Travis plugin is failing on external pull request


(Julien Herr) #1

As asked by @Fabrice_Bellingard, I open a topic here.

We are using Travis as CI on the TestNG projects and the SonarCloud plugin is working well on the master branch but not at all on external pull-requests (we didn’t check with internal pull-requests).

The error is:

Unable to execute SonarQube: Fail to get bootstrap index from server: Failed to connect to localhost/127.0.0.1:9000: Connection refused

For example, https://www.travis-ci.com/testng-team/reportng/jobs/132879952 or https://www.travis-ci.com/testng-team/reportng/jobs/133097867

Thanks!
Julien


(Fabrice Bellingard) #2

What’s really weird is that it looks like the SonarCloud Travis Add-on is not loaded during the execution of the build (which explains that the scanner for Maven tries to reach localhost), whereas it seems correctly defined in the Travis YML file.

@dmeneses Do you mind taking a look at this? I’m sure I missed something.


(Duarte Meneses) #3

I confirm that it looks like the addon didn’t run at all.
The expected behavior is: the addon should run, see that it’s an unsecure environment and instruct the scanner to skip the analysis (without failing).
I’ve pulled the latest changes in travis-build to check our ITs against it but they are now broken.
I will fix it next week and check if something changed in Travis’ side regarding unsecured builds.


(Duarte Meneses) #4

Hi Julien,

Meanwhile, as a workaround, you can define your script with something like this (not tested):

if [ "$TRAVIS_SECURE_ENV_VARS" = true ]; then
   mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install sonar:sonar
else
  mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install
fi

(Duarte Meneses) #5

This is actually the expected behavior since the sonarcloud addon is currently only running in secured environments for security reasons.
Travis will therefore skip it entirely in external (unsecured) pull requests.


(Julien Herr) #6

Ok, it was my supposition too.

Do you think it is possible that the sonarcloud addon will configure sonar.skip to true in insecure environments?
Otherwise, we have to define a script like you proposed the last time (and maybe it should be documented somewhere).


(Duarte Meneses) #7

Actually @Fabrice_Bellingard just reminded me that we changed it at some point, currently it should be the addon to skip the analysis, as you suggest.
There has probably been a regression in Travis, which is skipping the addon in unsecure environments as if the plugin wasn’t safe for such environments.
I’ve created a ticket to track this problem and I’ll check with Travis what’s the situation: https://jira.sonarsource.com/browse/TRAVIS-19

Thanks for reporting it!


(Sven Hettwer) #8

Hi!

The workaround did not work for me. Nevertheless, I’ve investigated the issue, was able to solve it and would like to share my solution.

#!/bin/bash

if [ "${SONAR_SCANNER_HOME}" != "" ]; then
    COMMAND="mvn --batch-mode -q clean org.jacoco:jacoco-maven-plugin:prepare-agent install sonar:sonar -Dsonar.projectKey=citrus"
else
    COMMAND="mvn --batch-mode -q clean install"
fi

echo ${COMMAND}
${COMMAND}

Here is the issue concerning this in our project:

BR,
Sven