#154 Use property sonar.token when providing SQ auth tokens

CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 
 ## [Unreleased]
+### Changed
+- SonarQube's `analyzeWith(mvn)` credential usage for tokens changed to avoid authentication errors
+  - With SonarQube 25.x the regular maven goal `sonar:sonar` changed the used authentication style because username/password no longer work. 
+  - Instead, a SonarQube authentication token must be generated on the personal security profile page and used without username. This works best with setting the used credential to the config map entry `token`
+
 ## [4.3.0](https://github.com/cloudogu/ces-build-lib/releases/tag/4.3.0) - 2025-08-21
 ### Changed
 - Updates the BATS shell test image to 1.12 which supports the `--report-formatter` switch

README.md

@@ -850,7 +850,7 @@ sonarQube.analyzeWith(mvn)
 Recommendation: Use Jenkins' replay feature for this. Then commit the `Jenkinsfile` with `isUsingBranchPlugin`.
 
 An alternative is running the first analysis locally, e.g. with maven
-`mvn clean install sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=YOUR-ORG -Dsonar.login=YOUR-TOKEN`
+`mvn clean install sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=YOUR-ORG -Dsonar.token=YOUR-TOKEN`
 
 ## SonarCloud
 

src/com/cloudogu/ces/cesbuildlib/SonarQube.groovy

@@ -174,17 +174,24 @@ class SonarQube implements Serializable {
     private static abstract class AnalysisStrategy {
 
         def script
+        def useTokenAuth
 
-        AnalysisStrategy(script) {
+        AnalysisStrategy(script, useTokenAuth=false) {
             this.script = script
+            this.useTokenAuth = useTokenAuth
         }
 
         abstract executeWith(Maven mvn)
 
         protected analyzeWith(Maven mvn, String sonarMavenGoal, String sonarHostUrl, String sonarLogin,
                               String sonarExtraProps = '') {
 
-            mvn "${sonarMavenGoal} -Dsonar.host.url=${sonarHostUrl} -Dsonar.login=${sonarLogin} ${sonarExtraProps}"
+            String sonarAuthProperty = "-Dsonar.login=${sonarLogin}"
+            if (useTokenAuth) {
+                sonarAuthProperty = "-Dsonar.token=${sonarLogin}"
+            }
+
+            mvn "${sonarMavenGoal} -Dsonar.host.url=${sonarHostUrl} ${sonarAuthProperty} ${sonarExtraProps}"
         }
     }
 
@@ -216,7 +223,7 @@ class SonarQube implements Serializable {
         String host
 
         TokenAnalysisStrategy(script, String tokenCredential, String host) {
-            super(script)
+            super(script, true)
             this.token = tokenCredential
             this.host = host
         }

test/com/cloudogu/ces/cesbuildlib/SonarQubeTest.groovy

@@ -39,14 +39,14 @@ class SonarQubeTest {
 
         def branchName = 'develop.Or:somehing-completely_.different'
         scriptMock.env = [
-                SONAR_AUTH_TOKEN: 'auth',
+                SONAR_AUTH_TOKEN: 'sqa_b8a90ec...',
                 BRANCH_NAME     : branchName
         ]
 
         sonarQube.analyzeWith(mavenMock)
 
         assert mavenMock.args ==
-                'sonar:sonar -Dsonar.host.url=http://ces/sonar -Dsonar.login=auth '
+                'sonar:sonar -Dsonar.host.url=http://ces/sonar -Dsonar.token=sqa_b8a90ec... '
         assertBranchName(branchName, mavenMock)
         assert scriptMock.actualStringArgs['credentialsId'] == 'secretTextCred'
     }