- SonarQube Server: 2025.1 LTA / Community Build
- Scanner based on SonarQube server task Azure Market latest version: 7.1.1
- Build Server: Windows Server 2019
- Azure On Premise: Azure DevOps Server 2022.2
- SonarQube tasks are installed through the Azure marketplace.
- They are 3 separated machines, Azure host, Build machine and sonarqube machine.
- what are you trying to achieve: I am configuring a Azure pipeline that uses tasks “Sonar begin” and “Sonar end” as part of the build process. Sonar end task should call the sonnar scanner from the task within build agent to start the analysis.
- Description of the issue: The Sonar end step is complaining about the certificate configuration to reach the sonar qube server. Despite all configuration is apparently correct (Following this) the task process logs the use of a Java version different that the one pointed by the JAVA_HOME variable.
- what have you tried so far to achieve this:
- Networking is fine, it is possible to reach all machines from each one and open sonar portal and tfs portal.
- I have tried with different JAVA versions, 17, 18 and 21. Configuring JAVA_HOME and Path accordingly on each attempt.
- I have configured all certificates inside the cacert store in all installed versions.
- I have tried to use NODE_EXTRA_CA_CERTS and a pem file with all base64 certificates in the tls path.
- I have restarted agents several times and check Azure agents-demands show the expected JAVA_HOME configured.
- I have tried to run Java.exe -version locally in the self agent to check the expected version is the one I was suppose to be using at that moment. All data seem correct.
** I have tried to force task with additional parameters to stablish the location of the java exe. I have tried with /d:sonar.java.jdkHome and /d:sonar.java.exepath (this might be misspelled though as I don’t have it in front of me right now). When the task runs with this parameters it complains about the file path whatever the format I gave. Neigher single \ double \ or back slashes / accepted as java exe path.
And many other try and error I lost in my mind.
No matter all my efforts, the sonnar.scanner is always trying to use a Java version Alpine 11 that is not actually installed in the machine, which make me think that is some kind of embedded jdk inside the scanner itself.
I have verify scanner config and check that “use_xxxx_” is set to false cause I saw in other topics there were some people with that variable to true ignoring JAVA_HOME. So this issue is apparently not my case, but all that is happening points to it.
Final clue, that might ring the bell of someone… the task itself when configured in Azure devops have 3 versions (5, 6, and 7) being 7 the latest one.
If I downgrade to version 5, the sonar scanner steps works fine and chooses the JAVA_HOME I am expecting. If I go back to version 7, the issue comes again.
So my final conclusion is that for whatever reason the most updated task is ignoring the java config and it is choosing and embeded version of the jdk instead of the one pointed by JAVA_HOME and ignoring the certiticates on NODE_EXTRA_CA_CERTS.
If that is the case I have 2 questions:
- Is there a way to correctly configure the task to make it use JAVA_HOME instead of the embedded version? (I have tried this already by forcing some /d in the task begin advanced parameters but I might have done it wrong)
- (not the desired solution but) Is there a way to configure the keystore (cacerts file) for the embedded jdk of the agent?
I have tried to search the forum for similar issues, cause the market plugin is at least 3 months old and I were surprised I did not find anyone with the same issue. So there might be some kind of conflict in maybe environment variables of the machine. (maybe permissions on the user is running the agents)… but having the same task running fine in version 5 with the same configuration is weird though.
Any help will be appretiated.