Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sonar analysis doesn't work for PRs from forks #1203

Closed
2 tasks done
nscuro opened this issue Apr 17, 2024 · 0 comments
Closed
2 tasks done

Sonar analysis doesn't work for PRs from forks #1203

nscuro opened this issue Apr 17, 2024 · 0 comments
Assignees
@sahibamittal
Labels
ci defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk

Comments

@nscuro
Copy link
Member

nscuro commented Apr 17, 2024

Current Behavior

As identified in #1198, the Sonar analysis is currently broken for PRs originating from forks.

This is happening because the SONAR_TOKEN repository secret is not exposed to such PRs, causing an authentication failure with SonarCloud:

Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922:sonar (default-cli) on project hyades: Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator

Steps to Reproduce

  1. Fork this repository
  2. Raise a PR
  3. Observe the CI / Test workflow failing

Expected Behavior

The Sonar analysis should work for PRs originating from forks.

Note that we faced the same challenge when integrating Codacy into the dependency-track repository. The way we solved it there is:

The reason this works is that the second workflow is executed within the context of the target repository, and as such has access to the required repository secret.

Hyades Version

n/a

Repository Type

Hyades services

Browser

N/A

Checklist
@nscuro nscuro added defect Something isn't working ci p2 Non-critical bugs, and features that help organizations to identify and reduce risk labels Apr 17, 2024
@nscuro nscuro mentioned this issue Apr 23, 2024
Merged
5 tasks
@sahibamittal sahibamittal self-assigned this Apr 24, 2024
@nscuro nscuro mentioned this issue Apr 29, 2024
Merged
5 tasks
@sahibamittal sahibamittal mentioned this issue May 24, 2024
Merged
5 tasks
This was referenced May 27, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sahibamittal sahibamittal

Labels
ci defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nscuro @sahibamittal