How to run "npm install" with container image sonarsource/sonar-scanner-cli:latest?

  • SonarScanner 5.0.1.3006
  • SonarQube 9.9.0.65466

I’ve followed the instructions provided by SonarQube to set up scanning of a repo hosted on GitLab. The project’s CI YAML file has this block:

sonarqube-check:
  image:
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
    GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - sonar-scanner
  allow_failure: true
  only:
    - merge_requests
    - dev

When running a scan, the following is emitted:

WARN: Could not find tsconfig.json: /node_modules/@tsconfig/node18/tsconfig.json; falling back to an empty configuration.

WARN: At least one tsconfig.json was not found in the project. Please run ‘npm install’ for a more complete analysis. Check analysis logs for more details.

However, if I try adding npm install before sonar-scanner is called, the run fails because the command “npm” cannot be found. If I look at sonar-scanner-cli-docker/5/Dockerfile at master · SonarSource/sonar-scanner-cli-docker (github.com), though, I can see that nodejs is installed and that should include the npm command.

I’m guessing that npm is installed but it isn’t findable on $PATH.

What do I need to do in order to be able to use npm with the official sonar-scanner-cli container image?

So … I don’t know if I was looking at the wrong Dockerfile or what, but it turns out that the container is running Alpine.

We use yarn instead of npm, so I’ve added the following commands to the CI file before running Sonar scanner:

    - apk update && echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
    - apk add yarn
    - yarn install