As many of you are aware, since 24 January 24, community plugins can no longer make requests to JFrog via the Orchestrator library. This is due to anonymous access being disabled on JFrog: see SONAR-21476.
As of 2024-02-07T23:00:00Z, a fix has been introduced whereby users can now bypass JFrog entirely by doing the following:
Upgrade Orchestrator version to 4.7.1.1872
Utilize OrchestratorBuilder#setOrchestratorProperty(...) to override the default orchestrator.artifactory.url to central maven (or any other maven repository)
All should work after this
Please note: due to these changes, only the following aliases will work when attempting to download artifacts through Orchestrator:
LATEST_RELEASE for the latest release (in terms of version number, not date)
LATEST_RELEASE[x.y] for the latest release of a series, for example LATEST_RELEASE[5.2]
x.y.z for an exact release including build number
Please refer to the README.md for any other information.
I’m not sure if I should open a new topic or not, but… Unfortunately, this isn’t working anymore because the version numbers are ordered using Comparator.naturalOrder(), which is not the correct way to order them:
As shown in the image below, this is the result after versions.sort:
You are indeed correct. This is a bug and a ticket has been created to deal with it. In the meantime, I suggest using LATEST_RELEASE[10] as this will work.
401 Error While Building SonarQube 7.8 Source Code on macOS 13.4
Hello everyone, I am trying to build the SonarQube 7.8 source code on macOS 13.4. I am using the command ./gradlew build, but I am encountering a 401 error. The specific error message is as follows:
* What went wrong:
A problem occurred configuring root project 'sonarqube'.
> Could not resolve all artifacts for configuration ':classpath'.
> Could not resolve com.github.ben-manes:gradle-versions-plugin:0.21.0.
Required by:
project :
> Could not resolve com.github.ben-manes:gradle-versions-plugin:0.21.0.
> Could not get resource 'https://repox.jfrog.io/repox/plugins.gradle.org/com/github/ben-manes/gradle-versions-plugin/0.21.0/gradle-versions-plugin-0.21.0.pom'.
> Could not HEAD 'https://repox.jfrog.io/repox/plugins.gradle.org/com/github/ben-manes/gradle-versions-plugin/0.21.0/gradle-versions-plugin-0.21.0.pom'. Received status code 401 from server:
My goal is to modify some code in sonar-scanner-engine and re-generate the sonar-scanner-engine-shaded JAR file. Any help would be greatly appreciated!
hi Alain,
I follow your steps,but it doesn’t work. can you make it sence?
for example,you said
Utilize OrchestratorBuilder#setOrchestratorProperty(...) to override the default orchestrator.artifactory.url to central maven (or any other maven repository)
I set setOrchestratorProperty in ApiDefinitionDownloader.java file. is it correct?
2.The specific error I encountered is as follows. After executing ./gradlew build,
AILURE: Build failed with an exception.
* What went wrong:
Could not determine the dependencies of task ':sonar-plugin-api:shadowJar'.
> Could not resolve all dependencies for configuration ':sonar-plugin-api:detachedConfiguration1'.
> Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.20220328.
Required by:
project :sonar-plugin-api
> Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.20220328.
> Could not get resource 'https://repox.jfrog.io/repox/public/com/fasterxml/jackson/jackson-bom/2.13.2.20220328/jackson-bom-2.13.2.20220328.pom'.
> Could not GET 'https://repox.jfrog.io/repox/public/com/fasterxml/jackson/jackson-bom/2.13.2.20220328/jackson-bom-2.13.2.20220328.pom'. Received status code 401 from server:
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
By the way the version of sonarqube source code is 8.9.10.61524
The orchestrator has nothing to do with the dependencies being downloaded—you’re facing an error with Gradle simply downloading the dependencies as part of the build (the orchestrator is used to run tests).
I doubt we made any specific effort at the time of SonarQube v8.9’s release (May 2021) to make it easy to build outside of Sonar, and we’re not in a particular rush to make this old release buildable from the source code.
Recent releases should be in a much better state – (./gradlew build works out of the box if you download the source code of 25.3).
Thank you sooooo much for your reply. I took your advice and successfully built the project using version 25.3. I will switch my service to the latest version. Thanks again for your help!
Thanks for the suggestion! However, some of our projects are restricted to JDK 8 syntax. Since newer SonarQube versions require at least JDK 17, we have to stick with an older version for compatibility. Appreciate your input though!
This is a misundestanding. The latest version of SonarQube is perfectly happy to anlayze Java 8 code, but the analysis must be spawned by Java 17 or newer. See the docs.
The requirement on the Java runtime environment refers only to the version of Java used by the scanner itself to run. It does not restrict the versions of Java that can be analyzed by the scanner. In addition, the required version changes with successive versions of the scanner.
Thank you for the clarification! I’ll make sure to try that out.
Regarding upgrading from SonarQube 7.8 to 9.9 with database migration from MySQL to PostgreSQL, could you please advise the recommended migration path? The official documentation mentions PostgreSQL is required since version 8.9, but I’d appreciate guidance on how to transition the existing MySQL data to PostgreSQL during this major version upgrade.
I noticed the upgrade guide recommends sequential version upgrades. Should I first upgrade from 7.8 to intermediate versions (like 8.x) before migrating to PostgreSQL, or is there a direct migration method available?
