Jenkins pipeline sonarqube quality gate webhook didn't match the configured webhook secret

diniguez · February 15, 2022, 3:52pm

I had a jenkins declarative pipeline with a sonarqube scanner up and running.

I have had a problem when I have configured in sonar the “force user authentication” setting. After having configured it, I changed the Sonarqube Server configuration in Jenkins, selecting the proper admin token.

I’m using the last version of sonarqube plugin for jenkins.

This is the extract of my jenkins declarative pipeline of sonar:

stage('Sonarqube scan') {
            environment {
                scannerHome = tool 'SonarQubeScanner'
                SONAR_API_TOKEN=credentials('sonar_api_token')
            }
            steps {
                withSonarQubeEnv('sonarqube') {
                    sh '''$scannerHome/bin/sonar-scanner \
                    -Dsonar.projectKey=${SONAR_PROJECT} \
                    -Dsonar.projectName=${SONAR_PROJECT} \
                    -Dsonar.exclusions=**test**,**setup.py \
                    -Dsonar.projectVersion=0.4.0 \
                    -Dsonar.python.coverage.reportPaths=${WORKSPACE}/report.xml \
                    -Dsonar.sourceEncoding=UTF-8'''
                }
            }
        }
        stage('Sonarqube quality gate') {
            steps {
                timeout(time: 10, unit: 'MINUTES') {
                    waitForQualityGate abortPipeline: true
                }
            }
        }

And I get the following error from the jenkins pipeline log:

The incoming webhook didn't match the configured webhook secret

I have refreshed the sonarqube admin user token but it still does not work. I have made sure that admin user can run analisys and have the right permissions.

EDIT: I’m creating the project and its webhook via API, with the followings curls:

curl -s -X POST -u "${SONAR_API_TOKEN}:" "http://sonarurl:9000/api/projects/create" -d "name=${SONAR_PROJECT}&project=${SONAR_PROJECT}&visibility=public" 

curl -s -X POST -u "${SONAR_API_TOKEN}:" "http://sonarurl:9000/api/webhooks/create" -d "name=jenkins&project=${SONAR_PROJECT}&url=https://jenkinsurl:8443/sonarqube-webhook/"

Also, Jenkins (standalone in machine) has a certificate and goes through https 8443 port and sonarqube http 9000 (in docker).

In Sonarqube, the task has a SUCCESSFUL status and to me, it is like Jenkins is not capable of retrieving the successful status from sonarqube and I don’t understand why because the scanner is running perfectly and I have reviewed the logs and I didn’t see anything.

What could be the problem?

Colin · February 16, 2022, 12:51pm

Hey there.

A Webhook Secret has probably been configured under Manage Jenkins > Configure System > SonarQube Server > Advanced > Webhook Secret. If you aren’t creating webhooks with a matching secret… the Scanner for Jenkins will fail.

Either you need to create the webhook with the matching secret, or remove the secret from your Jenkins-side SQ server configuration.

See the documentation on the SonarScanner for Jenkins (including Configuring a webhook secret) and Webhooks.

diniguez · February 16, 2022, 6:53pm

That was it! Thanks so much.

system · February 23, 2022, 6:53pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.