SonarQube pull request not updating Azure DevOps quality gate status

reckface · March 11, 2020, 5:12pm

I have the SonarQube task updating the pull request status in Azure DevOps builds. In migrating to YAML, same set of tasks simply does nothing. In the traditional build pipeline, this works.

We start with the prepare sonarqube task, build the source, run code analysis and then publish quality gate results.

It’s all green. No error, but the PR remains un updated.

Also the logs are completely problem free.

##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
##[debug]loading INPUT_POLLINGTIMEOUTSEC
##[debug]loading SECRET_SONARQUBE_ENDPOINT
##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
##[debug]loaded 6
##[debug]Agent.ProxyUrl=undefined
##[debug]Agent.CAInfo=undefined
##[debug]Agent.ClientCert=undefined
##[debug]Agent.SkipCertValidation=undefined
##[debug]SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"http://my.Server:9000/sonarqube","sonar.login":***,"sonar.projectKey":"MyProjectNew","sonar.projectName":"MyProjectNew","sonar.projectVersion":"1.2.1-PullRequest0857.4","sonar.pullrequest.key":"857","sonar.pullrequest.base":"release/1.2.0","sonar.pullrequest.branch":"test_sq","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://my.Server/azure.devops/","sonar.pullrequest.vsts.project":"MyProject","sonar.pullrequest.vsts.repository":"MyProject","sonar.scanner.metadataFilePath":"C:\\902_agent2\\_work\\_temp\\sonar\\1.2.1-PullRequest0857.4\\cbdee85f-7901-004a-4db3-ce64c82c3a94\\report-task.txt","sonar.verbose":"true"}
##[debug]SONARQUBE_ENDPOINT=***
##[debug][SQ] API GET: '/api/metrics/search' with query "{"f":"name","ps":500}"

##[debug]pollingTimeoutSec=300
##[debug][SQ] API GET: '/api/server/version' with query "undefined"
##[debug]Response: 200 Body: "8.0.0.29455"
##[debug]Build.BuildNumber=1.2.1-PullRequest0857.4

##[debug][SQ] Task status:IN_PROGRESS
##[debug][SQ] Waiting for task 'AXDJFJJRnBJSMrEnUvVb' to complete.
##[debug][SQ] API GET: '/api/ce/task' with query "{"id":"AXDJFJJRnBJSMrEnUvVb"}"
##[debug]Response: 200 Body: "{"task":{"id":"AXDJFJJRnBJSMrEnUvVb","type":"REPORT","componentId":"AXCqY5jNnBJSMrEnUvTJ","componentKey":"MyProjectNew","componentName":"MyProjectNew","componentQualifier":"TRK","status":"IN_PROGRESS","submittedAt":"2020-03-11T11:38:58+0100","submitterLogin":"admin","startedAt":"2020-03-11T11:38:58+0100","executionTimeMs":15906,"logs":false,"organization":"default-organization","pullRequest":"857","warnings":[]}}"
##[debug][SQ] Task status:IN_PROGRESS
##[debug][SQ] Waiting for task 'AXDJFJJRnBJSMrEnUvVb' to complete.
##[debug][SQ] API GET: '/api/ce/task' with query "{"id":"AXDJFJJRnBJSMrEnUvVb"}"
##[debug]Response: 200 Body: "{"task":{"id":"AXDJFJJRnBJSMrEnUvVb","type":"REPORT","componentId":"AXCqY5jNnBJSMrEnUvTJ","componentKey":"MyProjectNew","componentName":"MyProjectNew","componentQualifier":"TRK","analysisId":"AXDJLSW--Jp4Jqq6qd3Y","status":"SUCCESS","submittedAt":"2020-03-11T11:38:58+0100","submitterLogin":"admin","startedAt":"2020-03-11T11:38:58+0100","executedAt":"2020-03-11T11:39:15+0100","executionTimeMs":16516,"logs":false,"hasScannerContext":true,"organization":"default-organization","pullRequest":"857","warningCount":0,"warnings":[]}}"
##[debug][SQ] Task status:SUCCESS
##[debug][SQ] Task complete: {"id":"AXDJFJJRnBJSMrEnUvVb","type":"REPORT","componentId":"AXCqY5jNnBJSMrEnUvTJ","componentKey":"MyProjectNew","componentName":"MyProjectNew","componentQualifier":"TRK","analysisId":"AXDJLSW--Jp4Jqq6qd3Y","status":"SUCCESS","submittedAt":"2020-03-11T11:38:58+0100","submitterLogin":"admin","startedAt":"2020-03-11T11:38:58+0100","executedAt":"2020-03-11T11:39:15+0100","executionTimeMs":16516,"logs":false,"hasScannerContext":true,"organization":"default-organization","pullRequest":"857","warningCount":0,"warnings":[]}
##[debug][SQ] Retrieve Analysis id 'AXDJLSW--Jp4Jqq6qd3Y.'
##[debug][SQ] API GET: '/api/qualitygates/project_status' with query "{"analysisId":"AXDJLSW--Jp4Jqq6qd3Y"}"
##[debug]Response: 200 Body: "{"projectStatus":{"status":"OK","conditions":[{"status":"OK","metricKey":"new_reliability_rating","comparator":"GT","periodIndex":1,"errorThreshold":"1","actualValue":"1"},{"status":"OK","metricKey":"new_security_rating","comparator":"GT","periodIndex":1,"errorThreshold":"1","actualValue":"1"},{"status":"OK","metricKey":"new_maintainability_rating","comparator":"GT","periodIndex":1,"errorThreshold":"1","actualValue":"1"}],"periods":[],"ignoredConditions":false}}"
##[debug][SQ] Generate analysis report.'
##[debug]Number of analyses in this build: 1
##[debug]Overall Quality Gate status: ok
##[debug]System.TeamFoundationCollectionUri=https://my.Server/azure.devops/
##[debug]System.TeamProjectId=d93c50f4-ade5-4e28-99c0-35966c7a0de6
##[debug]Build.BuildId=14012
##[debug][{"op":0,"path":"/sonarglobalqualitygate","value":"ok"}]
SYSTEMVSSCONNECTION exists true
##[debug]SYSTEMVSSCONNECTION exists true
SYSTEMVSSCONNECTION exists true
##[debug]SYSTEMVSSCONNECTION exists true
##[debug]Acquiring a build API object.
##[debug]Creating a new build property with global Quality Gate Status
##[debug]build.artifactStagingDirectory=C:\902_agent2\_work\2\a
##[debug][SQ] Summary saved at: C:\902_agent2\_work\2\a\.sqAnalysis\SonarQubeBuildSummary.md
##[debug][SQ] Uploading build summary from C:\902_agent2\_work\2\a\.sqAnalysis\SonarQubeBuildSummary.md
##[debug]Processed: ##vso[task.addattachment type=Distributedtask.Core.Summary;name=SonarQube Analysis Report;]C:\902_agent2\_work\2\a\.sqAnalysis\SonarQubeBuildSummary.md

mickaelcaro · March 12, 2020, 9:57am

Hi @reckface,

This Quality Gate status is updated by your SonarQube instance.

You may see an error message in the web.log of it. Could you please check ?

Thanks.
Mickaël

reckface · March 12, 2020, 10:58am

Thank you @mickaelcaro for the log suggestion!
There was nothing in web.log, but I opened the ce.logs, and spotted this:

2020.03.12 11:37:29 WARN  ce[AXDOTaXpnKCkbQ_udAPU][c.s.C.D.C.C] Failed to decorate Azure DevOps Pull Request: API resource location 225f7195-f9c7-4d14-ab28-a83f7ff77e1f is not registered on https://My.Azure.DevOps.Server/. javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Ran:

keytool -import -alias tfs -keystore  "C:\Program Files\Java\jdk-12.0.1\lib\security\cacerts" -file c:\certs\my-b64.cer

Enter the password, changeit if you haven’t set your own.