SonarQubeAnalyze@7 overwrites default JAVA_HOME environment variable

BV1987 · December 3, 2024, 11:41am

SonarQube Version: Community Edition v10.7 (96327)
SonarScanner: 5.0.1.3006
Environment: OnPrem hosted in a docker container on Linux
Task: SonarQubeAnalyze@7
Build server: Windows Server 2022 10.0 amd64

We are updating our pipelines to use version 7 of the SonarQube tasks in Azure DevOps CI/CD and ran into an issue.

When executing the following task:

- task: SonarQubeAnalyze@7
  inputs:
    jdkversion: 'JAVA_HOME'

We are getting an error that the sonarqube server can’t be reached due to certificate issues (checked those and they are still in place).
We have Java jdk23 installed on our build server and added our certificates to the store so the build tasks are able to connect to SonarQube.

After some deeper diving in the logs, I stumbled upon these entries:

2024-12-03T10:28:26.5363398Z Process returned exit code 0
2024-12-03T10:28:26.5363557Z The TFS Processor has finished
2024-12-03T10:28:26.5364106Z Setting the JAVA_HOME for the scanner cli to C:\Users\XYZ\.sonar\cache\4bafe2e94439c8193fc8c68247cb0dbaf4e80265b903288f63f128304f129bbe\OpenJDK17U-jre_x64_windows_hotspot_17.0.11_9.zip_extracted\jdk-17.0.11+9-jre.
2024-12-03T10:28:26.5364543Z Calling the SonarScanner CLI...
2024-12-03T10:28:26.5365203Z Overwriting the value of environment variable 'JAVA_HOME'. Old value: C:\Program Files\Java\jdk-23, new value: C:\Users\XYZ\.sonar\cache\4bafe2e94439c8193fc8c68247cb0dbaf4e80265b903288f63f128304f129bbe\OpenJDK17U-jre_x64_windows_hotspot_17.0.11_9.zip_extracted\jdk-17.0.11+9-jre
...
...
2024-12-03T10:28:26.5368386Z 10:28:25.115 INFO: SonarScanner 5.0.1.3006
2024-12-03T10:28:26.5368626Z 10:28:25.115 INFO: Java 17.0.11 Eclipse Adoptium (64-bit)
2024-12-03T10:28:26.5368829Z 10:28:25.115 INFO: Windows Server 2022 10.0 amd64

I initially thought the environment variable couldn’t be found, but the log files explicitly say, this is the old version, but we are overwriting with another version. After overwriting, the new version doesn’t have the certificates in place it needs, which make it impossible to call the server.

Is there a reason why SonarQubeAnalyze@7 would overwrite the JAVA_HOME variable?

Also, SonarQubePrepare@7 does not have this issue, because it looks like this does use the defautl JAVA_HOME environment variable

ganncamp · December 4, 2024, 4:47pm

Hi,

Welcome to the community!

I’m a bit confused:

Starting from v6.0.1, the SonarScanner version defaults to 6.

Can you share your pipeline?

Thx,
Ann

BV1987 · December 6, 2024, 1:04pm

Hello,

Sure, there isn’t much to it as we have designated Code Quality pipelines:

trigger:
  - main

stages:
  - stage: CodeQualitySonarQube
    displayName: Code Quality with SonarQube
    pool:
      name: '<ON_PREM_AGENT_POOL>'
    jobs:
    - job: ScanApi
      displayName: Scan API
      steps:
        - task: UseDotNet@2
          displayName: Install .NET Core SDK
          inputs:
            version: 8.x

        - task: DotNetCoreCLI@2
          displayName: Restore Solution Dependencies
          inputs:
            command: 'restore'
            projects: '$(System.DefaultWorkingDirectory)/Api/*.sln'

        - task: SonarQubePrepare@7
          displayName: SonarQube - Prepare
          inputs:
            SonarQube: 'SonarQube OnPrem'
            scannerMode: 'dotnet'
            projectKey: '<PROJECT_KEY>'
            projectName: '<PROJECT_NAME>'
            extraProperties: |
              sonar.cs.vstest.reportsPaths=$(Agent.TempDirectory)\**\*.trx
              sonar.cs.vscoveragexml.reportsPaths=$(Agent.TempDirectory)\**\*.coveragexml
              sonar.verbose=true
        
        - task: DotNetCoreCLI@2
          displayName: Build  API
          inputs:
            command: 'build'
            projects: '$(System.DefaultWorkingDirectory)/Api/*.sln'
            arguments: '--configuration Release --no-restore'

        - task: DotNetCoreCLI@2
          displayName: Run unit tests
          inputs:
            command: 'test'
            projects: '$(System.DefaultWorkingDirectory)/Api/**/*.Tests.Unit.csproj'
            arguments: '--configuration Release --no-restore --collect "Code Coverage"'

        - task: SonarQubeAnalyze@7
          displayName: SonarQube - Analyze
          inputs:
            jdkversion: 'JAVA_HOME'

        - task: SonarQubePublish@7
          displayName: Prepare Publish
          inputs:
            pollingTimeoutSec: '300'

    - job: ScanWebApp
      displayName: Scan Web App
      steps:
        - task: Npm@1
          displayName: 'npm install'
          inputs:
            command: 'install'
            workingDir: '$(System.DefaultWorkingDirectory)/Client'
        
        - task: Npm@1
          displayName: 'Build Web App'
          inputs:
            command: 'custom'
            workingDir: '$(System.DefaultWorkingDirectory)/Client'
            customCommand: 'run build'
      
        - task: SonarQubePrepare@7
          displayName: SonarQube - Prepare
          inputs:
            SonarQube: 'SonarQube OnPrem'
            scannerMode: 'cli'
            configMode: 'manual'
            projectKey: '<PROJECT_KEY>'
            projectName: '<PROJECT_NAME>'
            cliSources: '$(System.DefaultWorkingDirectory)/Client/src'

        - task: SonarQubeAnalyze@7
          displayName: SonarQube - Analyze
          inputs:
            jdkversion: 'JAVA_HOME'

        - task: SonarQubePublish@7
          displayName: Prepare Publish
          inputs:
            pollingTimeoutSec: '300'

Parts of the logs are then (stripped for readability):

Starting: SonarQube - Analyze
==============================================================================
Task         : Run Code Analysis
Description  : Run scanner and upload the results to the SonarQube Server.
Version      : 7.1.1
Author       : sonarsource
Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarqube-extension-for-azure-devops/)
==============================================================================
.....

SonarScanner for MSBuild 9.0.2
Using the .NET Framework version of the Scanner for MSBuild
Post-processing started.
.....

Calling the TFS Processor executable...
##[error]12:43:29.541 ERROR: SonarQube server [URL] can not be reached
.....

Coverage report conversion completed successfully.
Process returned exit code 0
The TFS Processor has finished
Setting the JAVA_HOME for the scanner cli to C:\<PATH>\.sonar\cache\4bafe2e94439c8193fc8c68247cb0dbaf4e80265b903288f63f128304f129bbe\OpenJDK17U-jre_x64_windows_hotspot_17.0.11_9.zip_extracted\jdk-17.0.11+9-jre.
Calling the SonarScanner CLI...
Overwriting the value of environment variable 'JAVA_HOME'. Old value: C:\Program Files\Java\jdk-23, new value: C:\<PATH>\sonar\cache\4bafe2e94439c8193fc8c68247cb0dbaf4e80265b903288f63f128304f129bbe\OpenJDK17U-jre_x64_windows_hotspot_17.0.11_9.zip_extracted\jdk-17.0.11+9-jre
.....

12:43:28.530 INFO: SonarScanner 5.0.1.3006
12:43:28.530 INFO: Java 17.0.11 Eclipse Adoptium (64-bit)
12:43:28.530 INFO: Windows Server 2022 10.0 amd64
12:43:28.899 DEBUG: keyStore is : 
12:43:28.899 DEBUG: keyStore type is : pkcs12
12:43:28.899 DEBUG: keyStore provider is : 
12:43:28.899 DEBUG: init keystore
12:43:28.900 DEBUG: init keymanager of type SunX509
12:43:29.232 DEBUG: Create: C:\<PATH>\.sonar\cache
12:43:29.233 INFO: User cache: C:\<PATH>\.sonar\cache
12:43:29.233 DEBUG: Create: C:\<PATH>\.sonar\cache\_tmp
12:43:29.236 DEBUG: Extract sonar-scanner-api-batch in temp...
12:43:29.248 DEBUG: Get bootstrap index...
12:43:29.248 DEBUG: Download: https://<URL>/batch/index
12:43:29.541 INFO: ------------------------------------------------------------------------
12:43:29.541 INFO: EXECUTION FAILURE
12:43:29.541 INFO: ------------------------------------------------------------------------
12:43:29.542 INFO: Total time: 1.184s
12:43:29.558 INFO: Final Memory: 4M/20M
12:43:29.558 INFO: ------------------------------------------------------------------------
Process returned exit code 1

tim.pohlmann · January 24, 2025, 2:27pm

Hi BV, I’m very sorry for the late response, this has fallen through the cracks.

Since you’re machine already has Java set up, you can skip the JRE auto-provisioning (which is causing the override). Just add an additional parameter to the prepare step:

- task: SonarQubePrepare@7
          displayName: SonarQube - Prepare
          inputs:
            SonarQube: 'SonarQube OnPrem'
            scannerMode: 'cli'
            configMode: 'manual'
            projectKey: '<PROJECT_KEY>'
            projectName: '<PROJECT_NAME>'
            cliSources: '$(System.DefaultWorkingDirectory)/Client/src'
            extraProperties: |
              sonar.scanner.skipJreProvisioning=true

I hope this helps!
Tim

denis.troller · January 28, 2025, 7:31am

Hi there, @BV1987

There is indeed an issue between self-provisioned certificates and JRE auto-provisioning. We are working on a solution to that problem at the moment.

In the meantime, I’m afraid the only solution is to disable it, as @tim.pohlmann indicated.

Denis

BV1987 · January 28, 2025, 11:03am

Hi Tim,

Just upgraded everything again and tested your solution and all is working as expected.

Thanks for the help!

system · February 4, 2025, 11:04am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.