Wrap the Maven execute using withCredentials
withCredentials() will set the SONAR_TOKEN variable which is recognized by the scanner.
It will also automatically mask the token if it is ever printed out in the logs.
diff --git a/vars/slingOsgiBundleBuild.groovy b/vars/slingOsgiBundleBuild.groovy
index 85d4706..f76c9c1 100644
--- a/vars/slingOsgiBundleBuild.groovy
+++ b/vars/slingOsgiBundleBuild.groovy
@@ -65,8 +65,6 @@
stage('SonarCloud') {
// As we don't have the global SonarCloud conf for now, we can't use #withSonarQubeEnv so we need to set the following props manually
def sonarcloudParams="-Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=apache"
- // TODO below: replace SC_TOKEN by the right way to get Robert's SonarCloud token, probably using #withCredentials
- sonarcloudParams="${sonarcloudParams} -Dsonar.login=${SC_TOKEN}"
// Params are different if it's a PR or if it's not
// Note: soon we won't have to handle that manually, see https://jira.sonarsource.com/browse/SONAR-11853
if ( isPrBuild ) {
@@ -74,9 +72,11 @@
} else {
sonarcloudParams="${sonarcloudParams} -Dsonar.branch.name=${BRANCH_NAME}"
}
- // Alls params are set, let' execute
- def mvnCmd = "mvn -U clean verify sonar:sonar ${sonarcloudParams}"
- sh mvnCmd
+ // Alls params are set, let's execute using #withCrendentials to hide and mask Robert's token
+ withCredentials([string(credentialsId: 'robert_token', variable: 'SONAR_TOKEN')]) {
+ def mvnCmd = "mvn -U clean verify sonar:sonar ${sonarcloudParams}"
+ sh mvnCmd
+ }
}
}
// }
