Currently we’re using v3.0.0 of the GitHub Action sonarsource/sonarqube-scan-action and are providing a custom root cert through the env-var SONAR_ROOT_CERT. I’ve now tried to upgrade to the new v4.0.0 action of the action since this no longer uses a docker-image and therefore we won’t hit any dockerhub ratelimits anymore.
After updating to the new v4.0.0-version i get the following error:
> Run ${GITHUB_ACTION_PATH}/run-sonar-scanner.sh -Dsonar.pullrequest.key=665 -Dsonar.pullrequest.branch=redacted-patch-1 -Dsonar.pullrequest.base=master
Adding SSL certificate to the Scanner truststore
/__w/_actions/sonarsource/sonarqube-scan-action/v4.0.0/run-sonar-scanner.sh: line 32: keytool: command not found
Error: Process completed with exit code 127.
According to the release-notes the update from v3.0.0 to v4.0.0 shoudln’t cause any issues. Can anyone help me?
Hi @higgs01,
Thanks for reporting your issue to our community.
The new major version of the GitHub action requires the JDK to be installed and the keytool tool to be in the path. This was always the case with previous versions of the action, as the Docker container had all the dependencies baked into it. Moving from Docker to a composite action, we tested the behavior with all GitHub-hosted runners and didn’t encounter issues since those come equipped with Java.
The environment you are running in (the node:20 docker container), however, doesn’t include Java. Hence the issue.
We have identified a possible for the issue and started working on it. You can follow our progress at the resolution via this ticket in our tracking system.
We will ping you here once the issue is addressed. If your current issue with DockerHub rate limits are particularly annoying, we can share a working solution with you before the final release. That would greatly help us to validate the fix before releasing the new version.
Waiting for the fix to be available, you can:
either stay on the previous major version: v3.0.0 is still fully functional
or install the jdk or just the keytool, and ensure it’s in the path, before running the action
Hi @higgs01
We have good news! We have just released a new version of sonarqube-scan-action, v4.1.0, which should fix your issue.
We now use the keytool embedded in the JRE that we ship with the SonarScanner CLI, instead of expecting the command to be available in the runner environment.
You can read more about the new release of the action here.
Give it a try and let us know if that fixes your problem.
Hi @antonio.aversa
Thank you for the quick update. I’ve tested it with the Version v4.1.0 and the keytool-error doesn’t occur anymore.
However the custom root-cert still doesn’t seem to work as now I get the following error while running the action:
2024-12-02T11:05:19.0073976Z ##[group]Run ${GITHUB_ACTION_PATH}/run-sonar-scanner.sh -Dsonar.pullrequest.key=665 -Dsonar.pullrequest.branch=patch-1 -Dsonar.pullrequest.base=master
2024-12-02T11:05:19.0075515Z e[36;1m${GITHUB_ACTION_PATH}/run-sonar-scanner.sh -Dsonar.pullrequest.key=665 -Dsonar.pullrequest.branch=patch-1 -Dsonar.pullrequest.base=mastere[0m
2024-12-02T11:05:19.0076537Z shell: bash --noprofile --norc -e -o pipefail {0}
2024-12-02T11:05:19.0076907Z env:
2024-12-02T11:05:19.0077138Z BUILD_IMAGE: false
2024-12-02T11:05:19.0077416Z TAG_IMAGE_AS_LATEST: false
2024-12-02T11:05:19.0077719Z DEPLOYMENT_INSTANCE:
2024-12-02T11:05:19.0077987Z NOTIFY_ON_ERROR: false
2024-12-02T11:05:19.0078341Z SONAR_HOST_URL: https://***
2024-12-02T11:05:19.0078872Z SONAR_TOKEN: ***
2024-12-02T11:05:19.0090995Z SONAR_ROOT_CERT: -----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
2024-12-02T11:05:19.0103360Z ARTIFACT_VERSION:
2024-12-02T11:05:19.0103648Z INPUT_PROJECTBASEDIR: app
2024-12-02T11:05:19.0104138Z SONAR_SCANNER_JRE: /home/runner/_work/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64/jre
2024-12-02T11:05:19.0104654Z ##[endgroup]
2024-12-02T11:05:19.0560310Z Adding SSL certificate to the Scanner truststore
2024-12-02T11:05:19.2017806Z Certificate was added to keystore
2024-12-02T11:05:19.3351996Z + sonar-scanner -Dsonar.projectBaseDir=app -Dsonar.scanner.truststorePassword=changeit -Dsonar.pullrequest.key=665 -Dsonar.pullrequest.branch=patch-1 -Dsonar.pullrequest.base=master
2024-12-02T11:05:19.5679366Z 11:05:19.565 INFO Scanner configuration file: /__w/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64/conf/sonar-scanner.properties
2024-12-02T11:05:19.5682511Z 11:05:19.567 INFO Project root configuration file: /__w/fs-pkv-neon-ui/fs-pkv-neon-ui/app/sonar-project.properties
2024-12-02T11:05:19.5848720Z 11:05:19.584 INFO SonarScanner CLI 6.2.1.4610
2024-12-02T11:05:19.5865841Z 11:05:19.586 INFO Java 17.0.12 Eclipse Adoptium (64-bit)
2024-12-02T11:05:19.5872632Z 11:05:19.586 INFO Linux 6.1.112-122.189.amzn2023.x86_64 amd64
2024-12-02T11:05:19.6150616Z 11:05:19.614 INFO User cache: /root/.sonar/cache
2024-12-02T11:05:20.3269357Z 11:05:20.326 INFO EXECUTION FAILURE
2024-12-02T11:05:20.3279865Z 11:05:20.327 INFO Total time: 0.765s
2024-12-02T11:05:20.3321862Z 11:05:20.327 ERROR Error during SonarScanner CLI execution
2024-12-02T11:05:20.3322756Z java.lang.IllegalStateException: Failed to get server version
2024-12-02T11:05:20.3323850Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.getServerVersion(ScannerEngineBootstrapper.java:194)
2024-12-02T11:05:20.3325165Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:117)
2024-12-02T11:05:20.3326392Z at org.sonarsource.scanner.cli.Main.analyze(Main.java:75)
2024-12-02T11:05:20.3327275Z at org.sonarsource.scanner.cli.Main.main(Main.java:63)
2024-12-02T11:05:20.3328338Z Suppressed: java.lang.IllegalStateException: Call to URL [https://***/api/v2/analysis/version] failed
2024-12-02T11:05:20.3329573Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:159)
2024-12-02T11:05:20.3330762Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callApi(ScannerHttpClient.java:126)
2024-12-02T11:05:20.3331950Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callRestApi(ScannerHttpClient.java:104)
2024-12-02T11:05:20.3333231Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.getServerVersion(ScannerEngineBootstrapper.java:189)
2024-12-02T11:05:20.3334148Z ... 3 common frames omitted
2024-12-02T11:05:20.3335013Z Caused by: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
2024-12-02T11:05:20.3335987Z at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
2024-12-02T11:05:20.3336819Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T11:05:20.3337636Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T11:05:20.3338446Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T11:05:20.3339759Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
2024-12-02T11:05:20.3340975Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
2024-12-02T11:05:20.3342133Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
2024-12-02T11:05:20.3343066Z at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
2024-12-02T11:05:20.3343896Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T11:05:20.3344744Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T11:05:20.3345591Z at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
2024-12-02T11:05:20.3346410Z at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
2024-12-02T11:05:20.3347202Z at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
2024-12-02T11:05:20.3348083Z at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
2024-12-02T11:05:20.3348990Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T11:05:20.3349874Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T11:05:20.3350800Z at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
2024-12-02T11:05:20.3351949Z at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
2024-12-02T11:05:20.3352961Z at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
2024-12-02T11:05:20.3353935Z at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
2024-12-02T11:05:20.3354995Z at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
2024-12-02T11:05:20.3356006Z at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
2024-12-02T11:05:20.3356916Z at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
2024-12-02T11:05:20.3357898Z at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2024-12-02T11:05:20.3358916Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3359878Z at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
2024-12-02T11:05:20.3360843Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3361813Z at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2024-12-02T11:05:20.3362782Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3363875Z at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2024-12-02T11:05:20.3364963Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3365975Z at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.kt:221)
2024-12-02T11:05:20.3366979Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3368058Z at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
2024-12-02T11:05:20.3369026Z at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
2024-12-02T11:05:20.3370047Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:157)
2024-12-02T11:05:20.3370828Z ... 6 common frames omitted
2024-12-02T11:05:20.3371708Z Caused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
2024-12-02T11:05:20.3372934Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:61)
2024-12-02T11:05:20.3374419Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.checkServerTrusted(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T11:05:20.3375550Z ... 38 common frames omitted
2024-12-02T11:05:20.3376949Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3378693Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T11:05:20.3379627Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T11:05:20.3380529Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T11:05:20.3381422Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T11:05:20.3382389Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T11:05:20.3383684Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T11:05:20.3385910Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T11:05:20.3387197Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T11:05:20.3387910Z ... 39 common frames omitted
2024-12-02T11:05:20.3388881Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3389916Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3390773Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T11:05:20.3391542Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3392035Z ... 47 common frames omitted
2024-12-02T11:05:20.3393227Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3394535Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T11:05:20.3395270Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T11:05:20.3395983Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T11:05:20.3396693Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T11:05:20.3397475Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T11:05:20.3398582Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T11:05:20.3399973Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T11:05:20.3401208Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T11:05:20.3401908Z ... 39 common frames omitted
2024-12-02T11:05:20.3402712Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3403730Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3404588Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T11:05:20.3405351Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3405841Z ... 47 common frames omitted
2024-12-02T11:05:20.3406601Z Caused by: java.lang.IllegalStateException: Call to URL [https://***/api/server/version] failed
2024-12-02T11:05:20.3407601Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:159)
2024-12-02T11:05:20.3408680Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callApi(ScannerHttpClient.java:126)
2024-12-02T11:05:20.3409685Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callWebApi(ScannerHttpClient.java:112)
2024-12-02T11:05:20.3410769Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.getServerVersion(ScannerEngineBootstrapper.java:192)
2024-12-02T11:05:20.3411472Z ... 3 common frames omitted
2024-12-02T11:05:20.3412167Z Caused by: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
2024-12-02T11:05:20.3412953Z at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
2024-12-02T11:05:20.3413599Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T11:05:20.3414317Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T11:05:20.3414944Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T11:05:20.3415772Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
2024-12-02T11:05:20.3416797Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
2024-12-02T11:05:20.3417764Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
2024-12-02T11:05:20.3418517Z at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
2024-12-02T11:05:20.3419237Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T11:05:20.3419903Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T11:05:20.3420567Z at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
2024-12-02T11:05:20.3421203Z at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
2024-12-02T11:05:20.3421819Z at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
2024-12-02T11:05:20.3422510Z at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
2024-12-02T11:05:20.3423238Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T11:05:20.3423934Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T11:05:20.3424671Z at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
2024-12-02T11:05:20.3425491Z at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
2024-12-02T11:05:20.3426294Z at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
2024-12-02T11:05:20.3427079Z at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
2024-12-02T11:05:20.3427947Z at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
2024-12-02T11:05:20.3428748Z at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
2024-12-02T11:05:20.3429468Z at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
2024-12-02T11:05:20.3430265Z at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2024-12-02T11:05:20.3431095Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3431874Z at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
2024-12-02T11:05:20.3432651Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3433436Z at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2024-12-02T11:05:20.3434221Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3435133Z at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2024-12-02T11:05:20.3436030Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3436848Z at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.kt:221)
2024-12-02T11:05:20.3437762Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T11:05:20.3438656Z at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
2024-12-02T11:05:20.3439447Z at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
2024-12-02T11:05:20.3440242Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:157)
2024-12-02T11:05:20.3441127Z ... 6 common frames omitted
2024-12-02T11:05:20.3442071Z Caused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
2024-12-02T11:05:20.3443123Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:61)
2024-12-02T11:05:20.3444352Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.checkServerTrusted(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T11:05:20.3445169Z ... 38 common frames omitted
2024-12-02T11:05:20.3446362Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3447675Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T11:05:20.3448418Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T11:05:20.3449209Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T11:05:20.3449922Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T11:05:20.3450714Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T11:05:20.3451826Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T11:05:20.3453214Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T11:05:20.3454546Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T11:05:20.3455245Z ... 39 common frames omitted
2024-12-02T11:05:20.3456048Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3457072Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3457929Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T11:05:20.3458698Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3459196Z ... 47 common frames omitted
2024-12-02T11:05:20.3460379Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3461675Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T11:05:20.3462412Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T11:05:20.3463127Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T11:05:20.3463831Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T11:05:20.3464612Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T11:05:20.3465722Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T11:05:20.3467107Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T11:05:20.3468341Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T11:05:20.3469119Z ... 39 common frames omitted
2024-12-02T11:05:20.3469931Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T11:05:20.3470958Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3471818Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T11:05:20.3472592Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T11:05:20.3473097Z ... 47 common frames omitted
2024-12-02T11:05:20.3473417Z 11:05:20.331 ERROR
2024-12-02T11:05:20.3473985Z 11:05:20.331 ERROR Re-run SonarScanner CLI using the -X switch to enable full debug logging.
2024-12-02T11:05:20.3584513Z ##[error]Process completed with exit code 1.
The workflow-runs using the old action (via docker) are still working fine and looking at the git-diff in my PR all that has changed is the version-tag of the action (now v4.1.0). Everything else including certificate/url has remained the same.
I know that this is a different issue than the one I initially opened this thread for. Could you still take a look at it? or should I open a new one for this?
Hi @higgs01,
Thanks a lot for your super-quick update!
Yes, technically we should create a new ticket for this issue specifically, but let’s just continue here for convenience.
From your logs, it seems that the keytool is invoked correctly, and that ~/.sonar/ssl/truststore.p12 has been created. But somehow the p12 is not taken into account by the SonarScanner CLI, in the actual scan.
Could you please run the SonarScanner CLI in debug mode and report the logs here?
You can either add RUNNER_DEBUG: 1 to your environment variables, like so:
This should gives us more information about the execution of the scan by the SonarScanner CLI. In particular, we are looking for a log line like the following:
DEBUG Using truststore: /home/runner/.sonar/ssl/truststore.p12
@antonio.aversa as requested the log with “RUNNER_DEBUG=1” configured:
2024-12-02T13:53:37.6775336Z ##[group]Run ${GITHUB_ACTION_PATH}/run-sonar-scanner.sh
2024-12-02T13:53:37.6776224Z e[36;1m${GITHUB_ACTION_PATH}/run-sonar-scanner.sh e[0m
2024-12-02T13:53:37.6777027Z shell: bash --noprofile --norc -e -o pipefail {0}
2024-12-02T13:53:37.6777627Z env:
2024-12-02T13:53:37.6778133Z SONAR_HOST_URL: https://***
2024-12-02T13:53:37.6778879Z SONAR_TOKEN: ***
2024-12-02T13:53:37.6791421Z SONAR_ROOT_CERT: -----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
2024-12-02T13:53:37.6804740Z GIT_SSH_COMMAND: ssh -o StrictHostKeyChecking=accept-new
2024-12-02T13:53:37.6805385Z RUNNER_DEBUG: 1
2024-12-02T13:53:37.6805882Z INPUT_PROJECTBASEDIR: ./
2024-12-02T13:53:37.6806623Z SONAR_SCANNER_JRE: /home/runner/_work/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64/jre
2024-12-02T13:53:37.6807397Z ##[endgroup]
2024-12-02T13:53:37.7261681Z Adding SSL certificate to the Scanner truststore
2024-12-02T13:53:37.8735710Z Certificate was added to keystore
2024-12-02T13:53:37.9777008Z + sonar-scanner --debug -Dsonar.projectBaseDir=./ -Dsonar.scanner.truststorePassword=changeit
2024-12-02T13:53:38.2080584Z 13:53:38.205 INFO Scanner configuration file: /__w/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64/conf/sonar-scanner.properties
2024-12-02T13:53:38.2085759Z 13:53:38.208 INFO Project root configuration file: /__w/fs-pkv-neon-ui-common/fs-pkv-neon-ui-common/sonar-project.properties
2024-12-02T13:53:38.2207968Z 13:53:38.220 INFO SonarScanner CLI 6.2.1.4610
2024-12-02T13:53:38.2219934Z 13:53:38.221 INFO Java 17.0.12 Eclipse Adoptium (64-bit)
2024-12-02T13:53:38.2226697Z 13:53:38.222 INFO Linux 6.1.112-122.189.amzn2023.x86_64 amd64
2024-12-02T13:53:38.2289985Z 13:53:38.228 DEBUG Scanner max available memory: 3 GB
2024-12-02T13:53:38.2505172Z 13:53:38.250 DEBUG uname -m returned 'x86_64'
2024-12-02T13:53:38.2517333Z 13:53:38.251 DEBUG Create: /root/.sonar/cache
2024-12-02T13:53:38.2522593Z 13:53:38.252 INFO User cache: /root/.sonar/cache
2024-12-02T13:53:38.2523381Z 13:53:38.252 DEBUG Create: /root/.sonar/cache/_tmp
2024-12-02T13:53:38.5311467Z 13:53:38.530 DEBUG Loaded [420] system trusted certificates
2024-12-02T13:53:38.6732934Z 13:53:38.672 DEBUG --> GET https://***/api/v2/analysis/version
2024-12-02T13:53:38.8236249Z 13:53:38.823 DEBUG <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
2024-12-02T13:53:38.8239801Z 13:53:38.823 DEBUG --> GET https://***/api/server/version
2024-12-02T13:53:38.8963155Z 13:53:38.895 DEBUG <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
2024-12-02T13:53:38.8964228Z 13:53:38.895 INFO EXECUTION FAILURE
2024-12-02T13:53:38.8976358Z 13:53:38.897 INFO Total time: 0.695s
2024-12-02T13:53:38.9016384Z 13:53:38.897 ERROR Error during SonarScanner CLI execution
2024-12-02T13:53:38.9017786Z java.lang.IllegalStateException: Failed to get server version
2024-12-02T13:53:38.9019525Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.getServerVersion(ScannerEngineBootstrapper.java:194)
2024-12-02T13:53:38.9021155Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:117)
2024-12-02T13:53:38.9022205Z at org.sonarsource.scanner.cli.Main.analyze(Main.java:75)
2024-12-02T13:53:38.9022986Z at org.sonarsource.scanner.cli.Main.main(Main.java:63)
2024-12-02T13:53:38.9024424Z Suppressed: java.lang.IllegalStateException: Call to URL [https://***/api/v2/analysis/version] failed
2024-12-02T13:53:38.9025744Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:159)
2024-12-02T13:53:38.9027003Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callApi(ScannerHttpClient.java:126)
2024-12-02T13:53:38.9028289Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callRestApi(ScannerHttpClient.java:104)
2024-12-02T13:53:38.9029646Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.getServerVersion(ScannerEngineBootstrapper.java:189)
2024-12-02T13:53:38.9030612Z ... 3 common frames omitted
2024-12-02T13:53:38.9031489Z Caused by: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
2024-12-02T13:53:38.9032548Z at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
2024-12-02T13:53:38.9033472Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T13:53:38.9034388Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T13:53:38.9035295Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T13:53:38.9036712Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
2024-12-02T13:53:38.9038183Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
2024-12-02T13:53:38.9039854Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
2024-12-02T13:53:38.9041541Z at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
2024-12-02T13:53:38.9043123Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T13:53:38.9044832Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T13:53:38.9046553Z at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
2024-12-02T13:53:38.9048037Z at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
2024-12-02T13:53:38.9049014Z at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
2024-12-02T13:53:38.9050038Z at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
2024-12-02T13:53:38.9051131Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T13:53:38.9052176Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T13:53:38.9053251Z at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
2024-12-02T13:53:38.9054416Z at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
2024-12-02T13:53:38.9055557Z at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
2024-12-02T13:53:38.9056684Z at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
2024-12-02T13:53:38.9058153Z at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
2024-12-02T13:53:38.9059308Z at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
2024-12-02T13:53:38.9060378Z at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
2024-12-02T13:53:38.9061506Z at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2024-12-02T13:53:38.9062662Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9063759Z at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
2024-12-02T13:53:38.9064863Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9065968Z at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2024-12-02T13:53:38.9067087Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9068445Z at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2024-12-02T13:53:38.9069686Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9070823Z at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.kt:221)
2024-12-02T13:53:38.9071967Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9073192Z at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
2024-12-02T13:53:38.9074297Z at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
2024-12-02T13:53:38.9075430Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:157)
2024-12-02T13:53:38.9076475Z ... 6 common frames omitted
2024-12-02T13:53:38.9077459Z Caused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
2024-12-02T13:53:38.9078854Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:61)
2024-12-02T13:53:38.9080420Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.checkServerTrusted(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T13:53:38.9081550Z ... 38 common frames omitted
2024-12-02T13:53:38.9083052Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9084688Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T13:53:38.9085766Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T13:53:38.9086816Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T13:53:38.9087854Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T13:53:38.9089366Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T13:53:38.9107766Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T13:53:38.9110288Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T13:53:38.9111925Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T13:53:38.9112957Z ... 39 common frames omitted
2024-12-02T13:53:38.9114104Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9115486Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9116800Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T13:53:38.9118117Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9118927Z ... 47 common frames omitted
2024-12-02T13:53:38.9120436Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9122079Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T13:53:38.9123149Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T13:53:38.9124202Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T13:53:38.9125239Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T13:53:38.9126360Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T13:53:38.9127809Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T13:53:38.9129685Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T13:53:38.9131286Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T13:53:38.9132292Z ... 39 common frames omitted
2024-12-02T13:53:38.9133398Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9135091Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9136294Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T13:53:38.9137393Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9138200Z ... 47 common frames omitted
2024-12-02T13:53:38.9139316Z Caused by: java.lang.IllegalStateException: Call to URL [https://***/api/server/version] failed
2024-12-02T13:53:38.9140670Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:159)
2024-12-02T13:53:38.9141995Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callApi(ScannerHttpClient.java:126)
2024-12-02T13:53:38.9143344Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callWebApi(ScannerHttpClient.java:112)
2024-12-02T13:53:38.9144759Z at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.getServerVersion(ScannerEngineBootstrapper.java:192)
2024-12-02T13:53:38.9145770Z ... 3 common frames omitted
2024-12-02T13:53:38.9146773Z Caused by: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
2024-12-02T13:53:38.9147885Z at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
2024-12-02T13:53:38.9148850Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T13:53:38.9149819Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T13:53:38.9150767Z at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2024-12-02T13:53:38.9151920Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
2024-12-02T13:53:38.9153284Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
2024-12-02T13:53:38.9154597Z at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
2024-12-02T13:53:38.9155761Z at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
2024-12-02T13:53:38.9156732Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T13:53:38.9157720Z at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2024-12-02T13:53:38.9158725Z at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
2024-12-02T13:53:38.9159825Z at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
2024-12-02T13:53:38.9160774Z at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
2024-12-02T13:53:38.9161776Z at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
2024-12-02T13:53:38.9162823Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T13:53:38.9163837Z at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2024-12-02T13:53:38.9164903Z at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
2024-12-02T13:53:38.9166066Z at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
2024-12-02T13:53:38.9167195Z at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
2024-12-02T13:53:38.9168314Z at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
2024-12-02T13:53:38.9169618Z at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
2024-12-02T13:53:38.9170746Z at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
2024-12-02T13:53:38.9171787Z at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
2024-12-02T13:53:38.9172913Z at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2024-12-02T13:53:38.9174079Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9175187Z at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
2024-12-02T13:53:38.9176284Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9177398Z at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2024-12-02T13:53:38.9178508Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9179751Z at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2024-12-02T13:53:38.9180982Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9182122Z at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.kt:221)
2024-12-02T13:53:38.9183273Z at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2024-12-02T13:53:38.9184493Z at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
2024-12-02T13:53:38.9185602Z at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
2024-12-02T13:53:38.9186740Z at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:157)
2024-12-02T13:53:38.9187720Z ... 6 common frames omitted
2024-12-02T13:53:38.9189125Z Caused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
2024-12-02T13:53:38.9190523Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:61)
2024-12-02T13:53:38.9192126Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.checkServerTrusted(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T13:53:38.9193301Z ... 38 common frames omitted
2024-12-02T13:53:38.9195093Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9197057Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T13:53:38.9198212Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T13:53:38.9199748Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T13:53:38.9201102Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T13:53:38.9202996Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T13:53:38.9205185Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T13:53:38.9207344Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T13:53:38.9209289Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T13:53:38.9210433Z ... 39 common frames omitted
2024-12-02T13:53:38.9211683Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9213397Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9215279Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T13:53:38.9216698Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9217706Z ... 47 common frames omitted
2024-12-02T13:53:38.9219173Z Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9220768Z at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
2024-12-02T13:53:38.9221775Z at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
2024-12-02T13:53:38.9222767Z at java.base/sun.security.validator.Validator.validate(Unknown Source)
2024-12-02T13:53:38.9223740Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
2024-12-02T13:53:38.9224802Z at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
2024-12-02T13:53:38.9226193Z at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:48)
2024-12-02T13:53:38.9227905Z at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$4(CompositeX509ExtendedTrustManager.java:86)
2024-12-02T13:53:38.9229439Z at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
2024-12-02T13:53:38.9230400Z ... 39 common frames omitted
2024-12-02T13:53:38.9231471Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2024-12-02T13:53:38.9232799Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9233933Z at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
2024-12-02T13:53:38.9234968Z at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
2024-12-02T13:53:38.9235807Z ... 47 common frames omitted
2024-12-02T13:53:38.9245938Z ##[error]Process completed with exit code 1.
I can’t find the line you’ve mentioned in there anywhere.
and to give you a complete picture of our workflow, this is the github-action workflow (reduced to the relevant parts):
The presence of DEBUG logs indicates that you have configured debug logs correctly. The absence of the line log mentioned above (DEBUG Using truststore: /home/runner/.sonar/ssl/truststore.p12) indicates that, somehow, ~/.sonar/ssl/truststore.p12 is not found by the SonarScanner CLI, despite the keytool seems to have generated it, as we can see from the following two log lines:
2024-12-02T11:05:19.0560310Z Adding SSL certificate to the Scanner truststore
2024-12-02T11:05:19.2017806Z Certificate was added to keystore
I suspect that the issue may come from container.image: ***/node:20, that executes the action in a Docker container powering Node 20. Maybe, when running in such environment, ~/.sonar/ssl/truststore.p12 cannot be generated, for some reason.
In order to validate or reject the hypothesis, could you please try running in the environment of your runner, by removing container and having runs-on: ubuntu-latest only.
If you need to run in such a containerized environment, it would be very useful for us to understand why (security constraints or other).
I’ve now tested it without the container and there it works without any issues. Thanks for your input.
The reason we use a containerized environment is that there were some version-constraints on our self-hosted runners preventing us from installing node-20 (can’t recall what exactly anymore). These constraints have since been resolved and there isn’t any reason that prevents us from using a normal environment anymore. We’ll migrate our workflows away from this containerized environment.
In the meantime I have run more tests and I think I now have good understanding of the reason why the p12 file was not picked up.
It has to do with the way HOME is dealt with when running a job in a containerized environment (see here).
Basically, we put the p12 under /github/home/.sonar/ssh/truststore.p12, but the scanner is looking for it under /root/.sonar/ssh/ (the actions inside the container run as root).
Therefore, the SonarScanner doesn’t find it.
I have initiated an internal discussion of how to best approach this problem, which is going to be fixed in the next release of the GitHub action.
For your info, should you need to reintroduce container in your workflow for any reason: we have identified the root cause, as well as a workaround to the problem.
We have documented it here, under the “When running the SonarQube scan GitHub Action”:
Due to a known GitHub issue, if your GitHub Action v4 and above
uses SONAR_ROOT_CERT
and is executed in a containerized environment, for example when the job running the action declares container: <docker-image-name>
you need to explicitly set the SONAR_USER_HOME environment variable to be the "$HOME/.sonar".
You can do that by adding the following step before executing the action:
# Workaround for https://github.com/actions/runner/issues/863
- name: Workaround for containerized environments
run: echo "SONAR_USER_HOME=$HOME/.sonar" >> $GITHUB_ENV
- name: Run sonar analysis
uses: SonarSource/sonarqube-scan-action@<action version>
...