Build from source failing (again) due to missing scanner-engine dependencies

Hi,

I hate acting as your CI, but it looks like this is becoming a recurring issue. Since April 20th, I have been unable to build SonarQube from source. The build is failing to resolve another set of artifacts, this time related to scanner-engine.

Here is the cleaned up error log:

FAILURE: Build failed with an exception.

* What went wrong:
Could not determine the dependencies of task ':sonar-application:shadowJar'.
> Could not resolve all dependencies for configuration ':sonar-application:runtimeClasspath'.
   > Could not find com.sonarsource.scanner.engine:scanner-engine-protocol-server:12.26.0.2875.
     Required by:
         project :sonar-application > project :server:sonar-ce > project :server:sonar-ce-common
         project :sonar-application > project :server:sonar-ce > project :server:sonar-ce-task-projectanalysis
         project :sonar-application > project :server:sonar-webserver > project :server:sonar-webserver-core
         project :sonar-application > project :server:sonar-webserver > project :server:sonar-webserver-webapi
   > Could not find com.sonarsource.scanner.engine:protobuf-utils:12.26.0.2875.
     Required by:
         project :sonar-application > project :server:sonar-ce > project :server:sonar-ce-task-projectanalysis > project :server:sonar-db-dao

It seems like private or commercial dependencies are repeatedly leaking into the public build configuration. Could you please check if these artifacts can be published to the public repositories, or adjust the build so community builds do not require them?

Thanks again for looking into this.

Hello,

Thank you for your input and sorry it happens again with an other dependency.

We recently have extracted the sonar scanner-engine from the sonar-enterprise repo but we forgot to publish this new extracted dependency. Sorry for this.

We will treat this, and I will keep you updated once it’s published.

I will assign the responsible squad of the dependency to this topic so they will be more able to give you updated.

Thank you,

Hi do you have any news with regards this issue? it seems the build is still broken.

Best

Hi @Josue_A_de_Lima,

Welcome to the community and thanks for this report!

We’re on it.

 
Ann

Hi @Josue_A_de_Lima this should have been fixed. Sorry for the inconvenience.

Hi Julien Henry, thanks for the update, the issue still seems unresolved. Sonarqube 26.5.0.122743b pins scanner-engine 12.30.0.3186, but Maven Central only publishes 12.31+ for org.sonarsource.scanner.engine. Versions 12.26–12.30 remain
unpublished, blocking build-from-source. Could you backfill them, or tag a release using 12.31+? Thanks so much!

Indeed, we fixed the master branch only.

Not sure how easy it would be to publish older releases on Maven Central. If you need a tagged version of SQ, might be simpler to wait for 26.6.

You can also take the 26.5.0.122743 tag and update the scanner engine dependency to 12.31, the only change was literally to fix the Maven Central publication.

Thank you! seems the latest version actually builds without any problems, thanks for your help and quick response.