Example code and script for .NET does not work with Gitlab CI

Philippe_Meunier · November 26, 2024, 3:37pm

I’m using Sonarqube Developer for most of my projects which are coded in PHP, but I also have a solution which is in VB.NET and C# (using .NET 8) and I would like to have it scanned too. I noticed that the CLI scanner does not work for .NET projects, so I headed to doc to see how it should be done. I ended up using the .NET scanner as described here : Adding SonarQube analysis to GitLab CI/CD

The example code for Gitlab CI does not work, it fails to install openjdk-17-jre:

$ apt-get install --yes openjdk-17-jre
[30](https://gitlab.mycompany.com/my-projects/dot-net/-/jobs/13394#L30)Reading package lists...
[31](https://gitlab.mycompany.com/my-projects/dot-net/-/jobs/13394#L31)Building dependency tree...
[32](https://gitlab.mycompany.com/my-projects/dot-net/-/jobs/13394#L32)Reading state information...
[33](https://gitlab.mycompany.com/my-projects/dot-net/-/jobs/13394#L33)E: Unable to locate package openjdk-17-jre

Am I doing something wrong ? If not, how can this work and where should I report a bug in the documentation ?

Colin · November 28, 2024, 9:54am

Hey there.

I’m pretty sure this is going to be unique to your environment. Linux distros can surely install a package called openjdk-17-jre (I just did so on an Ubuntu VM).

Can you tell me more about your environment? What version/flavor of Linux, etc…

Philippe_Meunier · November 28, 2024, 1:36pm

Hi Colin,

Thanks for your answer, but I’m pretty sure it doesn’t have anything to do with my Linux distro, but more with the docker image provided in the documentation. My pipeline runs on a Linux host (Ubuntu 20.04.6), with a docker gitlab runner.

Here is what it looks like from the doc :

sonarqube-check:
  image: mcr.microsoft.com/dotnet/core/sdk:latest
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script: 
      - "apt-get update"
      - "apt-get install --yes openjdk-17-jre"
      - "dotnet tool install --global dotnet-sonarscanner"
      - "export PATH=\"$PATH:$HOME/.dotnet/tools\""
      - "dotnet sonarscanner begin /k:\"projectKey" /d:sonar.token=\"$SONAR_TOKEN\" /d:\"sonar.host.url=$SONAR_HOST_URL\" "  #Replace "projectKey" with your project key
      - "dotnet build"
      - "dotnet sonarscanner end /d:sonar.token=\"$SONAR_TOKEN\""
  allow_failure: true
  only:
    - merge_requests
    - master
    - main
    - develop

It looks like openjdk-17-jre cannot be installed in mcr.microsoft.com/dotnet/core/sdk:latest

Is the doc incorrect at this point ? Is it something else I’m missing ?

Colin · November 28, 2024, 2:35pm

I get the results you do when I don’t run apt-get update first, as documented. Is that possibly happening in your pipeline?

Here’s what it looks like for me:

colinmueller@colins-macbook-air ~ % docker run -it mcr.microsoft.com/dotnet/sdk

root@d5a56e7eef09:/# apt-get install --yes openjdk-17-jre
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package openjdk-17-jre
root@d5a56e7eef09:/# apt-get update
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main arm64 Packages [8688 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main arm64 Packages [2708 B]
Get:6 http://deb.debian.org/debian-security bookworm-security/main arm64 Packages [203 kB]
Fetched 9147 kB in 1s (9941 kB/s)                         
Reading package lists... Done
root@d5a56e7eef09:/# apt-get install --yes openjdk-17-jre
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
...
done.

Philippe_Meunier · November 28, 2024, 2:53pm

It looks like this on my side:

$ apt-get update
Get:1 http://deb.debian.org/debian buster InRelease [122 kB]
Get:2 http://deb.debian.org/debian-security buster/updates InRelease [34.8 kB]
Get:3 http://deb.debian.org/debian buster-updates InRelease [56.6 kB]
Get:4 http://deb.debian.org/debian buster/main amd64 Packages [7909 kB]
Get:5 http://deb.debian.org/debian-security buster/updates/main amd64 Packages [610 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [8788 B]
Fetched 8741 kB in 2s (4814 kB/s)
Reading package lists...
$ apt-get install --yes openjdk-17-jdk
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package openjdk-17-jdk
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

But I think I have something here, it’s using “buster” debian release (your’s is using bookworm)… so possibly a cached image of mcr.microsoft.com/dotnet/sdk. I’ll see if I remove the cache or avoid using it.

Philippe_Meunier · November 28, 2024, 3:15pm

That was it, I added a pull_policy to my pipeline job and now it pulls the new version of the image, fixing the issue:

sonarqube-check:
  image: 
    name: mcr.microsoft.com/dotnet/sdk:latest
    pull_policy: always
...

Thanks a lot for your help Colin

Colin · November 28, 2024, 3:26pm

Happy to help! Glad you’re able to move forwards. Don’t hesitate to raise a new thread if you run into another issue.

system · December 5, 2024, 3:26pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.