Gradle SonarJava scan fails

java
scanner
sonarjava
sonarqube

(Ben Dennerley) #1

Hi there,

We have the DE of on-prem SonarQube and got the following error:
Unable to load component class org.sonar.scanner.phases.AbstractPhaseExecutor

We dug a bit deeper and got these logs. We are on SonarQube 7.3, SonarJava 5.6.1. Attached is the debug logs.debug.txt (40.6 KB)

It seems like the main problem is Caused by: org.eclipse.jgit.errors.MissingObjectException: Missing tree 59dac314a59bf7feeefebb4a21bcf0d100dc8a20 but we can’t find out where it is getting this commit sha from as GitHub reports it doesn’t exist.


Significantly slower performance on 7.3 vs 6.7.5
(Dinesh Bolkensteyn) #2

Internally, Git maintains SHA1s for file contents (also called blobs), directory structures (called trees) and finally commits, which consist of a pointer to a specific tree’s SHA1 and some metadata such as the commit author and message. Typically, one only works with the SHA1 of commits, which are easy to explore through GitHub’s UI. Now, the error message in the logs explicitly mentions a tree.

The first thing that comes to my mind: Did you do any kind of shallow (or limited depth) clone on your project on the server that performs the analysis? If so, can you please retry with a full clone?

If you are interested in investigating this further, tree SHA1s can be explored via GitHub API as documented here: https://developer.github.com/v3/git/trees/#get-a-tree Beware that you’ll need to authenticate in order to get any meaningful results on private repositories.


(Ben Dennerley) #3

Finally figured it out, so I’ll write something up for anyone looking at this after me.

It wasn’t caused by a shallow clone, and the commit SHA JGit was spitting out was not related in any way.

Basically, we clone the repository using Jenkin’s checkout scm step, and use a reference repository mounted on a network share. By default, when using a reference repository git does not copy across all objects, and will instead include links to the original reference repository to save time/space. The SonarQube scanner was not able to handle this, so we needed to run git repack -a after Jenkins clones the repository to repack everything into the local git repository.