Hi Team,
In SnarQube, how can we handle the error exception, so that the pipeline fails graceful and status of the stages reflects the actual state of execution.
Regards,
Nagaraj
Hi Nagaraj,
Itâs not clear to me what youâre asking. Can you give some details on whatâs happening that you want not to happen?
Ann
Hi Ann,
This is our Sonar Scanner code,
if ! [[ -z â$CHANGE_IDâ ]]; then
SONAR_ARGS="-Dsonar.pullrequest.key=$CHANGE_ID -Dsonar.pullrequest.branch=$CHANGE_BRANCH -Dsonar.pullrequest.base=CHANGE_TARGET"
fi
/sonar/sonar-scanner-4.4.0.2170-linux/bin/sonar-scanner -Dsonar.projectKey=simple_web_if {SONAR_ARGS} -Dsonar.sources=/source -Dsonar.host.url=https://mywizard-orange.scpmtk.com/sonar -Dsonar.login=${SONAR_TOKEN} -Dsonar.cfamily.build-wrapper-output=/sonar/build-output/ || true
fi
In one of the Jenkins build as shown below, the sonar execution has failed but it status of the stage did not reflected the failed state of execution on the Job.
Attached the jenkins job
12:44:44 INFO: More about the report processing at http://sonar.ethan.svc.cluster.local:9001/sonar/api/ce/task?id=AXSVw_43KQ7tSFV_TEdo
12:44:44 INFO: Executing post-job âForbidden Configuration Breakerâ
12:44:44 INFO: Executing post-job âQuality Gate Breakerâ
12:44:44 INFO: ------------------------------------------------------------------------
12:44:44 INFO: EXECUTION FAILURE
12:44:44 INFO: ------------------------------------------------------------------------
12:44:44 INFO: Total time: 2:42.288s
12:44:44 INFO: Final Memory: 55M/187M
12:44:44 INFO: ------------------------------------------------------------------------
12:44:44 ERROR: Error during SonarScanner execution
12:44:44 java.lang.IllegalStateException: Fail to request http://sonar.ethan.svc.cluster.local:9001/sonar/api/ce/task?id=AXSVw_43KQ7tSFV_TEdo
12:44:44 at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:190)
12:44:44 at org.sonarqube.ws.client.HttpConnector.get(HttpConnector.java:124)
12:44:44 at org.sonarqube.ws.client.HttpConnector.call(HttpConnector.java:111)
12:44:44 at org.sonar.plugins.buildbreaker.QualityGateBreaker.getAnalysisId(QualityGateBreaker.java:188)
12:44:44 at org.sonar.plugins.buildbreaker.QualityGateBreaker.execute(QualityGateBreaker.java:266)
12:44:44 at org.sonar.scanner.postjob.PostJobWrapper.execute(PostJobWrapper.java:49)
12:44:44 at org.sonar.scanner.postjob.PostJobsExecutor.execute(PostJobsExecutor.java:48)
Hi Ann,
If the SonarQube EXECUTION FAILED then the Jenkins job has to sow the error status and it has to stop the Jenkins pipeline job.
Regards,
Nagaraj
Hi @nagaraj.koppa,
the return status of the scanner is propagated if you remove the || true statement
1 Like
Hi Tobias,
I have removed the true statement, but even the execution failed, it is not through the error, and it is going for the next stage.
Regards,
Nagaraj
Can you share a complete output of the logs of this run? i did some testing on a project and the exit status did propagate as expected so i guess that there might be something in your script or pipeline definition that catches or suppresses the propagation
Hi Tobias,
here is the output ⌠Even the execution has failed.
12:47:37 INFO: EXECUTION FAILURE 12:47:37 INFO: ------------------------------------------------------------------------ 12:47:37 INFO: Total time: 2:55.976s 12:47:37 INFO: Final Memory: 55M/190M 12:47:37 INFO: ------------------------------------------------------------------------ 12:47:37 ERROR: Error during SonarScanner execution 12:47:37 java.lang.IllegalStateException: Project does not pass the quality gate. 12:47:37 at org.sonar.plugins.buildbreaker.QualityGateBreaker.checkQualityGate(QualityGateBreaker.java:242) 12:47:37 at org.sonar.plugins.buildbreaker.QualityGateBreaker.execute(QualityGateBreaker.java:268) 12:47:37 at org.sonar.scanner.postjob.PostJobWrapper.execute(PostJobWrapper.java:49) 12:47:37 at org.sonar.scanner.postjob.PostJobsExecutor.execute(PostJobsExecutor.java:48) 12:47:37 at org.sonar.scanner.postjob.PostJobsExecutor.execute(PostJobsExecutor.java:39) 12:47:37 at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:368) 12:47:37 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137) 12:47:37 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123) 12:47:37 at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:144) 12:47:37 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137) 12:47:37 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123) 12:47:37 at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72) 12:47:37 at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66) 12:47:37 at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46) 12:47:37 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 12:47:37 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 12:47:37 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 12:47:37 at java.base/java.lang.reflect.Method.invoke(Unknown Source) 12:47:37 at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60) 12:47:37 at com.sun.proxy.$Proxy0.execute(Unknown Source) 12:47:37 at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189) 12:47:37 at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138) 12:47:37 at org.sonarsource.scanner.cli.Main.execute(Main.java:112) 12:47:37 at org.sonarsource.scanner.cli.Main.execute(Main.java:75) 12:47:37 at org.sonarsource.scanner.cli.Main.main(Main.java:61) 12:47:37 ERROR: 12:47:37 ERROR: Re-run SonarScanner using the -X switch to enable full debug logging. 12:47:37 + rm -rf /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp 12:47:37 + mkdir -p /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp 12:47:37 + cp /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/âŚ//build/output/simple-web-if-amd64-Linux.deb /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp/ 12:47:37 + cp /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/app/run.sh /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/app/simple-web-if.service /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp/ 12:47:37 + cp /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/âŚ//demo_files/exiv2_vulnerable/exiv2 /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp/ 12:47:37 + chmod +x /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp/run.sh 12:47:37 + bash /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/signer.sh /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/output /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/cert/private.key /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/cert/public.crt 12:47:37 /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package 12:47:37 exiv2 12:47:37 run.sh 12:47:37 simple-web-if-amd64-Linux.deb 12:47:37 simple-web-if.service 12:47:37 /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package 12:47:37 Verification successful 12:47:37 /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/output/bundle /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package 12:47:37 app_bundle.tar.gz 12:47:37 signature 12:47:37 /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package 12:47:37 You can use .tar output placed at the following path as your bundle; 12:47:37 /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/output/bundle/archive.tar 12:47:37 + mv /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/output/bundle/archive.tar /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/output/bundle/simple-web-if-amd64.tar 12:47:37 + echo amd64 12:47:37 + rm -rf /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tmp 12:47:37 [Pipeline] } 12:47:37 [Pipeline] // withCredentials
can you print the status code of the scanner (echo $? ) before you run this rm -rf?
for me it looks like there is more going on in this stage then just the sonarqube scanner that is executed after the scanner has terminated. maybe you need to do a set -o pipefail in your scripts?
Hi Tobias,
echo $? returned the value 0
12:59:05 + echo 0
12:59:05 0
12:59:05 + rm -rf /mnt/ebs/jenkins/workspace/nents_simple_web_if_vulnerable_4/package/tm