search

SAP / jenkins-library

Jenkins shared library for Continuous Delivery pipelines.
https://www.project-piper.io
Apache License 2.0
778 stars 586 forks source link

Sonarscan always taking sonarcloud instead of my sonar local instance #2282

Closed sooraj2589 closed 3 years ago

sooraj2589 commented 3 years ago

How to configure the Sonarscan for custom instance?
I seen the file sonar.yaml and found that

inputs:

  | params:   | - name: instance   | type: string   | description: "Jenkins only: The name of the SonarQube instance defined in the Jenkins settings. DEPRECATED: use host parameter instead"   | scope:   | - PARAMETERS   | - STAGES   | - STEPS   | default: 'SonarCloud' maybe this would cause issue. How can I change to my custom sonar instance?

fwilhe commented 3 years ago

Have you checked the documentation?

Regarding instance it says

DEPRECATED: use serverUrl parameter instead

So I think this is the option you're looking for: https://sap.github.io/jenkins-library/steps/sonarExecuteScan/#serverurl

sooraj2589 commented 3 years ago

used as sonarExecuteScan(script: this, sonarServerUrl: 'https://serverhostname/sonarqube') as command. also added the host in config.yml

sonarExecuteScan:   | branchName: 'feature/ui5'   | host: 'https://serverhostname/sonarqube'   | sonarTokenCredentialsID: ''

fwilhe commented 3 years ago

Is there additional log output? I can only refer to the docs.

sooraj2589 commented 3 years ago

This is Jenkins console log

+ ./piper version
[Pipeline] echo
Piper go binary version: piper-version:
    commit: "efa85a0f0ef633da4729ad6172429af15038bcf5"
    tag: "<n/a>"

[Pipeline] echo
Stash content: piper-bin (include: piper, exclude: , useDefaultExcludes: true)
[Pipeline] stash
Stashed 1 file(s)
[Pipeline] echo
Unstash content: pipelineConfigAndTests
[Pipeline] unstash
[Pipeline] libraryResource
[Pipeline] writeFile
[Pipeline] withEnv
[Pipeline] {
[Pipeline] sh
+ ./piper getConfig --contextConfig --stepMetadata .pipeline/tmp/metadata/sonar.yaml
time="2020-10-30T03:59:52-07:00" level=info msg="Skipping fetching secrets from vault since it is not configured" library=SAP/jenkins-library
[Pipeline] readJSON
[Pipeline] echo
Config: [containerShell:, dockerEnvVars:[:], dockerImage:node:lts-stretch, dockerName:sonar, dockerOptions:[-u 0:0, -v app/jenkins-agent-home/workspace/CE-POC/Build-CEDE-POC/.npmrc:/home/mta/.npmrc:rw], dockerPullImage:true, dockerWorkspace:]
[Pipeline] sh
+ ./piper getConfig --stepMetadata .pipeline/tmp/metadata/sonar.yaml
time="2020-10-30T03:59:53-07:00" level=info msg="Skipping fetching secrets from vault since it is not configured" library=SAP/jenkins-library
[Pipeline] readJSON
[Pipeline] echo
StepConfig: [branchName:feature/ui5, githubApiUrl:https://api.github.com, host:https://sapdevsecops-dev.rno.apple.com/sonarqube, instance:SonarCloud, owner:null, projectVersion:null, pullRequestProvider:GitHub, repository:null, sonarScannerDownloadUrl:https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170-linux.zip]
[Pipeline] echo
--- Begin library step of: dockerExecute ---
[Pipeline] timeout
Timeout set to expire in 10 sec
[Pipeline] {
[Pipeline] httpRequest
[Pipeline] }
[Pipeline] // timeout
[Pipeline] sh
+ docker ps -q
[Pipeline] isUnix
[Pipeline] sh
+ docker pull node:lts-stretch
Trying to pull repository docker.io/library/node ... 
lts-stretch: Pulling from docker.io/library/node
Digest: sha256:6bfa058bf6d24f5d75b5ef4a2d73610e0841726c474d5ed7449826014caccfbc
Status: Image is up to date for node:lts-stretch
node:lts-stretch
[Pipeline] isUnix
[Pipeline] sh
+ docker inspect -f . node:lts-stretch
.
[Pipeline] withDockerContainer
SAPCloud35 does not seem to be running inside a container
$ docker run -t -d -u 8013:73381 --env http_proxy --env https_proxy --env no_proxy --env HTTP_PROXY --env HTTPS_PROXY --env NO_PROXY -u 0:0 -v /ngs/app/sapopsd/jenkins-agent-home/workspace/CEDE-POC/Build-CEDE-POC/.npmrc:/home/mta/.npmrc:rw -w /ngs/app/sapopsd/jenkins-agent-home/workspace/CEDE-POC/Build_CEDE-POC/CEDE -v /ngs/app/sapopsd/jenkins-agent-home/workspace/CE/Build/CE:/ngs/app/psd/jenkins-agent-home/workspace/CE/Build_CE/CE:rw,z -v /ngs/app/sapopsd/jenkins-agent-home/workspace/CEDE-POC/Build_CE/CE@tmp:/ngs/app/sapopsd/jenkins-agent-home/workspace/CEDE-POC/Build_CE/CE@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** node:lts-stretch cat
$ docker top e1f055012693e0d54fc44c1cab6fd918c16c0db6a329aa648341eb84a1cc2ae3 -eo pid,comm
[Pipeline] {
[Pipeline] fileExists
[Pipeline] echo
Unstash content: git
[Pipeline] unstash
[Pipeline] echo
Unstash failed: git (No such saved stash ‘git’)
[Pipeline] withSonarQubeEnv
[Pipeline] // withSonarQubeEnv
[Pipeline] fileExists
[Pipeline] error
[Pipeline] }
$ docker stop --time=1 e1f055012693e0d54fc44c1cab6fd918c16c0db6a329aa648341eb84a1cc2ae3
$ docker rm -f e1f055012693e0d54fc44c1cab6fd918c16c0db6a329aa648341eb84a1cc2ae3
[Pipeline] // withDockerContainer
[Pipeline] libraryResource
[Pipeline] echo
----------------------------------------------------------
--- An error occurred in the library step: dockerExecute
----------------------------------------------------------

The following parameters were available to the step:
***
*** to show step parameters, set verbose:true in general pipeline configuration
*** WARNING: this may reveal sensitive information. ***
***

The error was:
***
hudson.AbortException: [sonarExecuteScan] Step execution failed. Error: hudson.AbortException: SonarQube installation defined in this job (SonarCloud) does not match any configured installation. Number of installations that can be configured: 1.
If you want to reassign jobs to a different SonarQube installation, check the documentation under https://redirect.sonarsource.com/plugins/jenkins.html, please see log file for more details.
***

Further information:
* Documentation of library step dockerExecute: https://sap.github.io/jenkins-library/steps/dockerExecute/
* Source code of library step dockerExecute: https://github.com/SAP/jenkins-library/blob/master/vars/dockerExecute.groovy
* Library documentation: https://sap.github.io/jenkins-library/
* Library repository: https://github.com/SAP/jenkins-library/

----------------------------------------------------------
--- End library step of: dockerExecute ---
[Pipeline] sh
+ rm -rf .sonar-scanner .certificates
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] libraryResource
[Pipeline] echo
----------------------------------------------------------
--- An error occurred in the library step: sonarExecuteScan
----------------------------------------------------------

The following parameters were available to the step:
***
*** to show step parameters, set verbose:true in general pipeline configuration
*** WARNING: this may reveal sensitive information. ***
***

The error was:
***
hudson.AbortException: [sonarExecuteScan] Step execution failed. Error: hudson.AbortException: SonarQube installation defined in this job (SonarCloud) does not match any configured installation. Number of installations that can be configured: 1.
fwilhe commented 3 years ago

Given the information I have I can't exactly tell you what's wrong, but this message seems helpful to me.

hudson.AbortException: [sonarExecuteScan] Step execution failed. Error: hudson.AbortException: SonarQube installation defined in this job (SonarCloud) does not match any configured installation. Number of installations that can be configured: 1. If you want to reassign jobs to a different SonarQube installation, check the documentation under https://redirect.sonarsource.com/plugins/jenkins.html, please see log file for more details.

What I know: In jenkins you can configure sonar instances, and tell the step to use that instance.

Judging by this line

StepConfig: [branchName:feature/ui5, githubApiUrl:https://api.github.com, host:abcxyz.com/sonarqube, instance:SonarCloud, owner:null, projectVersion:null, pullRequestProvider:GitHub, repository:null, sonarScannerDownloadUrl:https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170-linux.zip]

Maybe you should try renaming host to serverUrl, as this is the proper (documented) name of the option.

Or, and I don't know the details here, not use that option and still use the (deprecated) instance option (with the name of the sonar instance you configured in Jenkins) like in this example

  sonarExecuteScan:
    projectKey: "abc"
    instance: "MySonar"
    dockerImage: "..."
    sonarProperties:
      - 'sonar.sources=./application'
sooraj2589 commented 3 years ago

@fwilhe

The issue still exists. I have changed sonarcloud with instance name. udson.AbortException: [sonarExecuteScan] Step execution failed. Error: hudson.AbortException: SonarQube installation defined in this job (https://serverhostname/sonarqub) does not match any configured installation. Number of installations that can be configured: 1.

also tried with

  sonarExecuteScan:
    projectKey: "abc"
    instance: "MySonar"
    dockerImage: "..."
    sonarProperties:
      - 'sonar.sources=./application'

getting org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter unaryMinus java.lang.Object

stippi2 commented 3 years ago

@sooraj2589 Please ignore the pipeline configuration for a moment. Have you indeed configured a Sonar instance in your Jenkins? This is the documentation for how to do this: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/

sooraj2589 commented 3 years ago

@stippi2, yes configured., now sonar stage gets started by passing the serverUrl and by mentioning instance.but getting now error 

info  sonarExecuteScan - INFO: SonarScanner 4.5.0.2216
info  sonarExecuteScan - INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
info  sonarExecuteScan - INFO: Linux 4.1.12-124.41.5.el7uek.x86_64 amd64
info  sonarExecuteScan - INFO: User cache: /root/.sonar/cache
info  sonarExecuteScan - INFO: Linux 4.1.12-124.41.5.el7uek.x86_64 amd64
info  sonarExecuteScan - INFO: User cache: /root/.sonar/cache
error sonarExecuteScan - ERROR: SonarQube server [https://serverhostname/sonarqube] can not be reached

I checked the firewall, and connectivity. everything is there

what could be the reason? do I need to open from docker image ?

stippi2 commented 3 years ago

Just to eliminate the obvious, you replaced the actual host name with "serverhostname" when you pasted your log into the comment above, correct?

sooraj2589 commented 3 years ago

@stippi2 yes correct. I just replaced actual hostname as serverhostname.

fwilhe commented 3 years ago

So the sonar instance was not configured before?

Is there any more helpful log output? Often Jenkins logs on the very bottom of the log something useful. With the info we have I don't think it is possible to say what's failing here.

sooraj2589 commented 3 years ago

@fwilhe Instance was before added as SonarCloud and I changed to actual instance now. Now its trying to connect server but couldnt reach.

some more log from Jenkins;-

info  sonarExecuteScan - Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
info  sonarExecuteScan -    at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
info  sonarExecuteScan -    at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
info  sonarExecuteScan -    at java.base/sun.security.validator.Validator.validate(Unknown Source)
info  sonarExecuteScan -    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
info  sonarExecuteScan -    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
info  sonarExecuteScan -    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
info  sonarExecuteScan -    ... 44 more
info  sonarExecuteScan - Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
info  sonarExecuteScan -    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
info  sonarExecuteScan -    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
info  sonarExecuteScan -    at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
info  sonarExecuteScan -    ... 50 more
error sonarExecuteScan - ERROR: 
error sonarExecuteScan - ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
fatal sonarExecuteScan - Execution failed - running command '/ngs/app/sapopsd/jenkins-agent-home/workspace/CE-POC/Build-CE-POC/CE/.sonar-scanner/bin/sonar-scanner' failed: cmd.Run() failed: exit status 1
CCFenner commented 3 years ago

You are missing the TLS certificates for your instance. Please use customTlsCertificateLinks to provide a list of URLs to your certificates.

fwilhe commented 3 years ago

@sooraj2589 does it work when tls certs are configured?

sooraj2589 commented 3 years ago

Its not only because of certificate. need to configure the certain more parameters on the sonarExecute Scan, now its working for Mta.