We’ve setup Bitbucket Pipelines to trigger code analysis and quality gate reviews on each pull request change with the following versions of sonarcloud packages:
sonarsource/sonarcloud-scan:1.2.0
sonarsource/sonarcloud-quality-gate:0.1.3
But since May we’ve seen less Sonar hints in our pull requests, and after investigations it seems that the code analysis was not running, but the pipeline was marked as Success.
In the code analysis step (sonarcloud-scan) there was this log message: ERROR: Only Node.js v12.22 or later is supported, got 12.18.3.
Does anybody faced this issue ? Because for mostly 3 months we didn’t noticed that and as code analysis were not correctly done, a lot of “bad” code could have been pushed.
The solution was to upgrade to the latest version of these two packages, but I don’t understand why I didn’t received any communication about that and why those previous versions stopped running as usual.
I’m very sorry that you went through this experience.
We had to upgrade to v12.22 internally and we failed to communicate this enough.
In general, we encourage using the latest Node LTS version and we do not officially support Node versions outside of LTS, even if they might work. There are two LTS versions, v14 and v16. Node v12 ended life last April.
If you could help me understand your situation better:
Is there any reason you don’t use the latest Node LTS version?
Did you see any deprecation warnings in Bitbucket or SonarCloud?
Do you follow Community announcements or SonarCloud’s “What’s new”?
What would be your preferred way for us to reach out to you?
- step: &sonar-analyze
name: Analyze with SonarCloud
image: circleci/node:14.18.2-browsers
size: 2x # Total memory is 8GB
caches:
- node
script:
- pipe: sonarsource/sonarcloud-scan:1.2.2
This yields
INFO: Sensor JavaScript analysis [javascript]
INFO: Deploying custom rules bundle jar:file:/root/.sonar/cache/ce591e3f7610860294db52053899e90f/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /opt/atlassian/pipelines/agent/build/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules17248008608657546274
ERROR: Only Node.js v12.22 or later is supported, got 12.18.3.
org.sonarsource.nodejs.NodeCommandException: Only Node.js v12.22 or later is supported, got 12.18.3.
at org.sonarsource.nodejs.NodeCommandBuilderImpl.checkNodeCompatibility(NodeCommandBuilderImpl.java:172)
at org.sonarsource.nodejs.NodeCommandBuilderImpl.build(NodeCommandBuilderImpl.java:143)
at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.initNodeCommand(EslintBridgeServerImpl.java:183)
at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.startServer(EslintBridgeServerImpl.java:128)
at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.startServerLazily(EslintBridgeServerImpl.java:212)
at org.sonar.plugins.javascript.eslint.AbstractEslintSensor.execute(AbstractEslintSensor.java:66)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:62)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:66)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:64)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:446)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:442)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:400)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:130)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
A breaking change like this should have been applied to a new version of sonarsource/sonarcloud-scan:1.2.2
Also, this does not appear to fail the build step in BitBucket…how/why would it not? Then, when the quality gate check is made it passes as well with seemingly a default passing score.