GitLab CI integration: branch other than `Default Branch` (master) is not autorised

matthieu.daoust · May 11, 2020, 10:09pm

Versions

SonarQube Developer Edition Version 8.1
GitLab Community Edition 12.0.3
sonarsource/sonar-scanner-cli:latest

What are you trying to achieve

I am trying to report to SonarQube using GitLab CI from any branch.

What have you tried so far to achieve this

SonarQube see the report:

From Default Branch within GitLab CI
Localy (using docker) with any branch name (it add a new branch to SonarQube when I set sonar.branch.name to a new name):

docker run -it -v "C:\SRC-PATH:/usr/src" -e SONAR_HOST_URL='https://HOSTNAME' -e SONAR_TOKEN='TOKEN' sonarsource/sonar-scanner-cli:latest

When it work, I can read in the log:

[...]
INFO: Load global settings
DEBUG: GET 200 https://HOSTNAME/api/settings/values.protobuf
[...]
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------

But when I push to an other branch than the default branch (even if that branch name exist in SonarQube), I read this in the log and the job fail:

[...]
INFO: Load global settings
DEBUG: GET 401 https://HOSTNAME/api/settings/values.protobuf
[...]
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------

I have provided SONAR_HOST_URL and SONAR_TOKEN as CI variables.

Here is my sources files:

sonar-project.properties

sonar.projectKey=PROJECT-KEY
sonar.sources=.
sonar.branch.name=tmp

.gitlab-ci.yml

stages:
  - quality

sonarqube-check:
  stage: quality
  image:
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  script:
    - sonar-scanner -X -Dsonar.qualitygate.wait=true -Dsonar.branch.name="${CI_COMMIT_REF_NAME}"
  allow_failure: true

Hypothesis

Is there any GitLab environment variables that interfere with sonar-scanner?
Is there any other SONAR tag that need to be set in order to report to a specific branch in SonarQube? (or to create a new branch when it is not yet a SonarQube branch?)

Thanks in advance.

dmeneses · May 12, 2020, 4:30pm

Hi,
Unless the SONAR_TOKEN is not available for certain builds in GitLab, there shouldn’t be a problem.
I don’t think the failing WS (api/settings/values) even requires authentication at all.
Do you have a proxy between GitLab and SonarQube that could be blocking the access?

matthieu.daoust · May 12, 2020, 5:38pm

I had set SONAR_TOKEN to protected in CI variables, so SONAR_TOKEN was only available in protected branch.

To solve the problem, in GitLab, unset protected from SONAR_TOKEN or protect all branch needed to analyse.

Thanks a lot

system · May 19, 2020, 5:38pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GitLab vs Sonarqube Default Branch SonarQube Server / Community Build sonarqube , gitlab , bug	7	793	June 14, 2023
SonarQube 8.9 - Git default branch not being passed SonarQube Server / Community Build 8-9-lts-upgrade	3	534	July 12, 2021
Problem with GitLab integration when analisys code in merge request SonarQube Cloud	6	1266	June 3, 2022
Creating and analyzing projects from Gitlab to SonarCloud SonarQube Cloud gitlab	5	2181	October 5, 2021
Sonar branch auto-configuring SonarQube Cloud scanner , sonarqube-cloud	5	2308	June 26, 2020