gapic-generator-java icon indicating copy to clipboard operation
gapic-generator-java copied to clipboard
verified publisher icon googleapis

Sonar fails with 401 for non team-member PRs

Open zhumin8 opened this issue 1 year ago • 3 comments

https://github.com/googleapis/sdk-platform-java/actions/runs/11821753764

Error:  Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:5.0.0.4389:sonar (default-cli) on project gapic-generator-java-root: Error status returned by url [https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64]: 401 -> [Help 1]

similar issue saw in https://github.com/GoogleCloudPlatform/spring-cloud-gcp/issues/3376

zhumin8 avatar Nov 13 '24 18:11 zhumin8

later runs of sonar workflow has no issue: https://github.com/googleapis/sdk-platform-java/actions/runs/11823259150 Maybe flaky?

zhumin8 avatar Nov 13 '24 19:11 zhumin8

SonarCloud Build / Build (pull_request) failed for the same reason for all renovate bot PRs for sdk-platform-java. e.g. https://github.com/googleapis/sdk-platform-java/pull/3285

https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64 in the error message links to a page with the following message: {"Message": "User is not authorized to access this resource with an explicit deny"}

jinseopkim0 avatar Nov 13 '24 19:11 jinseopkim0

I think these sonar failures may not be flaky, but rather as @jinseopkim0 pointed out is related to access setup. Observed that all renovate bot PRs fail on 401, also on PRs raised by non team member. e.g. https://github.com/googleapis/sdk-platform-java/actions/runs/12643422744/job/35229377267

Not sure if there are security concerns around this setup.

zhumin8 avatar Jan 07 '25 14:01 zhumin8