Race condition for LTS 9.9.1 in suggested scanner style

Make sure to tell us:

  • What version are you upgrading from? Clear install of LTS 9.9.1
  • System information (Operating system, Java version, Database provider/version): Linux / Ubuntu 20.04, H2 database
  • What’s the issue you’re facing? When setting up a job for scanning C code the new LTS 9.9.1 suggests this style for low-level interfacing as shown in the uploaded picture.
    I note that using $HOME/.sonar/ is quite dangerous - since two scanner jobs running on the same machine for two gits will overwrite the same directory. I strongly encourage you to rewrite this e.g. like this - where a random number generator makes SOME_RANDOMNUMBER
curl --create-dirs -sSLo ${SONAR_SCANNER_ROOT}/build-wrapper-linux-x86.zip https://sonarqube-cph.dirac.services/static/cpp/build-wrapper-linux-x86.zip
unzip -o ${SONAR_SCANNER_ROOT}/build-wrapper-linux-x86.zip -d $HOME/.sonar/
export PATH=${SONAR_SCANNER_ROOT}/build-wrapper-linux-x86:$PATH

curl --create-dirs -sSLo ${SONAR_SCANNER_ROOT}/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
unzip -o ${SONAR_SCANNER_ROOT}/sonar-scanner.zip -d $HOME/.sonar/
export SONAR_SCANNER_OPTS="-server"

Another side problem is that I dislike that $HOME is poluted :slight_smile:

1 Like

Hello @peter.toft , thanks for taking the time to bring this to us.

If I’m not mistaken, this screenshot is from the section “Other CI”, right?

In this context, we assume that this “Other CI” will execute these instructions in an isolated environment.

For local run, we provide simpler instructions, assuming that it’s only to try things out, not to use with automation where race condition would happen.

On other CI, we provide examples like this one for Gitlab which is designed to be executed in a docker container, so no race condition with other scanner would happen.