bug(sonarcloud): Build failed, if non-internal pull-request

[Kristinita]

Related issues: #8379, #9791.

1. Summary

If I add to my .travis.yml sonarcloud addon and external pull request for my repository:

    build failed.

I think, that skip sonarcloud step will be better in this case.

2. Data

Part of my .travis.yml:

language: python
python: 3.7
dist: xenial
sudo: true
addons:
  sonarcloud:
    organization: "kristinita-github"
    token:
      secure: l25Sq44wt7NOHXfqlOr7hdS3i4VjP1Anh5INkischOk4TLrvwZMd+8P1e4LqA8cnkTSzaSoQHYNElYVzwKWrWiJnxrHLceXVCw7htzCPHV36Krl/mZogDmuqK9B2rMArqKybHex9i9ncRfL/+R9e8oz0dkNf1ZS48/Qu+kJ4Q2RUEUeVU3/trRJKbCYmmqqk6jC0tyxna5lrnevxkQvw8i3EtUp/lB/zZkI4pyhkBPWkQqoJSK32RTNj1oIkk2O+3LQFTNujnZhsMYNks911ZxbiahPAHpJHZ1JccM6zOzQtd1XsaTkGQCeBcUy6P6ouxigC/HkB681PQ/Sw4kcaR5QrAzxHcG96TrMbi9bZ3w2V+lFfKAc4ytB0Xq3FviHej21pu/tppPpoVZbn9WbkEndtOvqtFy/WG26kYrrA+VMMVam2rajL3myuq46YjIvK2mtuaCTZnNgz3WbPzVv5qUp50uYZOMfkoFKh7J6vXzW1qWW2ubmAaRNFz/wevMh3tkg+VcU94cj1p6Zz6HZFVuhYm7JO2+BwSerJjH+VRDPHkItZWIjN2BOEghZSwUn6V6c+f6PXfEVeYlg9cj+3Bz5e5eOXYSip2936XApcP/sKXBPAwqlBAOLctEgicEU13+ySq/6ljul9J09Kps0bg3PR8iralQAPRBSwSvXGPRY=
install:
- pip install --upgrade pip
script:
- sonar-scanner

3. Steps to reproduce

I add SonarCloud to Travis CI → external user KristinitaTest create a pull request to my repository.

4. Expected behavior

Skip SonarColud step, if external user create a pull request.

5. Actual behavior

Travis CI build failed:

$ sonar-scanner
sonar-scanner: command not found


The command "sonar-scanner" exited with 127.

6. Next actions

I add KristinitaTest user to collaborator → KristinitaTest create a pull request again → build successful passed. So I think the problem is not my personal settings.

Thanks.

[karololszacki]

If you want a workaround, you need to write your config like this:

  - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then sonar-scanner; fi' # sonar only on non-PRs

See the docs:
https://docs.travis-ci.com/user/pull-requests/#pull-requests-and-security-restrictions

Pull requests sent from forked repositories do not have access to encrypted variables or data.

If your build relies on encrypted variables to run, for instance to run Selenium tests with BrowserStack or Sauce Labs, your build needs to take this into account. You won’t be able to run these tests for pull requests from external contributors.

To work around this, restrict these tests only to situations where the environment variables are available, or disable them for pull requests entirely, as shown in the following example [like above]

---

I agree that this could be done in some way in the sonarsource addon, instead of causing us to use a workaround

[DrTorte]

Hello,

We're moving our community communications to the Travis CI Community Forum and will no longer be supporting GitHub issues. If this hasn't been solved, please go ahead and create a new thread on the Forum and we'll be better able to help you there. We're looking forward to seeing you there.

If you need support, you can reach our support team here: support@travis-ci.com.

Thanks and happy building!