SonarQube GitHub Actions doesn't with private domain

SonarQube
1

I have a CI/CD GitHub Actions (GA) workflow. My SonarQube instance is only accessible from a VPN. I set up the Tailscale GA to create a node, I added a new DNS to the resolv.conf, I tested it with a CURL (It works), but when SonarQube executes, it says the domain is unkown.

name: CI

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Tailscale
      uses: tailscale/github-action@v2
      with:
        oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
        oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
        tags: tag:ci
        version: 1.52.0
    - uses: actions/checkout@v2
      with:
        fetch-depth: 0
    - name: Injecting new DNS
      run: |
        sudo sed -i '1s/^/nameserver [IP OF DNS SERVER]\n/' /etc/resolv.conf
        curl -v https://sonarqube.domain.tld
    - uses: sonarsource/sonarqube-scan-action@master
      with:
        args: >
          -X
      env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

Error is 13:26:23.423 ERROR: SonarQube server [***] can not be reached with the most important Caused by: java.net.UnknownHostException: sonarqube.domain.tld: Name does not resolve

Related issue: 64834

Thanks.

2

Hey there.

Since sonarsource/sonarqube-scan-action spins off another Docker process, I would expect that the /etc/resolv.conf isn’t making its way there (and therefore being used by the Java process that is spun up.

You could try to run the sonar-scanner executable directly, not using the action.

      - name: Download and install the SonarScanner
        env:
          SONAR_SCANNER_VERSION: 5.0.1.3006
        run: |
          curl -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
          unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
          echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH

      - name: SonarQube analysis
        run: |
          sonar-scanner 
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
3

Hi,

Thanks. It’s likely the solution but in the meantime, I switched to GitLab, so I don’t know if the solution works. I let people judge it :sweat_smile: