SonarCloud scans at JavaScript repository - quality gate task Could not fetch analysis

damianblach · January 22, 2024, 3:26pm

ALM used - Azure DevOps
CI system used - Azure DevOps
Scanner command used when applicable:

# SonarCloud Scans for repo sensors-js

name: SonarCloud_Scans_repo_sensors-js


variables:
  - group: gradle.properties

trigger:
  paths:
    include:
      - tagging
      - build.gradle

# =================================================================================
# Execution Plan
# =================================================================================

# ---------------------------------------------------------------------------------
# Job
# ---------------------------------------------------------------------------------

pool:
  vmImage: "macOS-latest"

steps:
  - checkout: self
    clean: true
    fetchDepth: 1

  - task: DownloadSecureFile@1
    displayName: "Download Build Script"
    inputs:
      secureFile: "hidden"

  - task: ExtractFiles@1
    displayName: "Extract Build Script"
    inputs:
      archiveFilePatterns: "$(Agent.TempDirectory)/hidden"
      destinationFolder: "$(Agent.TempDirectory)/hidden"

  - script: |
      cd unit-tests
      sudo npm install
      sudo npm install --global gulp-cli
    displayName: "Install npm dependencies"


  - task: Gradle@2
    displayName: "Publish Demo"
    inputs:
      workingDirectory: "tagging"
      gradleWrapperFile: "tagging/gradlew"
      options: "-Pcustomer=demo -Pusername=$(username) -Pkasrl=$(kasrl) -PkasrlLoc=$(kasrlLoc) -PvstsGradleAccessToken=$(vstsGradleAccessToken) -PazureFileShareName=$(azureFileShareName) -PazureStorageConnectionString=$(azureStorageConnectionString)"
      tasks: ":sensors-js.tagging:publishAndClean :sensors-js.tagging:uploadToAzureFiles"
      publishJUnitResults: true
      testResultsFiles: "**/TEST-*.xml"
      javaHomeOption: "JDKVersion"
      gradleOptions: "-Xmx3072m"

  - task: SonarCloudPrepare@4
    displayName: 'Prepare analysis on SonarCloud'
    inputs:
      SonarCloud: 'SonarCloud_connection'
      organization: 'hidden'
      scannerMode: CLI
      configMode: manual
      cliProjectKey: 'hidden'
      cliProjectName: 'hidden'

  - task: SonarCloudAnalyze@4
    displayName: 'Run Code Analysis'
  
  - task: SonarCloudPublish@4
    displayName: 'Publish Quality Gate Result'

And i also try to run scans without building it first:

# SonarCloud Scans for repo sensors-js

name: SonarCloud_Scans_repo_sensors-js

pool:
  vmImage: 'ubuntu-22.04'
  demands: java

steps:
- task: SonarCloudPrepare@1
  displayName: 'Prepare analysis on SonarCloud'
  inputs:
    SonarCloud: 'SonarCloud_connection'
    organization: 'hidden'
    scannerMode: CLI
    configMode: manual
    cliProjectKey: 'hidden'
    cliProjectName: 'hidden'

- task: SonarCloudAnalyze@1
  displayName: 'Run Code Analysis'

- task: SonarCloudPublish@1
  displayName: 'Publish Quality Gate Result'

Languages of the repository - JavaScript
Error observed:

==============================================================================
Task         : Publish Quality Gate Result
Description  : Publish SonarCloud's Quality Gate result on the Azure Pipelines build result. To be used after the actual analysis.
Version      : 1.15.2
Author       : sonarsource
Help         : Version: 1.15.2. [More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarcloud-extension-for-azure-devops/)
==============================================================================
##[error][SQ] Error retrieving analysis: [SQ] API GET '/api/qualitygates/project_status' failed, status code was: 404
##[error][SQ] Could not fetch analysis for ID 'AY0xrdPPElEmuaclDAoS'
Finishing: Publish Quality Gate Result

In the same project when i’m scanning other repositories with code in python for example, everything is working correctly.

Task Run Code Analysis

INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=hidden&branch=feature-damianb&resolved=false
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AY0xhBFY-4oriwyXn2Hz
INFO: Sensor cache published successfully
INFO: Analysis total time: 1:26.977 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 1:30.708s
INFO: Final Memory: 37M/130M
INFO: ------------------------------------------------------------------------
Finishing: Run Code Analysis

Output from link:

{
    "task": {
        "id": "AY0xrdGQwF60JsIV0Exr",
        "type": "REPORT",
        "componentId": "AYwbyW-fk0IXurqtdWhA",
        "componentKey": "hidden",
        "componentName": "hidden",
        "componentQualifier": "TRK",
        "analysisId": "AY0xrdPPElEmuaclDAoS",
        "status": "SUCCESS",
        "submittedAt": "2024-01-22T15:58:11+0100",
        "submitterLogin": "hidden",
        "startedAt": "2024-01-22T15:58:11+0100",
        "executedAt": "2024-01-22T15:58:13+0100",
        "executionTimeMs": 1731,
        "logs": false,
        "hasScannerContext": true,
        "organization": "hidden",
        "branch": "feature-damianb",
        "branchType": "SHORT",
        "warningCount": 3,
        "warnings": []
    }
}

ganncamp · January 23, 2024, 4:58pm

Hi,

Welcome to the community!

I’m confused. How can it be the same project with other repositories?

Regarding your comparison of what works and what doesn’t, they’re two different steps. Your second example is just analysis. If you look closely at the analysis log from your "failed’ job, I’m guessing you’ll see that analysis succeeds there too.

Regarding the publish failure, many systems will return a 404 error (i.e. what you’ve asked for doesn’t exist) rather than a 403 error, thus admitting that the resource exists but you just don’t have access to it.

You should double-check the PAT you’ve configured SonarCloud with.

HTH,
Ann

damianblach · January 24, 2024, 8:24am

I meant a project in Azure Devops, we have several repositories in one project. I wrote this to confirm that the connection service to SonarCloud set in the project works.

That’s true, the second step also succeeds, but the Publish Quality gate step doesn’t work.

I configured PAT per project and today I created a new PAT again, still the same effect.

I found this entry on your forum, I also tried to set it, but the effect with Publish Quality gate is the same.

# SonarCloud Scans for repo sensors-js

name: SonarCloud_Scans_repo_sensors-js


pool:
  vmImage: "ubuntu-latest"

steps:
  - task: UseNode@1
    displayName: 'Install Node.js 12'
    inputs:
      version: '12.x'

  - script: npm install
    displayName: 'Install Node.js dependencies'
    
  - task: SonarCloudPrepare@1
    displayName: 'Prepare analysis on SonarCloud'
    inputs:
      SonarCloud: 'SonarCloud_connection'
      organization: 'hidden'
      scannerMode: CLI
      configMode: manual
      cliProjectKey: 'hidden'
      cliProjectName: 'hidden'

  - task: SonarCloudAnalyze@1
    displayName: 'Run Code Analysis'
  
  - task: SonarCloudPublish@1
    displayName: 'Publish Quality Gate Result'

ganncamp · January 24, 2024, 1:20pm

Hi,

Per the docs,

We recommend that you … make sure that the PAT is entered only at the organization level, not at the project level. The project-level field should be left blank.

Can you remove the project-level PAT and verify that the user behind the org-level PAT as the right permissions?

Thx,
Ann

damianblach · January 25, 2024, 10:54am

Do you mean organization in Azure DevOps or SonarCloud? I don’t have full admin privileges on SonarCloud, but I do have full admin privileges on Azure DevOps. (maybe that’s why I don’t see a place to add PAT at the organizational level in SonarCloud)

May I understand correctly, and had to set PAT on the Azure DevOps organization level, not in each project within the organization separately?

Or do you mean adding PAT at the organization level in SonarCloud, so as not to add it separately to each project in SonarCloud in the General Pull request tab?

ganncamp · January 25, 2024, 1:27pm

Hi,

The PAT has to be set in SonarCloud to allow it to reach out to ADO and update the project there with the Quality Gate status.

Yes. Set it once at the SonarCloud org level and not in each SC project.

Ann

damianblach · January 26, 2024, 3:45pm

Hi,

the only problem is that in SonarCloud we have many projects in one organization and there is no person who would have the authority to generate PAT for all repositories. So the only way is to assign them to individual projects.

Which doesn’t change the fact that, in my opinion, that’s not the problem. In other projects I have it set exactly as I wrote above and there is no problem with the Quality Gate status. I will try to scan other repositories at this project and let you know - because in my opinion, if it works in another repository, but the same project one in AzureDevops - it is not related to PAT or the Azure->SonarCloud connection.

damianblach · February 5, 2024, 8:52am

After re-creating the project in SonarCloud, the quality Gate task worked. So it’s hard to say what was the reason.

system · February 12, 2024, 1:20pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.