SonarQube waitForQualityGate step in Jenkins is using the wrong URL

Maria_Patrunjel · January 15, 2020, 7:58am

We are currently facing an issue regarding the SonarQube Scanner for Jenkins.
We are using the SonarQube Scanner plugin and the pipeline step waitForQualityGate to wait for the quality gate.

These are the versions that we are using:

SonarQube - Enterprise EditionVersion 7.9.1
Jenkins - version 2.176.2
SonarQube Scanner - version 2.9

The error that we are facing is this:

Checking status of SonarQube task 'AW-LZTb0qGmbA3dcwcDk' on server 'SonarQubeServer'
Fail to request https://ourhost:9010/SonarQube/api/ce/task?id=AW-LZTb0qGmbA3dcwcDk

The error appeared when we changed our sonar.core.serverBaseURL with an HTTPS URL . We did this because our decorations for pull requests in GitHub didn’t work with the HTTP URL. All the images were disabled so we configured a reverse proxy.

Our SobnarQube instance HTTP URL is something like: http://ourhost:9000/SonarQube
Our SonarQube instance HTTPS URL is something like: https://ourhost:9010/SonarQube

In Jenkins we configured our ‘SonarQubeServer’ to use this URL http://ourhost:9000/SonarQube and during the SonarQube scanning step we are using this argument: sonar.host.url=http://ourhost:9000/SonarQube.

The analyze is performed, but on the SonarScanner logs this appear:

INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://ourhost:9010/SonarQube/api/ce/task?id=AW-LZTb0qGmbA3dcwcDk

We searched and it seams that the waitForQualityGate step is reading the URL from the logs and we didn’t find a way to configure the step to use the same URL that is used for the scanning step. Our Jenkinfile is something like this:

pipeline{
...
  stages{
    ...
    stage(‘SonarQube’){
      environment {
         sonarqubeScannerHome = tool name: 'SonarQube Scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation'
      }
      steps{
	     withSonarQubeEnv('SonarQubeServer') { 
	        bat "${env. sonarqubeScannerHome}/bin/sonar-scanner -Dsonar.host.url=${SONAR_HOST_URL} ... "
	     }
       }
    }
    stage(‘Quality Gate’){
         timeout(time: 60, unit: 'MINUTES') {
            waitForQualityGate abortPipeline: true
         }
    }
    ... 
  }
...
}

Is there any way we could configure this so both the waitForQualityGate step and the pull request decorations to work ?

Colin · January 15, 2020, 8:00am

Greetings,

Why not use HTTPS for everything?

Colin

Maria_Patrunjel · January 15, 2020, 8:47am

Hello,

We tried this but we faced this error:

ERROR: SonarQube server [https://ourhost:9010/SonarQube] can not be reached
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
Total time: 0.915s
Final Memory: 5M/123M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Unable to execute SonarQube 
ERROR: Caused by: Fail to get bootstrap index from server
ERROR: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: Caused by: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: Caused by: unable to find valid certification path to requested target
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

script returned exit code 1

Colin · January 15, 2020, 8:50am

I searched that error on this very forum (plus the word jenkins) and found a lot of useful posts

Maria_Patrunjel · January 15, 2020, 12:39pm

Thank you for the quick replay.
We tried it now and indeed the SonarQube scanner step is working now using the HTTPS URL, but the quality gate step is still outputting the same error:

Checking status of SonarQube task 'AW-pNa3TdGoyfBmcrPB9' on server 'SonarQubeServer'

Fail to request https://ourhost:9010/SonarQube/api/ce/task?id=AW-pNa3TdGoyfBmcrPB9

Colin · January 15, 2020, 12:46pm

What happens if you browse directly to https://ourhost:9010/SonarQube/api/ce/task?id=AW-pNa3TdGoyfBmcrPB9?

Maria_Patrunjel · January 15, 2020, 12:58pm

This appears:

{
"task":{
   "id":"AW-pNa3TdGoyfBmcrPB9",
   "type":"REPORT",
   "componentId":"AW-PSuxQQe-mzU9jbiE0",
   "componentKey":"ourProjectKey",
   "componentName":"ourProjectName",
   "componentQualifier":"TRK",
   "analysisId":"AW-pNb2CXvSSIBG2tGWJ",
   "status":"SUCCESS",
   "submittedAt":"2020-01-15T13:37:45+0100",
   "submitterLogin":"ourAccount",
   "startedAt":"2020-01-15T13:37:47+0100",
   "executedAt":"2020-01-15T13:39:51+0100",
   "executionTimeMs":123685,
   "logs":false,
   "hasScannerContext":true,
   "organization":"default-organization",
   "branch":"ourBranch",
   "branchType":"SHORT",
   "warningCount":2,
   "warnings":[]
  }
}

PatrickTester · January 27, 2021, 11:40am

We have got the same/a simular problem:
The scan works fine (runs in a docker) but te quality gate keeps complaining about the certificate.
What keystore does the Quality Gate function use?

dsvaishal · July 16, 2021, 11:45am

We have same issue after moving sonar to https.
Able to run sonar scanner but getting error for certificate while running “waitForQualityGate”.
Did you get any solutions for this?
Thanks