Sonarqube scan action (Github) v4.0.0 - Failed to extract archive

Failure when testing the version 4.0.0 of sonarqube-scan-action on GitHub self-hosted runners

Using SonarQube Enterprise Edition v10.6

NoSuchFileException: /home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/jre6284578682694846135/jdk-17.0.11+9-jre/lib/server/classes.jsa
16:59:06.658 INFO  SonarScanner CLI 6.2.1.4610
16:59:06.663 INFO  Java 17.0.12 Eclipse Adoptium (64-bit)
16:59:06.664 INFO  Linux 5.15.0-1068-azure amd64
16:59:06.792 INFO  User cache: /home/runner/.sonar/cache
16:59:08.887 INFO  JRE provisioning: os[linux], arch[x86_64]
16:59:12.623 INFO  EXECUTION FAILURE
16:59:12.631 INFO  Total time: 6.042s
16:59:12.631 ERROR Error during SonarScanner CLI execution
java.lang.IllegalStateException: Failed to extract archive
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.extractArchive(JavaRunnerFactory.java:200)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.getJreFromServer(JavaRunnerFactory.java:145)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.createRunner(JavaRunnerFactory.java:85)
	at org.sonarsource.scanner.lib.internal.ScannerEngineLauncherFactory.createLauncher(ScannerEngineLauncherFactory.java:53)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:123)
	at org.sonarsource.scanner.cli.Main.analyze(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:63)
Caused by: java.nio.file.NoSuchFileException: /home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/jre6284578682694846135/jdk-17.0.11+9-jre/lib/server/classes.jsa
	at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(Unknown Source)
	at java.base/java.nio.file.spi.FileSystemProvider.newOutputStream(Unknown Source)
	at java.base/java.nio.file.Files.newOutputStream(Unknown Source)
	at java.base/java.nio.file.Files.copy(Unknown Source)
	at org.sonarsource.scanner.lib.internal.util.CompressionUtils.extractTarGz(CompressionUtils.java:146)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.extract(JavaRunnerFactory.java:234)
	at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.extractArchive(JavaRunnerFactory.java:193)
	... 6 common frames omitted

Hi, this looks to be the same issue as reported here and here

The problem is we are not able to reproduce and understand the issue.

@philithethrill99 Is there anything special with your self-hosted runner? Do you have an anti-virus or any anti-malware software that would wrongly detect jdk-17.0.11+9-jre/lib/server/classes.jsa and quarantine it? From experience, most issues happening when unzipping archives are caused by third-party security tools.

I created a ticket to track the investigation’s progress, but any information or reproducer is welcome since I have no idea of the root cause for now.

@philithethrill99 any chance you could connect to your self-hosted runner, and verify the checksum of the downloaded JRE:

$ sha256sum /home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz
bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707  /home/julien.henry/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz

We are using Dynatrace OneAgent on our self-hosted runners, I’m suspecting this causing the issue.

$ ls -l
total 34096
-rw-r--r-- 1 runner runner        0 Nov 27 14:35 classes.jsa
-r--r--r-- 1 runner runner 10899456 Nov 27 14:35 classes_nocoops.jsa
-rw-r--r-- 1 runner runner    16560 Nov 27 14:35 libjsig.so
-rw-r--r-- 1 runner runner 23992808 Nov 27 14:35 libjvm.so
$ cat classes.jsa
$ pwd
/home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/jre11373730550266553454/jdk-17.0.11+9-jre/lib/server
$ cd /home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707
$ ls -l
total 45304
-rw-r--r-- 1 runner runner 46382823 Nov 27 14:35 OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz
drwx------ 3 runner runner     4096 Nov 27 14:35 jre11373730550266553454
$ sha256sum OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz
bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707  OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz

I extracted the tar.gz file that was downloaded from the action and the classes.jsa file is NOT 0k

-rw-r--r-- 1 runner runner 46382823 Nov 27 18:38 OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz
drwxr-xr-x 6 runner runner     4096 Apr 17  2024 jdk-17.0.11+9-jre
$ cd jdk-17.0.11+9-jre/lib/server
$ ls -l
total 45784
-r--r--r-- 1 runner runner 11968512 Apr 17  2024 classes.jsa
-r--r--r-- 1 runner runner 10899456 Apr 17  2024 classes_nocoops.jsa
-rw-r--r-- 1 runner runner    16560 Apr 17  2024 libjsig.so
-rw-r--r-- 1 runner runner 23992808 Apr 17  2024 libjvm.so

Indeed, it seems to be a common issue with Dynatrace (for example reported here). They mention the following workaround:

If the Dynatrace OneAgent is not required on the PAM client host, uninstall it.

If it is required, turning off ProcessAgent injection should resolve the problem:


If you need the Dynatrace OneAgent and cannot turn off ProcessAgent injection, or turning it off does not resolve the problem for you, contact Dyntrace OneAgent Support to find a solution that works for you.

Would you be able to ask Dyntrace OneAgent Support? If there is anything we can change in our software to make things work out of the box, we would be happy to consider it, but for now, I assume this is a false positive created by this security tool.