[BUG] Unable to install the scanner

[simonfoden]

I'm trying to use Salesforce Scanner with CircleCI. I've had PMD working for a long time and I'm looking to swap it out.

Using any variation of image as well as some compatibility warnings I'm getting the following error when attempting to install the scanner : error eslint@8.32.0: The engine "node" is incompatible with this module. Expected version "^12.22.0 || ^14.17.0 || >=16.0.0". Got "12.18.3"

To Reproduce : Using any variation of the following (image is used in an example in this repo)

docker:

• image: cimg/openjdk:8.0-node (Also cimg/openjdk:14.0 and any variations I've tried with and without node)

  name: Install Salesforce CLI Scanner command: |

  sfdx plugins:install @salesforce/sfdx-scanner

      sfdx plugins:install @salesforce/sfdx-scanner@latest --non-interactive 
      sfdx plugins
      sfdx scanner:run --format junit --target "/home/circleci/project/force-app/**/*.*" --category "Design,Best Practices,Security" --violations-cause-error --outfile scanner.xml

Expected behavior : Scanner installs and runs

Log : Installing plugin @salesforce/sfdx-scanner... yarn add v1.22.10 Installing plugin @salesforce/sfdx-scanner... info No lockfile found.Installing plugin @salesforce/sfdx-scanner... [1/4] Resolving packages...Installing plugin @salesforce/sfdx-scanner... [2/4] Fetching packages...Installing plugin @salesforce/sfdx-scanner... info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.Installing plugin @salesforce/sfdx-scanner... failed warning @salesforce/sfdx-scanner > @salesforce/command > cli-ux@4.9.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request > uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. warning @salesforce/sfdx-scanner > retire > read-installed > readdir-scoped-modules@1.1.0: This functionality has been moved to @npmcli/fs warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request > har-validator@5.1.5: this library is no longer supported error eslint@8.32.0: The engine "node" is incompatible with this module. Expected version "^12.22.0 || ^14.17.0 || >=16.0.0". Got "12.18.3" error Found incompatible module. Error: yarn add @salesforce/sfdx-scanner@latest --non-interactive --mutex=file:/home/circleci/.local/share/sfdx/yarn.lock --preferred-cache-folder=/home/circleci/.cache/sfdx/yarn --check-files exited with code 1

Exited with code exit status 1 CircleCI received exit code 1

CircleCI Ubuntu image with OpenJDK (all versions).

I presume this is an incompatibility with the packages included in the scanner and maybe the image.

The Salesforce CLI install step before the scanner install completes without any issues.

I've also attempted to correct this using an Ubuntu VM and found similar issues.

Workaround: None so far.

Not urgent.

Any help would be greatly appreciated.

Thanks Simon

[jfeingold35]

@simonfoden , that's odd. The docs for cimg/openjdk say that the latest version of 8.0 should be using v16 of NodeJS. To double-check that the image is using the right version of node, could you please add this as an earlier step in the same job, and let us know what you get?

- run: node -v

If that's returning 12.18.3, then you should be able to use the circleci/node orb and its install command to update the version of node on the machine.

[simonfoden]

Hello Josh,

Thanks for looking into this.

I'm using base images and not the orb.

I already tried adding the version commands for Java and Node when I tried using the images with and without node.

The base image cimg/openjdk:14.0 doesn't appear to include node at all and returns the following with the version command :

!/bin/bash -eo pipefail

node --version /bin/bash: node: command not found

Using the cimg/openjdk:19.0.1-node image I get the same errors and : node --version v18.12.0 CircleCI received exit code 0

Successfully validated digital signature for @salesforce/sfdx-scanner. Finished digital signature check. Installing plugin @salesforce/sfdx-scanner... yarn add v1.22.10 Installing plugin @salesforce/sfdx-scanner... info No lockfile found.Installing plugin @salesforce/sfdx-scanner... [1/4] Resolving packages...Installing plugin @salesforce/sfdx-scanner... [2/4] Fetching packages...Installing plugin @salesforce/sfdx-scanner... info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.Installing plugin @salesforce/sfdx-scanner... failed warning @salesforce/sfdx-scanner > @salesforce/command > cli-ux@4.9.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request > uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. warning @salesforce/sfdx-scanner > retire > read-installed > readdir-scoped-modules@1.1.0: This functionality has been moved to @npmcli/fs warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request > har-validator@5.1.5: this library is no longer supported error eslint@8.32.0: The engine "node" is incompatible with this module. Expected version "^12.22.0 || ^14.17.0 || >=16.0.0". Got "12.18.3" error Found incompatible module. Error: yarn add @salesforce/sfdx-scanner@latest --non-interactive --mutex=file:/home/circleci/.local/share/sfdx/yarn.lock --preferred-cache-folder=/home/circleci/.cache/sfdx/yarn --check-files exited with code 1

Exited with code exit status 1 CircleCI received exit code 1

I was under the impression I didn't need to install node as everything needed is packaged with either the Java JDK, Salesforce CLI and the Scanner.

I've tried using the images with node, without node as well as installing node manually in the script. I end up with the same error and warnings.

Could this be an issue with the path or a config file that needs amending to point to the correct version ?

Thanks Simon

[jfeingold35]

@simonfoden , please use a version of the image that includes node (19.0.1-node should be fine), and please add the following step in between your installation of sfdx-cli and your attempted installation of the analyzer:

- run: sfdx -v

What's the output of that command? Thanks!

[simonfoden]

@jfeingold35 I've replaced the image with cimg/openjdk:19.0.1-node and added the sfdx command as suggested.

This produces :

sfdx -v sfdx-cli/7.82.0-3d0c527ac6 linux-x64 node-v12.18.3 CircleCI received exit code 0

sfdx plugins:install @salesforce/sfdx-scanner@latest --non-interactive sfdx plugins

sfdx scanner:run --format junit --target "/home/circleci/project/force-app/*/.*" --category "Design,Best Practices,Security" --violations-cause-error --outfile scanner.xml

Successfully validated digital signature for @salesforce/sfdx-scanner. Finished digital signature check. Installing plugin @salesforce/sfdx-scanner... yarn add v1.22.10 Installing plugin @salesforce/sfdx-scanner... info No lockfile found.Installing plugin @salesforce/sfdx-scanner... [1/4] Resolving packages...Installing plugin @salesforce/sfdx-scanner... [2/4] Fetching packages...Installing plugin @salesforce/sfdx-scanner... info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.Installing plugin @salesforce/sfdx-scanner... failed warning @salesforce/sfdx-scanner > @salesforce/command > cli-ux@4.9.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request > uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. warning @salesforce/sfdx-scanner > retire > read-installed > readdir-scoped-modules@1.1.0: This functionality has been moved to @npmcli/fs warning @salesforce/sfdx-scanner > @salesforce/core > jsforce > request > har-validator@5.1.5: this library is no longer supported error eslint@8.32.0: The engine "node" is incompatible with this module. Expected version "^12.22.0 || ^14.17.0 || >=16.0.0". Got "12.18.3" error Found incompatible module. Error: yarn add @salesforce/sfdx-scanner@latest --non-interactive --mutex=file:/home/circleci/.local/share/sfdx/yarn.lock --preferred-cache-folder=/home/circleci/.cache/sfdx/yarn --check-files exited with code 1

Exited with code exit status 1 CircleCI received exit code 1

I tried this with sfdx plugins:install @salesforce/sfdx-scanner and sfdx plugins:install @salesforce/sfdx-scanner@latest --non-interactive and get the same result.

Thanks Simon

[jfeingold35]

@simonfoden , that's extremely weird. It sounds like something's covertly changing your version of node? In order to be absolutely sure that's what's happening, please use the 19.0.1-node image and add - run: node -v steps at the following points:

1. At the very start of the job.
2. Immediately before you install sfdx-cli
3. Immediately after you install sfdx-cli (accompanied by an sfdx -v)
4. Immediately before you run sfdx install @salesforce/sfdx-scanner

The value should be 18.12.0 at point 1, and we want to figure out exactly where it gets changed to something other than that. Thanks!

[simonfoden]

@jfeingold35 I've added the version steps as suggested.

I get the following at every step (1,2,3): node -v v18.12.0 CircleCI received exit code 0

The CLI version command returns : sfdx -v sfdx-cli/7.82.0-3d0c527ac6 linux-x64 node-v12.18.3 CircleCI received exit code 0

It looks like the version of node that's incompatible is packaged with the Salesforce CLI ? sfdx-cli/7.82.0-3d0c527ac6 linux-x64 node-v12.18.3

I'm using : docker:

• image: cimg/openjdk:19.0.1-node

I'm getting the CLI from here : https://developer.salesforce.com/media/salesforce-cli/sfdx-linux-amd64.tar.xz

The scanner install hits the error after which I can't execute another version command as the job has failed.

Regards Simon

[jfeingold35]

Okay. Since we've determined that the problem appears to be with sfdx-cli rather than sfdx-scanner, I recommend checking whether someone's logged a similar issue for sfdx-cli, and logging such an issue if none exists. That team's issue page is, I believe, here.

[simonfoden]

@jfeingold35 I'll do that.

Thanks a lot for your help.

Regards Simon

[jfeingold35]

@simonfoden , sure thing! For posterity's sake, if you do find/log an issue with that team, please post a link to it here so future readers can find it, and then we can go ahead and close this issue.

[simonfoden]

I've raised a bug on the Salesforce CLI GitHub repository. This can be found here :

https://github.com/forcedotcom/cli/issues/1886

Regards Simon