githubcontinuous-integrationgithub-actionsdevopscontinuous-deployment

Not authorized. Please check the user token in the property 'sonar.token' or the credential


this is the relevant part of my GitHub actions workflow:

  complete-build-test-analysis:
    name: Complete Build, Test, and SonarQube Analysis 🚀
    runs-on: self-hosted
    needs: [documentation-CI, client-CI, farmer-ci, transport-ci, article-ci]
    environment: staging
    steps:
      - name: Checkout branch 🛎️
        uses: actions/checkout@v3

      - name: Set up JDK 18 🏗️
        uses: actions/setup-java@v3
        with:
          java-version: 18
          distribution: 'temurin'
          cache: maven

      - name: Build Docker images with JIB 🐋
        run: mvn -T 2C compile package jib:dockerBuild -e

      - name: Create SonarQube Volumes 📁
        run: |
          docker volume create sonarqube_data
          docker volume create sonarqube_extensions
          docker volume create sonarqube_logs
          docker volume create staging_test_data

      - name: Start Docker Containers 🐳
        run: docker-compose -f docker-compose-staging.yml up -d

      - name: Wait for SonarQube to be ready
        run: |
          until $(curl --output /dev/null --silent --head --fail http://localhost:9000); do
            printf '.'
            sleep 5
          done

  article-analysis:
    name: Article Analysis
    runs-on: self-hosted
    needs: [ complete-build-test-analysis ]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up JDK 18 🏗️
        uses: actions/setup-java@v3
        with:
          java-version: 18
          distribution: 'temurin'
          cache: maven

      - name: Compile, Test, and Analyze Article Module
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
        run: |
          mvn -f ./article/pom.xml clean compile test sonar:sonar \
            -Dsonar.projectKey=Flowcontrol_Article_Module \
            -Dsonar.projectName="Flowcontrol - Article Module" \
            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }}

      - name: SonarQube Quality Gate Check - Article Module
        id: sonarqube-quality-gate-check-article
        uses: sonarsource/sonarqube-quality-gate-action@master
        with:
          scanMetadataReportFile: ./article/target/sonar/report-task.txt
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        continue-on-error: true

  farmer-analysis:
    name: Farmer Analysis
    runs-on: self-hosted
    needs: [complete-build-test-analysis]
    steps:
      - name: Compile, Test, and Analyze Farmer Module
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
        run: |
          mvn -f ./farmer/pom.xml clean compile test sonar:sonar \
            -Dsonar.projectKey=Flowcontrol_Farmer_Module \
            -Dsonar.projectName="Flowcontrol - Farmer Module" \
            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
            -Dsonar.login=${{ secrets.SONAR_TOKEN_STAGING }}

      - name: SonarQube Quality Gate Check - Farmer Module
        id: sonarqube-quality-gate-check-farmer
        uses: sonarsource/sonarqube-quality-gate-action@master
        with:
          scanMetadataReportFile: ./farmer/target/sonar/report-task.txt
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        continue-on-error: true

  transport-analysis:
    name: Transport Analysis
    runs-on: self-hosted
    needs: [complete-build-test-analysis]
    steps:
      - name: Compile, Test, and Analyze Transport Module
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
        run: |
          mvn -f ./transport/pom.xml clean compile test sonar:sonar \
            -Dsonar.projectKey=Flowcontrol_Transport_Module \
            -Dsonar.projectName="Flowcontrol - Transport Module" \
            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
            -Dsonar.login=${{ secrets.SONAR_TOKEN_STAGING }}

      - name: SonarQube Quality Gate Check - Transport Module
        id: sonarqube-quality-gate-check-transport
        uses: sonarsource/sonarqube-quality-gate-action@master
        with:
          scanMetadataReportFile: ./transport/target/sonar/report-task.txt
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        continue-on-error: true
#
  quality-gate-check:
    name: Quality Gate Check
    runs-on: self-hosted
    needs: [article-analysis, farmer-analysis, transport-analysis]
    steps:
      - name: Write Combined Commit Message
        if: |
          needs.article-analysis.steps.sonarqube-quality-gate-check-article.outputs.quality-gate-status == 'FAILED' ||
          needs.farmer-analysis.steps.sonarqube-quality-gate-check-farmer.outputs.quality-gate-status == 'FAILED' ||
          needs.transport-analysis.steps.sonarqube-quality-gate-check-transport.outputs.quality-gate-status == 'FAILED'
        run: |
          FAILED_MODULES=""
          if [ "${{ needs.article-analysis.steps.sonarqube-quality-gate-check-article.outputs.quality-gate-status }}" == "FAILED" ]; then
            FAILED_MODULES="$FAILED_MODULES\n- Article Module"
          fi
          if [ "${{ needs.farmer-analysis.steps.sonarqube-quality-gate-check-farmer.outputs.quality-gate-status }}" == "FAILED" ]; then
            FAILED_MODULES="$FAILED_MODULES\n- Farmer Module"
          fi
          if [ "${{ needs.transport-analysis.steps.sonarqube-quality-gate-check-transport.outputs.quality-gate-status }}" == "FAILED" ]; then
            FAILED_MODULES="$FAILED_MODULES\n- Transport Module"
          fi

          COMMENT_BODY="SonarQube Quality Gate failed for the following modules:$FAILED_MODULES"

          curl -X POST \
            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
            -H "Content-Type: application/json" \
            -d "{\"body\": \"$COMMENT_BODY\"}" \
            "https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }}/comments"

      - name: Fail workflow if any quality gate failed
        if: |
          needs.article-analysis.steps.sonarqube-quality-gate-check-article.outputs.quality-gate-status == 'FAILED' ||
          needs.farmer-analysis.steps.sonarqube-quality-gate-check-farmer.outputs.quality-gate-status == 'FAILED' ||
          needs.transport-analysis.steps.sonarqube-quality-gate-check-transport.outputs.quality-gate-status == 'FAILED'
        run: exit 1

More specifically we are looking at the analyze part of the code. When it gets to that part it gives me an error that it cannot authorize using the token and I know for the fact that the problem is not in the token. This only happens when I try to run the analysis into multiple jobs but when I run everything to a single job the problem is not present. This is the code when I combine it to a single job :

name: Deployment-CI/CD

on:
  push:
    branches:
      - v3.0.0_workflows_single_job
  pull_request:
    branches:
      - "master"
    types: [closed]



jobs:

  documentation-CI:
    name: documentation-CI 📚
    uses: ./.github/workflows/documentation.yml

  article-ci:
    name: Run Article CI pipeline
    uses: ./.github/workflows/SJ.yml
    with:
      java_version: 18
      working_directory: ./article

  farmer-ci:
    name: Run Farmer CI pipeline
    uses: ./.github/workflows/SJ.yml
    with:
      java_version: 18
      working_directory: ./farmer

  transport-ci:
    name: Run Transport CI pipeline
    uses: ./.github/workflows/SJ.yml
    with:
      java_version: 18
      working_directory: ./transport

  # Run the client CI pipeline
  client-CI:
    name: client-CI 🚀
    uses: ./.github/workflows/clientDev.yml

  complete-build-test-analysis:
    name: Complete Build, Test, and SonarQube Analysis 🚀
    runs-on: self-hosted
    needs: [ documentation-CI, client-CI, farmer-ci, transport-ci, article-ci ]

    environment: staging

    steps:
      - name: Checkout branch 🛎️
        uses: actions/checkout@v3

      - name: Set up JDK 18 🏗️
        uses: actions/setup-java@v3
        with:
          java-version: 18
          distribution: 'temurin'
          cache: maven

      - name: Build Docker images with JIB 🐋
        run: mvn -T 2C compile package jib:dockerBuild -e


      - name: Create SonarQube Volumes 📁
        run: |
          docker volume create sonarqube_data
          docker volume create sonarqube_extensions
          docker volume create sonarqube_logs
          docker volume create staging_test_data      

      - name: Start Docker Containers 🐳
        run: docker-compose -f docker-compose-staging.yml up -d

      - name: Wait for SonarQube to be ready
        run: |
          until $(curl --output /dev/null --silent --head --fail http://localhost:9000); do
            printf '.'
            sleep 5
          done


      - name: Compile, Test, and Analyze Article Module
        run: |
          mvn -f ./article/pom.xml clean compile test sonar:sonar \
            -Dsonar.projectKey=Flowcontrol_Article_Module \
            -Dsonar.projectName="Flowcontrol - Article Module" \
            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
            -Dsonar.login=${{ secrets.SONAR_TOKEN_STAGING }}

      - name: SonarQube Quality Gate Check - Article Module
        id: sonarqube-quality-gate-check-article
        uses: sonarsource/sonarqube-quality-gate-action@master
        with:
          scanMetadataReportFile: ./article/target/sonar/report-task.txt
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        continue-on-error: true


      - name: Compile, Test, and Analyze Farmer Module
        run: |
          mvn -f ./farmer/pom.xml clean compile test sonar:sonar \
            -Dsonar.projectKey=Flowcontrol_Farmer_Module \
            -Dsonar.projectName="Flowcontrol - Farmer Module" \
            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
            -Dsonar.login=${{ secrets.SONAR_TOKEN_STAGING }}

      - name: SonarQube Quality Gate Check - Farmer Module
        id: sonarqube-quality-gate-check-farmer
        uses: sonarsource/sonarqube-quality-gate-action@master
        with:
          scanMetadataReportFile: ./farmer/target/sonar/report-task.txt
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        continue-on-error: true


      - name: Compile, Test, and Analyze Transport Module
        run: |
          mvn -f ./transport/pom.xml clean compile test sonar:sonar \
            -Dsonar.projectKey=Flowcontrol_Transport_Module \
            -Dsonar.projectName="Flowcontrol - Transport Module" \
            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
            -Dsonar.login=${{ secrets.SONAR_TOKEN_STAGING }}

      - name: SonarQube Quality Gate Check - Transport Module
        id: sonarqube-quality-gate-check-transport
        uses: sonarsource/sonarqube-quality-gate-action@master
        with:
          scanMetadataReportFile: ./transport/target/sonar/report-task.txt
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_STAGING }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        continue-on-error: true


      - name: Write Combined Commit Message
        if: |
          steps.sonarqube-quality-gate-check-article.outputs.quality-gate-status == 'FAILED' ||
          steps.sonarqube-quality-gate-check-farmer.outputs.quality-gate-status == 'FAILED' ||
          steps.sonarqube-quality-gate-check-transport.outputs.quality-gate-status == 'FAILED'
        run: |
          FAILED_MODULES=""
          if [ "${{ steps.sonarqube-quality-gate-check-article.outputs.quality-gate-status }}" == "FAILED" ]; then
            FAILED_MODULES="$FAILED_MODULES\n- Article Module"
          fi
          if [ "${{ steps.sonarqube-quality-gate-check-farmer.outputs.quality-gate-status }}" == "FAILED" ]; then
            FAILED_MODULES="$FAILED_MODULES\n- Farmer Module"
          fi
          if [ "${{ steps.sonarqube-quality-gate-check-transport.outputs.quality-gate-status }}" == "FAILED" ]; then
            FAILED_MODULES="$FAILED_MODULES\n- Transport Module"
          fi

          COMMENT_BODY="SonarQube Quality Gate failed for the following modules:$FAILED_MODULES"

          curl -X POST \
            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
            -H "Content-Type: application/json" \
            -d "{\"body\": \"$COMMENT_BODY\"}" \
            "https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }}/comments"

      - name: Fail workflow if any quality gate failed
        if: |
          steps.sonarqube-quality-gate-check-article.outputs.quality-gate-status == 'FAILED' ||
          steps.sonarqube-quality-gate-check-farmer.outputs.quality-gate-status == 'FAILED' ||
          steps.sonarqube-quality-gate-check-transport.outputs.quality-gate-status == 'FAILED'
        run: exit 1

Why doesn't it accept the token when I am trying to run it into multiple jobs? enter image description here


Solution

  • The problem was that I should use vars instead of env like this:

    ${{vars.SONAR_HOST_STAGING_URL}}
    

    instead of:

    ${{env.SONAR_HOST_STAGING_URL}}