Github sonarqube-scan-action host resolution fails when using rootless dind

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarScanner 5.0.1.3006
  • how is SonarQube deployed: zip, Docker, Helm
    Docker
  • what are you trying to achieve
    Use github actions to run a sonar scan using rootless docker-in-docker
  • what have you tried so far to achieve this
    sonarqube-scan-action works without issue with root dind, but rootless dind throws UnknownHostException

I am behind a firewall using Github Action Runner Controller self hosted runners. We are switching to rootless dind runners. The workflows for sonar scans run successfully with root dind, but when we run with rootless dind we get a UnknownHostException.

The helm values file that we use to create the root dind runners that run successfully look very much like actions-runner-controller/charts/gha-runner-scale-set/values.yaml at master · actions/actions-runner-controller · GitHub. We basically un-comment the container template and add env variables for our proxy

The helm values for the unsuccessful rootless dind runners is much like Add an option to use rootless DinD by 0xiso · Pull Request #2919 · actions/actions-runner-controller · GitHub. Again, we add env variables for proxy

My workflow action is:

  - name: SonarQube
	uses: SonarSource/sonarqube-scan-action@master
	env:
	  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	  SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
	  SONAR_SCANNER_OPTS: "-Dhttp.proxyHost=${{ inputs.proxyHost }} -Dhttp.proxyPort=${{ inputs.proxyPort }} -Dhttps.proxyHost=${{ inputs.proxyHost }} -Dhttps.proxyPort=${{ inputs.proxyPort }} -Dhttp.nonProxyHosts=${{ inputs.nonProxyHosts }} -Dhttps.nonProxyHosts=${{ inputs.nonProxyHosts }}"

The log showing the UnknownHostException is below. Scanner option inputs are proxyHost=my.proxy.com and proxyPort=1234. It’s as if the DNS is not being picked up correctly:

    JAVA_HOME: /home/runner/_work/_tool/Java_Temurin-Hotspot_jdk/17.0.10-7/x64
    JAVA_HOME_17_X64: /home/runner/_work/_tool/Java_Temurin-Hotspot_jdk/17.0.10-7/x64
    GITHUB_TOKEN: ***
    SONAR_TOKEN: ***
    SONAR_HOST_URL: ***
    SONAR_SCANNER_OPTS: -Dhttp.proxyHost=my.proxy.com -Dhttp.proxyPort=1234 -Dhttps.proxyHost=my.proxy.com -Dhttps.proxyPort=1234 -Dhttp.nonProxyHosts=localhost|127.0.0.1|*.svc.local
/usr/bin/docker run --name dff6bc307a90005343bfa284da42cb23da14_37af80 --label 71dff6 --workdir /github/workspace --rm -e "JAVA_HOME" -e "JAVA_HOME_17_X64" -e "GITHUB_TOKEN" -e "SONAR_TOKEN" -e "SONAR_HOST_URL" -e "SONAR_SCANNER_OPTS" -e "INPUT_ARGS" -e "INPUT_PROJECTBASEDIR" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_DEBUG" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true --entrypoint "/entrypoint.sh" -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/_work/_temp/_github_home":"/github/home" -v "/home/runner/_work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/_work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/_work/my-repository/my-repository":"/github/workspace" 71dff6:bc307a90005343bfa284da42cb23da14
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /github/workspace/sonar-project.properties
15:56:34.840 INFO: SonarScanner 5.0.1.3006
15:56:34.848 INFO: Java 17.0.8 Alpine (64-bit)
15:56:34.848 INFO: Linux 5.15.0-1057-azure amd64
15:56:34.850 INFO: SONAR_SCANNER_OPTS=-Dhttp.proxyHost=my.proxy.com -Dhttp.proxyPort=1234 -Dhttps.proxyHost=my.proxy.com -Dhttps.proxyPort=1234 -Dhttp.nonProxyHosts=localhost|127.0.0.1|*.svc.local
15:56:35.046 DEBUG: keyStore is : 
15:56:35.046 DEBUG: keyStore type is : pkcs12
15:56:35.046 DEBUG: keyStore provider is : 
15:56:35.047 DEBUG: init keystore
15:56:35.047 DEBUG: init keymanager of type SunX509
15:56:35.173 DEBUG: Create: /opt/sonar-scanner/.sonar/cache
15:56:35.173 INFO: User cache: /opt/sonar-scanner/.sonar/cache
15:56:35.173 DEBUG: Create: /opt/sonar-scanner/.sonar/cache/_tmp
15:56:35.175 DEBUG: Extract sonar-scanner-api-batch in temp...
15:56:35.177 DEBUG: Get bootstrap index...
15:56:35.177 DEBUG: Download: ***/batch/index
15:56:35.294 ERROR: SonarQube server [***] can not be reached
15:56:35.294 INFO: ------------------------------------------------------------------------
15:56:35.295 INFO: EXECUTION FAILURE
15:56:35.295 INFO: ------------------------------------------------------------------------
15:56:35.295 INFO: Total time: 0.498s
15:56:35.308 INFO: Final Memory: 4M/61M
15:56:35.309 ERROR: Error during SonarScanner execution
15:56:35.309 INFO: ------------------------------------------------------------------------
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
	at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
	at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
	at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
	at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
	at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
	... 7 more
Caused by: java.net.UnknownHostException: my.proxy.com: Name does not resolve
	at java.base/java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
	at java.base/java.net.InetAddress$PlatformNameService.lookupAllHostAddr(InetAddress.java:934)
	at java.base/java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1543)
	at java.base/java.net.InetAddress$NameServiceAddresses.get(InetAddress.java:852)
	at java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1533)
	at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1385)
	at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1306)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Dns.lambda$static$0(Dns.java:39)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RouteSelector.resetNextInetSocketAddress(RouteSelector.java:171)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RouteSelector.nextProxy(RouteSelector.java:135)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RouteSelector.next(RouteSelector.java:84)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:187)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:81)
	at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:115)
	at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:99)
	at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
	... 10 more
15:56:35.311 ERROR: 
15:56:35.311 ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
##[debug]Docker Action run completed with exit code 1
##[debug]Finishing: SonarQube

Hi,

Welcome to the community!

Sorry, but this is a bit out of scope for us.

 
Ann

Ah shoot, ok. This is the only dind workflow that we have had a problem with. I had hoped that someone has seen this issue before but that may not be the case. I’ll dig a bit deeper into sonarqube-scan-action.

Thanks