Trying to run analysis on a angular project AzureDevops pipeline.
We keep getting the same error whenever it reaches the task " Prepare Analysis Configuration"
##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"}
Actual version of extension being used in our Azure devops organization is 4.23.1 (Latest).
Our sonar is running on a public server with an Entrust signed certificate (it is not selfsigned).
We are using Azure Devops public agents to run all of the tasks in the pipeline.
So far we’ve tried:
Downloading the cert to the task running agent and setting the NODE_EXTRA_CA_CERTS variable.
Importing the certificate to the cacerts keystore using keytool -import ... command.
Installing ssl-root-cas using npm install ssl-root-cas
Reinstalling the sonarqube extension.
Recreating the Service Connection to our Sonarqube.
Can you please attach the full DEBUG logs of your Sonar analysis in your pipeline? Add sonar.verbose=true to the extraProperties key in SonarQubePrepare task with Azure pipelines yaml.
Right before the SonarQubePrepare step we are running these preparatory steps, but none of them work:
1.- npm install --save node_extra_ca_certs_mozilla_bundle
2.- npm config set strict-ssl false
3.- npm install ssl-root-cas
4.- We download our Entrust signed public certificate to the agent running the tasks.
5.- Copy the cert to /etc/ssl/certs in the Azure Devops agent running our tasks.
6.- Run keytool -import -trustcacerts -alias evobanco -keystore cacerts -file $(PATH_TO_OUR_CERTIFICATE) -storepass changeit -noprompt
7.- Set NODE_EXTRA_CA_CERTS with the path of our just downloaded certificate
8.- Run sudo update-ca-certificates
9.- npm config set cafile $(PATH_TO_OUR_CERTIFICATE)
10.- npm run build
These are the main extra sonar properties passed to this step:
sonar.clientcert.path=/etc/ssl/certs/OURCERTIFICATE.pem
sonar.projectKey=*******
sonar.host.url=https://********.com:2443/sonarqube
sonar.verbose=true
Hi @mickaelcaro
we are not using a dedicated agent, the pipeline uses the Azure Devops hosted agent pool in which we can only specify the OS version. The agents in this pool are not controlled by us, the dedicated agents are created and destroyed for the only purpose of executing the pipeline jobs and are also not reachable via ssh or any other methods.
I will try to use a dedicated agent though.