GitHub Actions throws java error at end of analysis, NoClassDefFoundError

I have tried to scan a github repository several ways with no luck. I have tried the sonarqube official scanner, the dotnet scanner and the angular scanner with similar results.

This is the output at the end of the angular scanner:

13:26:07.951 DEBUG: The worker thread exited with code 0
1167913:26:07.951 DEBUG: The bridge server shut down
1168013:26:07.951 INFO: Rule | Time (ms) | Relative
1168113:26:07.951 INFO: :----|----------:|--------:
1168213:26:10.594 INFO: Analysis total time: 1:53.429 s
1168313:26:10.597 INFO: ------------------------------------------------------------------------
1168413:26:10.597 INFO: EXECUTION SUCCESS
1168513:26:10.598 INFO: ------------------------------------------------------------------------
1168613:26:10.598 INFO: Total time: 1:55.664s
1168713:26:11.441 INFO: Final Memory: 415M/1387M
1168813:26:11.441 INFO: ------------------------------------------------------------------------
11689Error: Exception in thread “Thread-1” java.lang.NoClassDefFoundError: ch/qos/logback/classic/spi/ThrowableProxy
11690 at ch.qos.logback.classic.spi.LoggingEvent.(LoggingEvent.java:145)
11691 at ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:424)
11692 at ch.qos.logback.classic.Logger.filterAndLog_0_Or3Plus(Logger.java:386)
11693 at ch.qos.logback.classic.Logger.error(Logger.java:543)
11694 at org.eclipse.jgit.internal.util.ShutdownHook.cleanup(ShutdownHook.java:87)
11695 at java.base/java.lang.Thread.run(Thread.java:1583)
11696Caused by: java.lang.ClassNotFoundException: ch.qos.logback.classic.spi.ThrowableProxy
11697 at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
11698 at org.sonarsource.scanner.api.internal.IsolatedClassloader.loadClass(IsolatedClassloader.java:82)
11699 at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
11700 … 6 more

This is the output at the end of the dotnet scanner:
INFO: Time spent writing ucfgs 0ms
9279INFO: Analysis total time: 1:12.702 s
9280INFO: ------------------------------------------------------------------------
9281INFO: EXECUTION SUCCESS
9282INFO: ------------------------------------------------------------------------
9283INFO: Total time: 1:15.355s
9284INFO: Final Memory: 38M/134M
9285INFO: ------------------------------------------------------------------------
9286Error: Exception in thread “Thread-1” java.lang.NoClassDefFoundError: ch/qos/logback/classic/spi/ThrowableProxy
9287 at ch.qos.logback.classic.spi.LoggingEvent.(LoggingEvent.java:145)
9288 at ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:424)
9289 at ch.qos.logback.classic.Logger.filterAndLog_0_Or3Plus(Logger.java:386)
9290 at ch.qos.logback.classic.Logger.error(Logger.java:543)
9291 at org.eclipse.jgit.internal.util.ShutdownHook.cleanup(ShutdownHook.java:87)
9292 at java.base/java.lang.Thread.run(Thread.java:1583)
9293Caused by: java.lang.ClassNotFoundException: ch.qos.logback.classic.spi.ThrowableProxy
9294 at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
9295 at org.sonarsource.scanner.api.internal.IsolatedClassloader.loadClass(IsolatedClassloader.java:82)
9296 at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
9297 … 6 more
9298The SonarScanner CLI has finished
929913:22:31.71 Post-processing succeeded.

I have tried using java 17, 21, and 22 from a variety of distributions including oracle which seems to be recommended from several blog posts on the sonarqube forums.

Can you help me understand what needs to be setup to allow the analysis to upload properly?

Difficult to answer the question since we don’t know how u configure ur GHA. In the meantime, do you want try sonarless GHA first to see if it works. It is a local version of sonarqube installed in ubuntu-latest… see if that works first.

We have 10.5.1 sonarqube
GHA setup
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

  - name: Set up JDK 17
    uses: actions/setup-java@v4
    with:
      distribution: 'temurin'
      java-version: 17

  - name: Use Node.js 18.18.2
    uses: actions/setup-node@v4
    with:
      node-version: "18.18.2"

  - name: Install dependencies
    working-directory: omitted
    run: npm ci

  - name: Cache SonarQube packages
    uses: actions/cache@v4
    with:
      path: ~\.sonar\cache
      key: ${{ runner.os }}-sonar
      restore-keys: ${{ runner.os }}-sonar

  - name: Setup VSTest
    uses: darenm/Setup-VSTest@v1.3

  - name: Cache SonarQube scanner
    id: cache-sonar-scanner
    uses: actions/cache@v4
    with:
      path: .\.sonar\scanner
      key: ${{ runner.os }}-sonar-scanner
      restore-keys: ${{ runner.os }}-sonar-scanner

  - name: Install SonarQube scanner
    if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
    shell: powershell
    run: |
      New-Item -Path .\.sonar\scanner -ItemType Directory
      dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
  - name: Build and analyze C Sharp
    shell: powershell
    run: |
      .\.sonar\scanner\dotnet-sonarscanner begin /k:"key" /d:sonar.cs.opencover.reportsPaths=**/TestResults/**/*.opencover.xml /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}"
      msbuild Source/file.sln /t:"Restore;Build" /property:Configuration=Release
      vstest.console.exe source\**\bin\**\*Tests.dll
      .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
  - name: Build and analyze Angular
    working-directory: omitted
    shell: powershell
    run: |
      npm run test-headless-codecoverage
      npm run sonar -- -D sonar.token="${{ secrets.SONAR_TOKEN }}"

If the java path is set properly, what else may be pointing at the wrong java path?

Seems like you are using a windows runner ? I am looking at your GHA… it looks difficult to troubleshoot on your behalf. Are u using ubuntu-latest or windows as your container ?

Lastly, do you have a GitHub repo (public boss) that I can try with my setup (that has this problem)? I am just using self hosted sonarqube server and scanner as a docker.

Sorry for not including the runner. It is the windows-latest.

Since I am having the same issue with both the C# and angular sonar scanners, if you have a simple angular app, it may be easier to replicate.

If you have advice for adding debugging, I have tried several things and nothing has returned anything useful. I am assuming at about where the scan is supposed to upload its results, it throws this error. I can provide more of the log if it is helpful.

Hey @phil.shaff

Based on the logs, the analysis was successful!

What you see at the end

Is some noise that got cleaned up in the latest release, SonarQube v10.6.

What do you see in the UI that makes you think analysis wasn’t successful? There should be a link at the end of the logs (before the noise) to your project analysis.

My assumption that the analysis was not successful was the lack of information reported to sonarqube for the pull request. I have no code coverage statistics at all for the C# or angular code.

• If you’re analyzing a Pull Request, be aware that the analysis will only show the changed lines of the project. If, for example, you’ve only edited the GitHub Actions YML file in this pull request… the PR will show as empty since SonarCloud doesn’t scan GitHub Actions YML files.
• Since you’re analyzing .NET, make sure you use the dotnet scanner (as you have in the GitHub Actions YML snippet you shared before)

I would suggest removing this bit:

As you should only have one scanner running against your project (or you’ll overwrite the previous results).

I would suggest focusing on coverage only after you’re sure your main branch scan is working.