SonarCloud has been unable to reach our Jenkins Server via Webhook causing all builds to halt. This is the error we see:
Response: Server Unreachable
Duration: 178ms
Payload: ....
The server is active and we’ve been able to work around the situation somewhat by posting the webhook payload from SonarCloud directly (via postman). Why would SonarCloud say our Jenkins is unreachable. The only thing of note I can think of is that our SSL certs were expired for a few hours; however, the issue still happened after the certificates renewed and I’m not entirely sure the issue wasnt happening before the certs expired.
Is this still happening?
If so, could you send me the ID of a background task that should trigger this webhook, and the time that the background task ran (and specify the timezone).
I can not find more information in the logs on the reason of failure. I have not seen this issue reported before, so I think it is likely there is some configuration on your end preventing SonarCloud from accessing your Jenkins instance.
I am afraid there is little we can do. We try to send a request to your Jenkins instance from the Frankfurt region on AWS, you could try and check if your Jenkins instance is consistently available from there.
It’s available from everywhere. We’re also hosting in AWS, and we basically have 0% downtime.
This is happening on two different servers, and is incredibly repeatable.
As I said, we are able to do it ourselves from the internet at large, so it definitely isn’t an availability issue.
Apart from that, the only other possibility that I can think of is that there’s a slight delay between when our server sends a request and when it starts waiting for a webhook, and your server is responding during that time. I’m guessing that once it fails once, it never tries again, right?
Do you support a more reliable mechanism? Is there a pull-based way of getting the gate information?
I found a bunch of other people complaining about problems with the hook mechanism your using. It’s not resilient at all.
There’s also the fact that the majority of services for CI don’t support webhooks for quality gates (e.g., bitbucket pipelines, github pipelines, codefresh, gitlab ops).
Basically, unless you’re using Jenkins, you’re kind of out of luck.
Is there any way to figure out the quality gate status without using webhooks?
Apologies for the lack of responsiveness on my part. I’ll look into the webhook failures again and will report back if I can find something.
We don’t actively support the build-breaker pattern, see this blog post for more information. However you can still use the web API to achieve this if you wish, specifically the endpoint [/api/ce/activity] (SonarCloud) to poll until the server side processing has finished and the api/qualitygates/project_status.
Hi @TomVanBraband was there ever any resolution on this?
We are seeing exactly same issue.
SonarCloud reports Jenkins webhook as unreachable and time outs after 20 s.
Although we are able to access the webhook from various locations/networks on our own.
(we have to now use 3rd party service which forwards those requests to Jenkins as a workaround, not ideal)
I can privately send more details if that would help.
After six months of no progress on this, we gave up on the webhook reliability and implemented it ourselves as a “build-breaker” in bash. Not sure if it’ll help anyone, but here’s what our script looks like. Note that to use it, you’ll have to set SONAR_CLOUD_TOKEN, PR_ID, and projectId, but these are readily available in Jenkins:
if [[ $STATUS != “OK” ]]
then
echo “SonarCloud Quality Gate Returned $STATUS. Check Sonar to correct any issues.”
exit 1
else
echo “Quality Gate OK”
fi