You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As identified in #1198, the Sonar analysis is currently broken for PRs originating from forks.
This is happening because the SONAR_TOKEN repository secret is not exposed to such PRs, causing an authentication failure with SonarCloud:
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922:sonar (default-cli) on project hyades: Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator
Steps to Reproduce
Fork this repository
Raise a PR
Observe the CI / Test workflow failing
Expected Behavior
The Sonar analysis should work for PRs originating from forks.
Note that we faced the same challenge when integrating Codacy into the dependency-track repository. The way we solved it there is:
The reason this works is that the second workflow is executed within the context of the target repository, and as such has access to the required repository secret.
I have checked the existing issues for whether this defect was already reported
The text was updated successfully, but these errors were encountered:
nscuro
added
defect
Something isn't working
ci
p2
Non-critical bugs, and features that help organizations to identify and reduce risk
labels
Apr 17, 2024
Current Behavior
As identified in #1198, the Sonar analysis is currently broken for PRs originating from forks.
This is happening because the
SONAR_TOKEN
repository secret is not exposed to such PRs, causing an authentication failure with SonarCloud:Steps to Reproduce
CI / Test
workflow failingExpected Behavior
The Sonar analysis should work for PRs originating from forks.
Note that we faced the same challenge when integrating Codacy into the
dependency-track
repository. The way we solved it there is:The reason this works is that the second workflow is executed within the context of the target repository, and as such has access to the required repository secret.
Hyades Version
n/a
Repository Type
Hyades services
Browser
N/A
Checklist
The text was updated successfully, but these errors were encountered: