Can't build SonarQube from source due to JFrog repo misconfiguration?

jasper · May 5, 2022, 12:34pm

The following steps when trying to build SonarQube from source lead to an error:

$ git clone https://github.com/SonarSource/sonarqube.git
$ cd sonarqube
$ git checkout 9.4.0.54424
$ ./gradlew build

This is the error one runs in to:

FAILURE: Build failed with an exception.

* What went wrong:
Could not determine the dependencies of task ':sonar-application:shadowJar'.
> Could not resolve all dependencies for configuration ':sonar-application:runtimeClasspath'.
   > Could not resolve org.elasticsearch.client:elasticsearch-rest-high-level-client:7.17.1.
     Required by:
         project :sonar-application
         project :sonar-application > project :server:sonar-main
         project :sonar-application > project :server:sonar-ce > project :server:sonar-server-common
      > Could not resolve org.elasticsearch.client:elasticsearch-rest-high-level-client:7.17.1.
         > Could not get resource 'https://repox.jfrog.io/repox/sonarsource/org/elasticsearch/client/elasticsearch-rest-high-level-client/7.17.1/elasticsearch-rest-high-level-client-7.17.1.module'.
            > Could not GET 'https://repox.jfrog.io/repox/sonarsource/org/elasticsearch/client/elasticsearch-rest-high-level-client/7.17.1/elasticsearch-rest-high-level-client-7.17.1.module'. Received status code 401 from server: Unauthorized
   > Could not find org.elasticsearch:elasticsearch:.
     Required by:
         project :sonar-application > project :server:sonar-main

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/6.8.2/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 2s

My hypothesis is Gradle tries to download a Gradle module file (ie. .module). As far as I know it always tries to download such a file because it prefers it over a POM. However normally it will get a 404 and move on to using a POM. However it now gets a 401 which it treats as an error rather then moving on.

I’ve tried multiple versions besides 9.4.0.54424.

jacek.poreda · June 21, 2022, 8:55am

Hello @jasper ,

I’ve just tried to build SonarQube on a raw machine and it worked perfectly fine.

The error you got is about being unauthorized:

Received status code 401 from server: Unauthorized

I was able to reproduce that issue when I’ve set invalid credentials for JFrog instance we use internally.

Could it be you have set one of these variables? If yes, could you clear them and try building again?

Env variables

ARTIFACTORY_PRIVATE_USERNAME
ARTIFACTORY_PRIVATE_PASSWORD

Gradle properties:

artifactoryUsername
artifactoryPassword