We’ve recently been evaluating Sonarqube as a code quality and coverage analyzer on our C# and Typescript based projects. We’ve setup an SQ server running in docker, which seems to be running fine. Our builds also run inside a docker container, and use the dotnet-sonarscanner tool for .net core. The build and scanning run without issue, but the process fails to upload the analysis to the SQ server whenever we have scm/blame enabled. Everything works perfectly with scm/blame disabled.
Here is our build dockerfile:
FROM mcr.microsoft.com/dotnet/core/sdk:2.2.104 as build-netcore
ARG SONAR_TOKEN
WORKDIR /build
SHELL [“/bin/bash”, “-c”]COPY ./ ./
RUN apt-get update -yq \
&& apt-get upgrade -yq \
&& apt-get install -yq openjdk-8-jre-headless ca-certificates-java \
&& apt-get install -y unzip \
&& curl -sL https://deb.nodesource.com/setup_10.x | bash \
&& apt-get install -y nodejs \
&& dotnet tool install --global dotnet-sonarscanner \
&& export PATH=“$PATH:/root/.dotnet/tools” \
&& dotnet restore service/AXS/AXS.sln \
&& dotnet sonarscanner begin /k:axs /d:sonar.host.url=https://redacted.io /d:sonar.login=${SONAR_TOKEN} \
&& dotnet build service/AXS/AXS.sln \
&& dotnet sonarscanner end /d:sonar.login=${SONAR_TOKEN}
Which gets executed with:
docker build --build-arg SONAR_TOKEN=${SONAR_TOKEN} .
When SCM/blame is not disabled (with auto-detection):
We get the following output (tail):
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=205ms
INFO: SCM provider for this project is: git
INFO: 1327 files to be analyzed
INFO: 95/1327 files analyzed
INFO: 269/1327 files analyzed
INFO: 454/1327 files analyzed
INFO: 635/1327 files analyzed
INFO: 829/1327 files analyzed
INFO: 1027/1327 files analyzed
INFO: 1198/1327 files analyzed
INFO: 1327/1327 files analyzed
INFO: 102 files had no CPD blocks
INFO: Calculating CPD for 1168 files
INFO: CPD calculation finished
INFO: Analysis report generated in 392ms, dir size=11 MB
INFO: Analysis report compressed in 3062ms, zip size=5 MB
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:05.668s
INFO: Final Memory: 18M/430M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: You’re not authorized to run analysis. Please contact the project administrator.
ERROR: The SonarQube Scanner did not complete successfully
BUT, when we disable the SCM/blame:
We get the following successful output (tail):
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=226ms
INFO: SCM Publisher is disabled
INFO: 102 files had no CPD blocks
INFO: Calculating CPD for 1168 files
INFO: CPD calculation finished
INFO: Analysis report generated in 409ms, dir size=10 MB
INFO: Analysis report compressed in 2586ms, zip size=4 MB
INFO: Analysis report uploaded in 1162ms
INFO: ANALYSIS SUCCESSFUL, you can browse https://redacted.io/dashboard?id=axs
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://redacted.io/api/ce/task?id=AWoybkcfwsOlZVOObF9d
INFO: Analysis total time: 17.583 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 53.321s
INFO: Final Memory: 20M/333M
INFO: ------------------------------------------------------------------------
The SonarQube Scanner has finished
The token we are using in both cases is associated to the Administrator account on our SQ server, which naturally has been given all permissions to do everything (as far as we can tell).
We are counting on tracking the author on quality and coverage changes so we can automate messaging to that developer. Any thoughts as to what could cause this behavior?
Thank you in advance!