Pull Request decoration in GitLab not working if more than 0 Bugs are reported

Hello,

Versions:
SonarQube 8.4 (Developer Edition, but currently on Trial License)
CentOS8
Selfhosted GitLab 13.0

I want the Pull Request Decoration feature to work. But it only works sometimes.

It is especially wierd as it is working if there are 0 Bugs and 0 Vulnerabilities reported. But as soon as there is 1 Bug, there is no comment on the Merge Request on GitLab.

The ce.log gives me this error:

2020.07.21 20:14:41 ERROR ce[AXNyk6bonEbCBBz-zz0S][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Execution of task class com.sonarsource.C.D.c failed
java.lang.IllegalStateException: Remote host terminated the handshake
        at com.sonarsource.C.D.D.F.A(Unknown Source)
        at com.sonarsource.C.D.D.B.A(Unknown Source)
        at com.sonarsource.C.D.c.A(Unknown Source)
        at java.base/java.util.Optional.ifPresent(Optional.java:183)
        at com.sonarsource.C.D.c.B(Unknown Source)
        at com.sonarsource.C.D.c.A(Unknown Source)
        at org.sonar.ce.async.SynchronousAsyncExecution.addToQueue(SynchronousAsyncExecution.java:27)
        at com.sonarsource.C.D.c.A(Unknown Source)
        at java.base/java.util.Optional.ifPresent(Optional.java:183)
        at com.sonarsource.C.D.c.finished(Unknown Source)
        at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.executeTask(PostProjectAnalysisTasksExecutor.java:118)
        at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.finished(PostProjectAnalysisTasksExecutor.java:109)
        at org.sonar.ce.task.step.ComputationStepExecutor.executeListener(ComputationStepExecutor.java:91)
        at org.sonar.ce.task.step.ComputationStepExecutor.execute(ComputationStepExecutor.java:63)
        at org.sonar.ce.task.projectanalysis.taskprocessor.ReportTaskProcessor.process(ReportTaskProcessor.java:81)
        at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.executeTask(CeWorkerImpl.java:235)
        at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.run(CeWorkerImpl.java:217)
        at org.sonar.ce.taskprocessor.CeWorkerImpl.findAndProcessTask(CeWorkerImpl.java:162)
        at org.sonar.ce.taskprocessor.CeWorkerImpl$TrackRunningState.get(CeWorkerImpl.java:137)
        at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:89)
        at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:53)
        at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
        at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
        at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1313)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1055)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
        at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336)
        at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
        at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
        at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
        at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
        at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
        at okhttp3.RealCall.execute(RealCall.java:81)
        ... 30 common frames omitted
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:167)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1144)
        ... 52 common frames omitted
2020.07.21 20:14:41 INFO  ce[AXNyk6bonEbCBBz-zz0S][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Pull Request decoration | status=FAILED | time=125950ms
2020.07.21 20:14:41 INFO  ce[AXNyk6bonEbCBBz-zz0S][o.s.c.t.CeWorkerImpl] Executed task | project=alabus_CRM | type=REPORT | pullRequest=31 | id=AXNyk6bonEbCBBz-zz0S | submitter=jenkins | status=SUCCESS | time=133296ms

At first I thought it would be a SSL issue, but it is working if there are 0 Bugs reported. The status of the QualityGate is not relevant, as it was working with Failed and Passed. The only indicator I have found until now is that its not working if there are more than 0 Bugs.

What can be the cause? The only slightly related issue I have found is:
https://jira.sonarsource.com/browse/SONAR-13290

But I cannot test it at the moment. But can this be the solution? I’m not that convinced…

Thank you for any help!

Hi Reto,

This issue reminds me very much of this other one: Merge request decoration: Remote host terminated the handshake

Can you double check that PR Decoration is enabled at project level in SonarQube? Go to Project Settings > General Settings > Pull Request Decoration and select your Configuration name . If you’re using GitLab CI, you can leave Project ID blank, as it will be auto-detected.

Thanks, regards,
Daniel

Yes the Project ID is set, as we use Jenkins:
Project Settings

Hi Reto,

Thanks for your reply. We will need to dig into this a bit more.

  • Can you please share the full analysis log from Jenkins, in debug mode (by passing the -X flag to the scanner)
  • Can you share how you are setting your project key? do you pass this to the scanner in Jenkins as a scanner parameter, or do yo used this through a sonar-project.properties file?
  • Can you see the Pull Request analysis results in SonarQube UI?

We may be able to find the root cause with the information above before we dig deeper yet.

Regards,
Daniel

Hi Daniel,

Thanks for the quick reply.

We start Sonar with maven in a Jenkins Pipeline. The Jenkins log tells us following maven command:
mvn clean package sonar:sonar -X -P "primefaces-only, jboss" --batch-mode -s '/path/to/jenkins/workspace/tmp' -Dproject.build.sourceEncoding=Cp1252 -Dproject.reporting.outputEncoding=Cp1252

The project key is set in maven pom.xml:

<sonar.projectKey>alabus_CRM</sonar.projectKey>
<sonar.projectName>alabus_CRM</sonar.projectName>

The result of the analysis is displayed in SonarQube UI, but there is a warning:
Merge Request decoration failed. Please check your configuration and the connectivity to GitLab.

This warning only appears if there is at least 1 Bug. If there are no bugs, the warning is not displayed and the Pull Request Decoration in GitLab is working. In the current case we have 4 Bugs.

Here are all the logs, from sonar and from jenkins maven build:
sonar_logs.zip (16.5 KB)

Thanks,
Reto

The Pull Request Decoration works for other projects. But for the alabus_CRM project with GitLab Project ID ‘21’ it is not working.

I deleted the project on SonarQube and created a new one with the same settings (Key, name etc.) as before. It is still not working. I do not have any other project specific settings set which would differ from the other, working projects.