Scanner fails to start in Azure DevOps self-hosted build agent

Hi,

We are using self-hosted build agents in Azure DevOps and the Run Code Analysis task is failing with the following error:

There was an error when attempting to execute the process ‘/var/azure/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/1.41.0/sonar-scanner/bin/sonar-scanner’. This may indicate the process failed to start. Error: spawn /var/azure/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/1.41.0/sonar-scanner/bin/sonar-scanner EACCES

Version of the task: 1.41.0.

Any help is appreciated.

Hi,

Are you using SonarQube or SonarCloud?

Also, are you really using version 1.41 of the task? Because 5.15 is the current version.

 
Ann

My bad - it’s SonarCloud - I’ve corrected the category.

The “More information” link of the task points here, showing 1.42 as the latest

1 Like

Hi,

Thanks for the followup. Can you provide your job logs?

 
Ann

Hi Ann,

Run Code Analysis logs:

Starting: Run Code Analysis
=============================================================================
Task         : Run Code Analysis
Description  : Run scanner and upload the results to the SonarCloud server.
Version      : 1.41.0
Author       : sonarsource
Help         : Version: 1.41.0. This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.
[More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarcloud-extension-for-azure-devops/)
=============================================================================
/var/azure/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/1.41.0/sonar-scanner/bin/sonar-scanner
##[error]There was an error when attempting to execute the process '/var/azure/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/1.41.0/sonar-scanner/bin/sonar-scanner'. This may indicate the process failed to start. Error: spawn /var/azure/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/1.41.0/sonar-scanner/bin/sonar-scanner EACCES
Finishing: Run Code Analysis

Previous task that generates coverage report:

2023-08-23T14:47:32.3655048Z ##[section]Starting: generate coverage report
2023-08-23T14:47:32.3667428Z =============================================================================
2023-08-23T14:47:32.3667912Z Task         : Docker Compose
2023-08-23T14:47:32.3668470Z Description  : Build, push or run multi-container Docker applications. Task can be used with Docker or Azure Container registry.
2023-08-23T14:47:32.3669027Z Version      : 0.225.0
2023-08-23T14:47:32.3669325Z Author       : Microsoft Corporation
2023-08-23T14:47:32.3669739Z Help         : https://aka.ms/azpipes-docker-compose-tsg
2023-08-23T14:47:32.3670236Z =============================================================================
2023-08-23T14:47:34.3403159Z [command]/usr/local/bin/docker-compose -f /var/azure/work/1/s/docker-compose-test.yaml -f /azp/.docker-compose.1692802054333.yml -p app_merge_15720 exec -T monolith bash -c coverage xml -i
2023-08-23T14:47:43.7198302Z ##[section]Finishing: generate coverage report

Container logs:

2023-08-23 14:26:33Z: Running job: Agent job 1
2023-08-23 14:47:59Z: Job Agent job 1 completed with result: SucceededWithIssues

Hi,

Sorry, can you provide debug logs?

This guide will help you get them.

 
Ann

1 Like

Hi,

Thank you for the guide, unfortunately no luck with that either:
sonar-project.properties file as well as Additional Properties in Prepare Analysis Configuration task updated with this:

sonar.log.level=DEBUG
sonar.verbose=true

but nothing new in the logs.

Hi,

Let’s back up. What kind of project are you analyzing? Is it a .NET project?

 
Ann

Hi,

It’s Python.

To narrow the field a little bit, I should say that the pipeline currently works fine with several existing agents. Unfortunately, those agents are old containers/images and we are not fully able to reverse-engineer how they are running. Now we are trying to replace them because they are using to-be-deprecated Java 11.

Maksym

Hi Maksym,

If this is Python, then we shouldn’t need debug logs.

What you provided before was so short, it looked to me (admittedly without close examination) like a non-debug .NET log.

Now that I go back to it:

Google tells me EACCES is a permissions error. It looks like you need to grant more permissions on this new(?) build agent.

 
HTH,
Ann

1 Like

Hi Ann,

sonar-scanner permissions seem appropriate and are identical to those in other agents:

root@azure-build-agent-5:/var/azure/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/1.41.0/sonar-scanner/bin# ls -al
...
-rwxrwxrwx 1 root root 1823 Aug  9 06:27 sonar-scanner
...

Or is it something else that you meant to grant to?

Thank you.
Maksym

Hi Maksym,

I’m really not sure. The error isn’t an error in analysis because analysis never starts up. This is an OS-level error saying that analysis, or rather the scanner, couldn’t be started. The root root in your line caught my eye, but world has 7, so I would expect it to work. Are you sure this is the right scanner? Maybe there’s another instance somewhere?

 
Ann

Hi Ann,

Yes, the scanner is right - I was disabling all other agents and watching container logs of the problematic one during executions.

Latest update: the base image of the container (ubuntu 18) and the agent version (2.204.0) are very outdated, so we are going to upgrade both. Actually I’ve already tested the same setup in my local environment on WSL2 Ubuntu 20 and agent v. 3.255.0 - the pipeline worked flawlessly after solving a little incompatibility issue.

Thank you so much for your responsiveness - I believe there’s no need to waste more time on this.

Maksym

1 Like