Sonarqube-scan-action v8.0.0 has no option for proxy

Using the latest v8.0.0 of the sonarqube-scan-action in our GHA self hosted runners gets timeouts when trying to download the gpg key. I believe it’s because we’re behind a proxy and dirmngr doesn’t use the proxy from the environment by default.

I can’t find any way to configure gpg / dirmngr to use a proxy in this action. For now, we’re using skipSignatureVerification: true but ideally we’d prefer not to use this option.

Thanks

Hi,

Welcome to the community!

Have you tried setting the proxy analysis parameters?

 
Ann

Hi Ann,
I haven’t tried them because afaik these only effect the scanner itself, not the download of the gpg key.
I should have pasted the error in my original post, sorry:

Installing Sonar Scanner CLI 8.0.1.6346 for linux-x64…

Downloading from: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.1.6346-linux-x64.zip

Downloading signature from: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.1.6346-linux-x64.zip.asc

Importing SonarSource public key from hkps://keyserver.ubuntu.com…

/usr/bin/gpg --homedir /codebuild/output/src3441734381/src/actions-runner/_work/_temp/gpg-home-1777418481391-1719 --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A

gpg: keybox ‘/codebuild/output/src3441734381/src/actions-runner/_work/_temp/gpg-home-1777418481391-1719/pubring.kbx’ created

gpg: keyserver receive failed: Connection timed out

Warning: Failed to import key from hkps://keyserver.ubuntu.com: The process ‘/usr/bin/gpg’ failed with exit code 2

Attempting fallback keyserver hkps://keys.openpgp.org…

/usr/bin/gpg --homedir /codebuild/output/src3441734381/src/actions-runner/_work/_temp/gpg-home-1777418481391-1719 --batch --keyserver hkps://keys.openpgp.org --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A

gpg: keyserver receive failed: Connection timed out

Error: Action failed: Failed to import SonarSource public key from all keyservers. Primary (hkps://keyserver.ubuntu.com): The process ‘/usr/bin/gpg’ failed with exit code 2. Fallback (hkps://keys.openpgp.org): The process ‘/usr/bin/gpg’ failed with exit code 2

Hi,

My knee-jerk reaction was to ask why you’re downloading the scanner fresh each time, but that’s just the way the action works, right?

I’ve flagged this for the team.

 
Ann

Hi,

Proxy support for GPG keyserver access was added in version 8.1.0, released a few days ago.

Best