown-length body)
16:46:14.840 INFO: Load project settings for component key: 'lupindental_lupin_core' (done) | time=50ms
16:46:14.843 INFO: Process project properties
16:46:14.852 DEBUG: Process project properties (done) | time=9ms
16:46:14.856 INFO: Project key: lupindental_lupin_core
16:46:14.856 INFO: Base dir: C:\GitLab-Runner\builds\syEyNXLf\0\lupindental\arsene\software\common\lupin_core
16:46:14.856 INFO: Working dir: C:\GitLab-Runner\builds\syEyNXLf\0\lupindental\arsene\software\common\lupin_core\.scannerwork
16:46:14.856 DEBUG: Project global encoding: windows-1252, default locale: en_US
16:46:14.857 DEBUG: Creating module hierarchy
16:46:14.857 DEBUG:   Init module 'lupin_core'
16:46:14.858 DEBUG:     Base dir: C:\GitLab-Runner\builds\syEyNXLf\0\lupindental\arsene\software\common\lupin_core
16:46:14.858 DEBUG:     Working dir: C:\GitLab-Runner\builds\syEyNXLf\0\lupindental\arsene\software\common\lupin_core\.scannerwork
16:46:14.858 DEBUG:     Module global encoding: windows-1252, default locale: en_US
16:46:14.861 INFO: Load project branches
16:46:14.861 DEBUG: --> GET https://sonarcloud.io/api/project_branches/list?project=lupindental_lupin_core
16:46:14.960 DEBUG: <-- 200 https://sonarcloud.io/api/project_branches/list?project=lupindental_lupin_core (100ms, unknown-length body)
16:46:14.963 INFO: Load project branches (done) | time=102ms
16:46:14.974 INFO: Check ALM binding of project 'lupindental_lupin_core'
16:46:14.974 DEBUG: --> GET https://sonarcloud.io/api/alm_integration/is_project_bound?project=lupindental_lupin_core
16:46:14.992 DEBUG: <-- 200 https://sonarcloud.io/api/alm_integration/is_project_bound?project=lupindental_lupin_core (31ms, unknown-length body)
16:46:15.008 INFO: Detected project binding: BOUND
16:46:15.013 INFO: Check ALM binding of project 'lupindental_lupin_core' (done) | time=40ms
16:46:15.014 INFO: Load project pull requests
16:46:15.019 DEBUG: --> GET https://sonarcloud.io/api/project_pull_requests/list?project=lupindental_lupin_core
16:46:15.055 DEBUG: <-- 200 https://sonarcloud.io/api/project_pull_requests/list?project=lupindental_lupin_core (37ms, unknown-length body)
16:46:15.059 INFO: Load project pull requests (done) | time=45ms
16:46:15.066 INFO: Load branch configuration
16:46:15.068 INFO: Auto-configuring pull request 186
16:46:15.069 DEBUG: --> GET https://sonarcloud.io/api/alm_integration/show_pullrequest?project=lupindental_lupin_core&pullrequestKey=186
16:46:15.353 DEBUG: <-- 401 https://sonarcloud.io/api/alm_integration/show_pullrequest?project=lupindental_lupin_core&pullrequestKey=186 (284ms, unknown-length body)
16:46:15.369 DEBUG: Cleanup org.eclipse.jgit.util.FS$FileStoreAttributes$$Lambda$281/0x00000008012ef8f0@59496961 during JVM shutdown
16:46:15.375 INFO: ------------------------------------------------------------------------
16:46:15.376 INFO: EXECUTION FAILURE
16:46:15.376 INFO: ------------------------------------------------------------------------
16:46:15.376 INFO: Total time: 2.140s
16:46:15.391 INFO: Final Memory: 8M/40M
16:46:15.391 INFO: ------------------------------------------------------------------------
16:46:15.391 ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Unable to load component class org.sonar.scanner.scan.filesystem.InputComponentStore
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:52)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
	at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
	at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
	at org.picocontainer.DefaultPicoContainer.instantiateComponentAsIsStartable(DefaultPicoContainer.java:1034)
	at org.picocontainer.DefaultPicoContainer.addAdapterIfStartable(DefaultPicoContainer.java:1026)
	at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1003)
	at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:131)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:60)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:54)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: java.lang.IllegalStateException: Unable to load component interface org.sonar.scanner.scan.branch.BranchConfiguration
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:52)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
	at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
	at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
	at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:50)
	... 34 more
Caused by: Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator to check the permissions of the user the token belongs to
16:46:15.397 DEBUG: Cleanup org.eclipse.jgit.util.FS$FileStoreAttributes$$Lambda$281/0x00000008012ef8f0@59496961 during JVM shutdown

Thanks for your help

I’m wondering it it’s not a GitLab token related issue.

So far we never saw the integration of Sonar with GitLab. May be because it becomes effective only when using merge request pipelines ?

I’ll try to update the GitLab Access Token.

I can confirm that it is related to a missing / invalid GitLab Access Token.

So I guest the real issue here is an invalid error message is displayed when no valid GitLab Access Token is available (=> title of this post edited accordingly)

I would also suggest to improve your documentation about GitLab-CI documentation (GitLab & SonarCloud):

• to highlight the fact that it works only with merge request pipelines (Merge request pipelines | GitLab)
• to tell that you don’t have to use a personal access token but can also use a Group Access Token with role >= Reporter and scope=api. I think it goes in the direction of the remark about using a special “technical user” token, except you don’t need to create such a user (which costs a seat…) but can use a group token instead.

Otherwise we have no clue why we don’t see it working

Hi,

I’m glad you worked through this.

But… that’s not the case. Branch analysis (main or otherwise) should work too…?

So this is how you got it working and you can confirm that this works?

 
Thx,
Ann

Hello!

But… that’s not the case. Branch analysis (main or otherwise) should work too…?

Branch analysis work fines in SonarCloud itself. What didn’t work so far is the GitLab integration, i.e. the creation by Sonar of a message in the MR in GitLab to share the results of the analysis. So developers had to go to Sonar to see the results.

Note that we always create an MR with a dedicated branch that is merged to main / never directly push a commit to main

It seems that your GitLab integration plugin depends on some special env vars that exist in CI only if the pipeline is a merge request pipeline (Merge request pipelines | GitLab). Well, that’s what I suspect. Because switching to merge request pipelines have triggered the attempt from Sonar to publish a comment to GitLab, and this attempt failed because of an invalid / missing token. Again, that’s my understanding of the real issue, since the official error message talks about something else.

So this is how you got it working and you can confirm that this works?

Yes, I did several tests. And can confirm that:

• it works with Group Access Token
• it works with a role of Reporter or above
• it does not work with a role of Guest
  • note than a Guest token will be considered valid when tested in the GitLab connectivity management although it won’t work in practice when attempting to create a message in GitLab

This is an extract of our internal doc:

image850×564 40.3 KB

Hi,

So… your expectation is that branch analysis will decorate the repo with the current branch Quality Gate status?

Yeah, no. It’s not that it’s not working; we just don’t do that.

And thanks for the tip about the Group Access Token. I’ll flag that for the docs team.

 
Thx,
Ann

Not sure to understand.

My expectation is simply to have a working GitLab integration, i.e. to have SonarCloud publish a message in the MR about the current branch status, as it is doing now:

image1167×482 39 KB

Simply filling the GitLab token is not enough to have this. I also need to convert my pipeline to a merge request one. And then it works fine