No results to the SonarQube server, but it looks like it's running

SonarQube
, ,
1

Hi,

I’m using SonarQube 9.3 and the Kotlin Gradle plugin 3.3. This is hosted on a GitLab server and sitting on Linux.

I’ve gone through and configured the SonarQube plugin according to the steps explained on SonarQube server,

This is the output on the GitLab Server with a successful run of SonarQube.

Running with gitlab-runner 13.9.0 (2ebc4dc4)
  on docker-02 da50a737
Preparing the "docker" executor
00:01
Using Docker executor with image gradle:jre11-slim ...
Using locally found image version due to "if-not-present" pull policy
Using docker image sha256:3db0f5822fb0a9b133c16a54339f0fce2f173c8defb36db14e2ed809f399763a for gradle:jre11-slim with digest docker.io/gradle@sha256:a46bc1557bdfb12f9a521a75322f70f96704651e32726f1afd6ae702687f6d12 ...
Preparing environment
00:00
Getting source from Git repository
00:22
Fetching changes with git depth set to 999999...
Initialized empty Git repository in /builds/OX/sas/si/.git/
Created fresh repository.
Checking out 3ee2f54c as master...
Updating/initializing submodules recursively...
Submodule 'data-dictionary' (https://gitlab-ci-token:[MASKED]@cl-gitlab.cl.net/OX/sas/data-dictionary.git) registered for path 'data-dictionary'
Cloning into '/builds/OX/sas/si/data-dictionary'...
Submodule path 'data-dictionary': checked out 'fd6c339d3664678be2fe64c8e47e79e378b608fe'
Entering 'data-dictionary'
Restoring cache
00:00
Checking cache for sonarqube-check...
No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted. 
Successfully extracted cache
Downloading artifacts
00:01
Downloading artifacts for compile (8558)...
Downloading artifacts from coordinator... ok        id=8558 responseStatus=200 OK token=gGyMnso7
Executing "step_script" stage of the job script
00:00
Using docker image sha256:3db0f5822fb0a9b133c16a54339f0fce2f173c8defb36db14e2ed809f399763a for gradle:jre11-slim with digest docker.io/gradle@sha256:a46bc1557bdfb12f9a521a75322f70f96704651e32726f1afd6ae702687f6d12 ...
$ exit
Saving cache for successful job
00:01
Creating cache sonarqube-check...
.sonar/cache: found 1 matching files and directories 
Archive is up to date!                             
Created cache
Cleaning up file based variables
00:00
Job succeeded

However, when I try to see the output of the scan, I see nothing. It just has the project’s 4 configuration steps completed and the spinning circle with the words “Waiting for the first analysis to come in…”

I don’t really see any errors in the GitLab results. And I don’t know what a good run looks like. I did verify that I am using the correct SONAR_TOKEN. I generated the environment variable for GitLab twice, and I have synced that with the GitLab server. The above output is with sonarqube running in debug mode. I’m not sure what else to check. It did tell me to set the url variable for 127.0.0.1, but I thought that

2

How are your gitlab-ci.yml and build.gradle files configured? Feel free to share them here.

3

gitlab-ci.yml:

image: cicd.cl-registry/ss/si:build

variables:
  GIT_STRATEGY: clone
  GIT_SUBMODULE_STRATEGY: recursive
  CICD_REPOSITORY: cicd.cl-registry
  ARTIFACT_NAME: si-0.0.1-SNAPSHOT.jar
  PATH_TO_ARTIFACT: ./$ARTIFACT_NAME

stages:
  - build
  - test
  - approve
  - deploy

compile:
  stage: build
  script:
    - cd siBackEnd_VM
    - ./build_si.sh
    - cd ../
  artifacts:
    paths:
      - $PATH_TO_ARTIFACT
      - siBackEnd_VM/si/build/classes
    expire_in: 1 hour
  tags:
    - docker
    
checkstyle:
  stage: test
  script: 
    - cd siBackEnd_VM/si
    - gradle checkstyleMain --stacktrace
    - gradle checkstyleTest
  tags:
    - docker
  allow_failure: true

unittest:
  stage: test
  script:
    - cd siBackEnd_VM/si
    - gradle test
  tags:
    - docker

sonarqube-check:
  stage: test
  image: gradle:jre11-slim
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: 999999
    #GIT_DEPTH: 999999 # circumvents shallow cloning
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  before_script:
    - exit 
    - keytool -import -trustcacerts -cacerts -storepass changeit -noprompt -alias artifactory.cer -file .certs/artifactory.cer
  script:
    - cd siBackEnd_VM/si
    - gradle sonarqube -d
  dependencies:
    - compile
  allow_failure: true
  only:
    - master
  tags:
    - docker

approve:
  stage: approve
  script:
    - echo "Approve this job to continue."
  when: manual
  dependencies: []
  allow_failure: false
  only:
    - master
  tags:
    - docker

publish_binary:
  image: $CICD_REPOSITORY/curl:latest
  stage: deploy
  variables:
    REPOSITORY: libs-snapshot-local
    REPOSITORY_PATH: edu/jl/ox/ss/si
  script:
    - 'curl -k -H "Authorization: Bearer ${ARTIFACTORY_ACCESS_TOKEN}" -T "${PATH_TO_ARTIFACT}" "${ARTIFACTORY_URL}/${REPOSITORY}/${REPOSITORY_PATH}/${ARTIFACT_NAME}"'
  dependencies:
    - compile
  only:
    - master
  tags:
    - docker
    
publish_image:
  stage: deploy
  script:
    - docker login --username docker --password $DOCKER_PASSWORD cicd.cl-registry
    - docker build -t $CICD_REPOSITORY/ss/si:0.0.1-SNAPSHOT .
    - docker push $CICD_REPOSITORY/ss/si:0.0.1-SNAPSHOT
  dependencies:
    - compile
  only:
    - master
  tags:
    - docker-shell

build.gradle:

buildscript {
    repositories {
        maven {
            credentials {
                username = "${artifactoryUser}"
                password = "${artifactoryPassword}"
            }
            url 'https://cl-artifactory2:443/libs-release'
        }
        maven {
            credentials {
                username = "${artifactoryUser}"
                password = "${artifactoryPassword}"
            }
            url 'https://cl-artifactory2:443/libs-snapshot'
        }
        maven {
            url 'https://plugins.gradle.org/m2/'
        }
    }
    dependencies {
        classpath("org.springframework.boot:spring-boot-gradle-plugin:2.0.5.RELEASE")
        classpath("org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.3")
    }
}

plugins {
    id 'java'
    id 'checkstyle'
    id 'org.sonarqube' version '3.3' 
}

apply plugin: 'eclipse'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
//apply plugin: 'org.sonarqube'

bootJar {
  launchScript()
}

 test {
    testLogging {
        events "failed"
        exceptionFormat "full"
        showExceptions true
        showCauses true
        showStackTraces true
    }
}

group = 'edu.jl'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '1.8'

repositories {
//    mavenCentral()
    maven {
        credentials {
            username = "${artifactoryUser}"
            password = "${artifactoryPassword}"
        }
        url 'https://cl-artifactory2:443/libs-release'
    }
    maven {
        credentials {
            username = "${artifactoryUser}"
            password = "${artifactoryPassword}"
        }
        url 'https://cl-artifactory2:443/libs-snapshot'
    }
}

dependencies {
    // Spring Boot
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
    implementation 'org.springframework.boot:spring-boot-autoconfigure'
    implementation 'org.springframework.boot:spring-boot'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'

    // Spring
    implementation 'org.springframework:spring-beans'
    implementation 'org.springframework:spring-context'
    implementation 'org.springframework:spring-core'
    implementation 'org.springframework:spring-web'
    implementation 'org.springframework:spring-websocket'
    implementation 'org.springframework:spring-messaging'

    // Spring Security
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.security:spring-security-config'
    implementation 'org.springframework.security:spring-security-core'
    implementation 'org.springframework.security:spring-security-web'
    implementation 'org.springframework.security:spring-security-ldap'
    implementation 'org.springframework.ldap:spring-ldap-core'
    testImplementation 'org.springframework.security:spring-security-test'

    // Swagger
    implementation 'io.swagger:swagger-annotations:1.5.20'
    implementation 'io.springfox:springfox-swagger2:2.9.2'
    implementation 'io.springfox:springfox-swagger-ui:2.9.2'
    implementation 'io.springfox:springfox-core:2.9.2'
    implementation 'io.springfox:springfox-spi:2.9.2'
    implementation 'io.springfox:springfox-spring-web:2.9.2'

    // Mongo
    implementation 'org.mongodb:mongodb-driver-sync:3.9.0'
    implementation 'org.mongodb:mongodb-driver:3.9.0'
    implementation 'org.mongodb:mongodb-driver-core:3.9.0'
    implementation 'org.mongodb:bson:3.9.0'

    // Json
    implementation 'com.fasterxml.jackson.core:jackson-annotations:2.9.0'
    implementation 'com.fasterxml.jackson.core:jackson-core:2.9.6'
    implementation 'com.fasterxml.jackson.core:jackson-databind:2.9.6'
    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.9.6'

    implementation 'junit:junit:4.12'

    implementation 'org.apache.tomcat.embed:tomcat-embed-core:8.5.34'

    implementation 'com.google.guava:guava:23.0'

    implementation 'org.slf4j:slf4j-api:1.7.25'

    implementation files("src/main/resources/COATreeSerialization.jar")
}

sonarqube {
  properties {
    property "sonar.projectKey", "OX_ss_si_AX8NdVlVUmage2vnpv8D"
    property "sonar.qualitygate.wait", true 
  }
}
4

Bump. Just checking in.

Thanks,

Scott

5

Hey Scott.

Based on the logs, it looks like the sonarqube task never runs at all.
What happens when you run gradle sonarqube -d locally in the siBackEnd_VM/si folder?

Any particular reason you add the -d option (which runs it as a daemon) to gradle sonarqube but not your other gradle tasks?

You may also find it useful to add more verbose logging to your gradle comand (--info, ‘–debug’) to understand what’s happening (or not) when Gradle runs.

6

Hey Colin,

So, I changed it to --debug, no change in the output, and I tried --full-stacktrace, no change either.

Any other thoughts?

What should my output look like?

Thanks,

Scott

7

Bump. Just checking in. What do you see that I have done wrong here?

Thanks,

Scott

8

Hey there.

Have you tried this?

And can you answer this question?

9

I used the -d which I saw it was for debug, but I also tried --debug and --full-stacktrace. I got the same information that I reported previously.

As for trying to run that command, I’m pretty sure I tried running it on the GitLab runner with no results in finding the files on there anymore. I’ll double check.