[FOLIO-3669] add SONAR_TOKEN to dependabot secrets in stripes-components Created: 19/Dec/22  Updated: 17/Jan/23  Resolved: 10/Jan/23

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P3
Reporter: Zak Burke Assignee: John Malconian
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks FOLIO-3664 UI repositories should leverage depen... In Code Review
Relates
relates to FOLIO-3687 configure UI app to publish test resu... Closed
Sprint: DevOps Sprint 157
Development Team: FOLIO DevOps
RCA Group: TBD

 Description   

Summary: Add SONAR_TOKEN to the dependabot secrets for stripes-components and ui-users.

Details: Dependabot should have all necessary permissions to open a PR successfully, but currently lacks permission to publish test results. In STCOM-1068 Closed we turned on dependabot as a POC. It started opening PRs (yay!) but they fail due to a permissions problem. This failure is reminiscent of the PR failures that led to the process for merging PRs from forks, yet the situation here is a bit is different: the calls are coming from INSIDE the house!!!11!1! Further research (see comment below) suggests we can resolve this by adding SONAR_TOKEN to dependabot's secrets.

Given FOLIO-3664 In Code Review is just a POC, we just want to try this out in a few repositories for now. If successful, we will want to include this setting in all UI repositories.



 Comments   
Comment by Zak Burke [ 27/Dec/22 ]

SonarCloud forums/documentation state,

For you dependabots PRs, SONAR_TOKEN should be added to the Dependabot secrets (repo settings->secrets>Dependabot). Then the dependabot will expose the secret to the github secret context.

Can we try this in stripes-components and ui-users? I don't have access to Settings > Secrets. 

Comment by John Malconian [ 10/Jan/23 ]

SONAR_TOKEN has been set as a repo-level dependabot secret for both stripes-components and ui-users. Closing.

Generated at Thu Feb 08 23:29:49 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.