Sonar Scanner Gradle Plugin not respecting `sonar.nodejs.executable` property

RyanH · February 3, 2023, 12:42am

I am having issues with the Gradle using sonar-scanner-gradle v3.4.0.2513 and Gradle v7.5.1. Our project installs nodejs into a sandbox path, and we are attempting to configure Sonar to use the binary path set via the sonar.nodejs.executable propert. Without fail we always get Error when running: 'node -v'. Is Node.js available during analysis?.

What is surprising is that when we look at the scanner context, we can see that the value is set properly with the correct path, and I have validated that the binary and path has the correct permissions to be executed. I have tried many different ways to set this, using subprojects {} and allprojects {} to add the sonarqube {} block containing the following:

val NODE_VERSION = "16.13.2"
val osName = when (OS.current()) {
  OS.LINUX -> "linux"
  OS.WINDOWS -> "win"
  OS.DARWIN -> "darwin"
}
val osArch = when (Architecture.current()) {
  Architecture.X86_64 -> "x64"
  Architecture.AARCH64 -> "arm64"
}

sonarqube {
    properties {
        property(
            "sonar.nodejs.executable",
            "${project.node.workDir.get()}/node-v$NODE_VERSION-$osName-$osArch/bin/node"
        )
     }
}

This feels like a bug in the sonarscanner – and I am not really sure how to fix this issue.

Colin · February 6, 2023, 10:19am

Hey there.

This looks similar to Setting Node Executable for Typescript Analysis - #8 by DKroot

Can you tell us what version of SonarQube you’re using (it should be located in the footer of your SonarQube instance)

RyanH · February 6, 2023, 6:20pm

SonarQube version is Enterprise Edition Version 9.8 (build 63668), the sonar-gradle-plugin version is 3.4.0.2513, Gradle version is 7.5.1, and the JVM version (build/client-side) is 11.0.16.

The linked issue sounds very much the same.

Colin · February 7, 2023, 3:14pm

Thanks. I’ve flagged this for some expert attention.

dmeneses · February 7, 2023, 9:59pm

Hi,

Could you please run ./gradlew sonarqube -Dsonar.scanner.dumpToFile=properties and then check if you can find sonar.nodejs.executable in the file properties?

RyanH · February 9, 2023, 5:54pm

I ran the command and checked the resulting properties file, and it does have the property set with the correct value.

RyanH · February 15, 2023, 9:35pm

Just want to follow up and see if there is any additional information you need.

Thanks!

RyanH · February 16, 2023, 8:23pm

I was looking at the node plugin code on github and found a debug line which might prove out that the property value is not being respected. I ran ./gradlew --debug sonarqube and this is the output from the debug line:

2023-02-16T12:12:05.664-0800 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Checking Node.js version
2023-02-16T12:12:05.664-0800 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Launching command node -v
2023-02-16T12:12:05.667-0800 [WARN] [org.sonarqube.gradle.SonarQubeTask] Error when running: 'node -v'. Is Node.js available during analysis?

I would expect this to show the full path if it was using my property values.

Edit:

I also want to add I don’t see anything in the build logs which suggest that this code path is being invoked, as neither the info or error messages are being output:

github.com

SonarSource/SonarJS/blob/f58ba515a6fd5e30501e4f54e0d4e51fcd89b2ff/sonar-javascript-plugin/src/main/java/org/sonar/plugins/javascript/nodejs/NodeCommandBuilderImpl.java#L211C2-L225


      
          private String retrieveNodeExecutableFromConfig(@Nullable Configuration configuration) throws NodeCommandException, IOException {
            if (configuration != null && configuration.hasKey(NODE_EXECUTABLE_PROPERTY)) {
              String nodeExecutable = configuration.get(NODE_EXECUTABLE_PROPERTY).get();
              File file = new File(nodeExecutable);
              if (file.exists()) {
                LOG.info("Using Node.js executable {} from property {}.", file.getAbsoluteFile(), NODE_EXECUTABLE_PROPERTY);
                return nodeExecutable;
              } else {
                LOG.error("Provided Node.js executable file does not exist. Property '{}' was set to '{}'", NODE_EXECUTABLE_PROPERTY, nodeExecutable);
                throw new NodeCommandException("Provided Node.js executable file does not exist.");
              }
            }
          
          
  return locateNode();
          }

Antoine · March 8, 2023, 2:32pm

Hello @RyanH,

I tested the same configuration that you did and it works fine on my side. May I ask you to share your full analysis logs in debug mode? Also, which OS is it running on?
The idea is to understand what the JavaScript/TypeScript sensors are doing to create the node command and at which point it fails.

Thank you
Antoine

RyanH · March 9, 2023, 9:13pm

This is quite large, is there a drop box or something I can use to send this the output file to you?

Ubuntu 20.04 and 22.04.

Antoine · March 10, 2023, 9:26am

Usually, logs file have a huge compression rate when being zipped. Have you tried? I don’t have any external service for storing large files, and it’s interesting to have them here for a later reader.
If it doesn’t work, then please store them somewhere I could download.

Cheers
Antoine

Antoine · March 14, 2023, 7:11pm

Hello Ryan,

When the parameter sonar.nodejs.executable is used, we can see it explicitly in logs:

2023-03-14T20:01:03.391+0100 [INFO] [org.sonarqube.gradle.SonarQubeTask] Using Node.js executable /Users/antoinevigneau/.nvm/versions/node/v18.13.0/bin/node from property sonar.nodejs.executable.

I checked the logs you sent and there is no such line, instead we can see:

260218 2023-03-10T13:32:06.271-0800 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Using default Node.js executable: 'node'.

So I don’t know what’s wrong in your Gradle conf, but this parameter doesn’t make its way to the scanner.

I’m not a gradle expert and these problems can be tricky to solve. What I suggest you to do is to start small: use gradle-sample.zip (88.6 KB) to experiment and see if it works fine for you as well on a minimal project (of course, you have to adjust the node.js path in the build.gradle). If that’s ok, start adding some module and see if it works too. Compare with your actual project and add the needed complexity so you understand when/where it breaks.
This is basically a gradle config problem that you are dealing with, not a SonarQube or scanner bug.

Let us know about your findings, it could be useful to others.

Cheers,
Antoine