.gitlab-ci.yml

sonar-scan:
  image: ciricihq/gitlab-sonar-scanner
  variables:
    SONAR_URL: http://xxx.com
    SONAR_PROJECT_VERSION: $CI_BUILD_ID
    SONAR_ANALYSIS_MODE: publish
  script:
    - unset CI_BUILD_REF && /usr/bin/sonar-scanner-run.sh

logs

ERROR: Failed to get Node.js version
java.io.IOException: Cannot run program "node": error=2, No such file or directory
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048)
	at java.lang.Runtime.exec(Runtime.java:620)
	at java.lang.Runtime.exec(Runtime.java:450)
	at java.lang.Runtime.exec(Runtime.java:347)
	at org.sonar.plugin.typescript.ExternalTypescriptSensor.isCompatibleNodeVersion(ExternalTypescriptSensor.java:155)
	at org.sonar.plugin.typescript.ExternalTypescriptSensor.analyze(ExternalTypescriptSensor.java:115)
	at org.sonar.plugin.typescript.ExternalTypescriptSensor.execute(ExternalTypescriptSensor.java:109)
	at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
	at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
	at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:180)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:288)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:283)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:261)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
	at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
	at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
	at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:111)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:63)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
	at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
	at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:123)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:77)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.io.IOException: error=2, No such file or directory
	at java.lang.UNIXProcess.forkAndExec(Native Method)
	at java.lang.UNIXProcess.<init>(UNIXProcess.java:247)
	at java.lang.ProcessImpl.start(ProcessImpl.java:134)
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029)
	... 38 common frames omitted

ERROR: No TypeScript files will be analyzed

Hi all,
when i run sonarqube analysis on master branch i see, at the end of the pipeline, an unexpected job.

How i can remove it?

This not happens when use another branch, also with publishing enabled.

This is my yaml gitlab file

.quality_variables: &quality_variables
  SONAR_URL: https://xxxxxxxxxxxxxx

.quality_template: &quality_template
  stage: quality
  image: ciricihq/gitlab-sonar-scanner
  <<: *runner
  dependencies:
    - npm:test
  cache: {}
  before_script:
    - echo "sonar.login=${SONAR_TOKEN}" >> sonar-project.properties
  script: 
    - |
      gitlab-sonar-scanner \
      -Dsonar.gitlab.project_id=$CI_PROJECT_ID \
      -Dsonar.gitlab.user_token=$GITLAB_TOKEN \
      -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA \
      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
  except:
    variables:
      - $SKIP_QUALITY == "true"

quality:preview:
  <<: *quality_template
  variables:
    <<: *quality_variables
    SONAR_ANALYSIS_MODE: "preview"
  only:
    refs:
      - /^epic\/*/
      - /^hotfix\/*/
      - /^feature\/*/
      - test
      
quality:publish:
  <<: *quality_template
  variables:
    <<: *quality_variables
    SONAR_ANALYSIS_MODE: "publish"
  only:
    refs:
      - master

Regards

Nor the sonar scanner, nor the gitlab plugin for sonar, support crashing the scan in case a quality profile fails, but we can use the sonar api to fix that.

See https://docs.sonarqube.org/display/SONARQUBE54/Breaking+the+CI+Build for more details about how to break the build, but basically we should:

• Only do this if a variable like QUALITY_CHECK is defined.
• Take ceTaskId from the generated file by sonar report-task.txt.
• GET call to ${SONAR_URL}/api/ce/task?id=${ceTaskId} and get analysisId field
• GET call to ${SONAR_URL}api/qualitygates/project_status?analysisId=${analysisId} and get analysisId field
• In case the response from the previous call returns status !== OK, break the build.

Hi!

I've been struggling lately to get a gitlab CI work with a simple C++ test project, which you can find here

Iy you check recent pipelines, especially the sonarqube job, you will see in its logs that it desperately fails with a NoSuchFileException.

It's really disappointing, since sonar-scanner works perfectly on my local environment with the very same sonar.properties file! And to be honest, I'm not quite sure that gitlab-sonar-scanner image is the culprit...

Am I missing something? Any help is more than welcome, thanks!

Hi!
Thanks for this image that save me a lot of time and effort!

But if I manage to connect the docker and the sonar server, it seems that it's analysing all the source files (10min) even in ISSUE mode.

Here is my gitlab-ci job

SonarQube:
  stage: quality
  image: ciricihq/gitlab-sonar-scanner
  variables:
    SONAR_URL: http://sonar.***.***
    SONAR_ANALYSIS_MODE: issues
  script:
  - gitlab-sonar-scanner
  allow_failure: true

and my sonar-project.properties

sonar.sources=.
sonar.java.binaries=*/build
sonar.sourceEncoding=ISO-8859-1

sonar.gitlab.project_id=git@gitlab.***.***:2003/*******/***.git

In the job log it says:
INFO: 18831/18831 source files have been analyzed

Hello,

I created a new version of this tool, it's available here if you are interested: https://github.com/dcuenot/gitlab-sonar-scanner-with-quality-gate

I'm currently using Sonar scanner version 4.3.0.2102
And I also developed a CLI to collect the result of Sonar Quality Gate, and display it in Gitlab comments.

Feel free if you have any feedbacks.
And thanks ciricihq for this initial work!

Damien

Currently, the Dockerfile downloads the sonar-scanner-cli from sonarsource.com and unzips it to /usr/bin/sonar-scanner. But it does not delete the original zip file. Thus, the image size is needlessly increased and the image is not "clean" as well.

A simple rm sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip within the Dockerfile would resolve this.

Certain variables in use are deprecated. For example: CI_BUILD_REF to CI_COMMIT_SHA
https://docs.gitlab.com/ee/ci/variables/deprecated_variables.html

Script should be updated to look for the new variable. For backwards compatibility, both variables could be checked.

As you can see here (https://hub.docker.com/r/ciricihq/gitlab-sonar-scanner/builds) the Docker builds are failing.
A local test shows that the Dockerfile cannot find the required ZIP file on line 6. Not sure if you just can replace the URI with the following one as it may change in the future:

https://dl.bintray.com/sonarsource/SonarQube/org/sonarsource/scanner/cli/sonar-scanner-cli/${SONAR_SCANNER_VERSION}/sonar-scanner-cli-${SONAR_SCANNER_VERSION}.zip

Since this project isn't maintained anymore and there are better solutions already published (see #51), this project should be archived.

@cirici could you please do so? In project settings, advanced section, "Archive this project":

It would be much better if you add a note in the readme pointing to dcuenot/gitlab-sonar-scanner-with-quality-gate version.

Edit: It is important to NOT REMOVE the project. Removing the project could also remove all 79 current forks, which isn't what we want.

Sonar 7.7 does not support sonar.analysis.mode

gabrie-allaigre/sonar-gitlab-plugin#132
A 7.7 compatibility patch is currently PR
gabrie-allaigre/sonar-gitlab-plugin#226

Hi, at the beginning I would like to thank you for the nice image I've been using it for some time. But now we move our SonarQube server behind SSL and we have problem with certs. So I should import my certificate but when certs are located in this image?

In another projects I import certificate using this command:

- echo -n | openssl s_client -connect <ip>:443  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./cert.cert
- keytool -import -noprompt -trustcacerts -file ./cert.cert -alias certalias -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

But here i get following error:
/bin/sh: eval: line 73: openssl: not found

It's part of my gitlab-ci file:

sonarqube-reports:
  stage: analysis
  image: ciricihq/gitlab-sonar-scanner
  variables:
    SONAR_URL: 'https://main-domain/sonar/'
    SONAR_ANALYSIS_MODE: publish
  script:
    - gitlab-sonar-scanner
  only:
    - master 

It's gitlab log:
ERROR: Error during SonarQube Scanner execution org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84) at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71) at java.security.AccessController.doPrivileged(Native Method) at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71) at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67) at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218) at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156) at org.sonarsource.scanner.cli.Main.execute(Main.java:74) at org.sonarsource.scanner.cli.Main.main(Main.java:61) Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:100) at org.sonarsource.scanner.api.internal.Jars.getScannerEngineFiles(Jars.java:76) at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70) at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39) at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75) ... 8 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:267) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:237) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:148) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:186) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:179) at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:63) at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:113) at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98) at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:96) ... 12 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ... 41 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ... 47 more

How can I import certificates for this image? Thank you in advance

After yesterday's remove of unnecessary assignment SONAR_PROJECT_KEY=$CI_PROJECT_NAME, I get

You must define the following mandatory properties for 'Unknown': sonar.projectKey

my yml config looks like this:

sonarqube:
  stage: analysis
  image: ciricihq/gitlab-sonar-scanner
  variables:
    SONAR_URL: "https://sonarurl.sonar"
    SONAR_ANALYSIS_MODE: "issues"
    SONAR_TOKEN: "token"
    SONAR_PROJECT_KEY: "$CI_PROJECT_NAME"
    SONAR_PROJECT_NAME: "$CI_PROJECT_NAME"
    SONAR_PROJECT_VERSION: "$CI_JOB_ID"
    SONAR_GITLAB_PROJECT_ID: "$CI_PROJECT_ID"
  script:
    - /usr/bin/sonar-scanner-run.sh
  tags:
    - runner

Should I add it to the script execution like /usr/bin/sonar-scanner-run.sh -Dsonar.projectKey=$CI_PROJECT_NAME ?

Hi, I am using gitlab-sonar-plugin to run sonar scanner for each branch on every new commit.
I am using gabrie-allaigre/sonar-gitlab-plugin for sonnar-gitlab integration.

My expectation is, if I run sonar scanner is issue mode, it should add a comment in my commit with issues and with publishing mode it should publish the report to sonar server.

So, till now I can publish my report to sonar server with all issue and git lab code for that particular commit, but not been able to see any comment on my gitlab commit.

Then, I realised that I need to pass the commit sha, and changed this command to gitlab cli

script:
- gitlab-sonar-scanner -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA

post this change, my sonar scanner is failing constantly with below exception
ERROR: Error during SonarQube Scanner execution
ERROR: Failed to execute project builder: com.talanlabs.sonar.plugins.gitlab.CommitProjectBuilder
ERROR: Caused by: Unable to perform GitLab WS operation
ERROR: Caused by: GitLab is not responding
ERROR: Caused by: Server returned HTTP response code: 502 for URL: https://gitlab.com/api/v4/projects?archived=false&membership=false&order_by=created_at&owned=false&page=57&per_page=20&simple=false&sort=desc&starred=false&statistics=false&with_custom_attributes=false&with_issues_enabled=false&with_merge_requests_enabled=false
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

I am using

• gabrie-allaigre/sonar-gitlab-plugin version 3.0.0

• image: ciricihq/gitlab-sonar-scanner

• Gitlab version 10.7.0-rc5-ee

• sonnarQube version 6.5.0.27846

My gitlab yml task file looks like this
Run SonarQube:
stage: Prebuild
image: ciricihq/gitlab-sonar-scanner
variables:
SONAR_URL: http://sonar.my.sonar.url
SONAR_ANALYSIS_MODE: issues
script:
- gitlab-sonar-scanner -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
only:
- branches
except:
- master

and my sonar-project.properties files is as below
sonar.projectKey=test:test sonar.exclusions=ui/node_modules/** sonar.sources=. [email protected]:xyz/pqr/abc.git

Hi,
I just tried to use your Docker image to integrate Gitlab and SonarQube.
I have a Gitlab-CI job which is generating a test coverage report in XML format (which is stored as an artefact). How can I upload this report to Sonar?
Best regards,
Thierry

Before accepting PR from greater versions, we should fix the tags we're defining for docker hub, or, at least, add tags for each sonarqube version we have plugins for.

Right now, based on user comments and issues, and based on our experience, we should, at least, create these two tags:

• 6.2 (our currently used version, and used by many others. It should be compatible until version 6.6
• 6.7 (see #15)

Automatically define SONAR_PROJECT_VERSION from $CI_BUILD_ID if SONAR_PROJECT_VERSION has not been defined by the user (in .gitlab-ci.yml).

More:

• SONAR_PROJECT_VERSION: $CI_BUILD_ID
• SONAR_GITLAB_PROJECT_ID: $CI_PROJECT_ID
• SONAR_PROJECT_KEY: $CI_PROJECT_NAME

When someone try to add custom arguments to the gitlab-sonar-scanner command, only the first argument is watched because of the last line of that sonar-scanner-run.sh file

All other argument is ignored.

I tried to pass

  script:
    - gitlab-sonar-scanner -X -Djavax.net.ssl.trustStore=/usr/bin/local.keystore -Djavax.net.ssl.trustStorePassword=changeit

arguements to bypass the custom, enterprise wide, self-signed root CA certificates ignoring (related issue to: #40)

Hi,

I am trying to fail a gitlab ci job if there are major issues.
Is there a way to fail the job?

Regards.

Hi, I'm beginner with sonarqube and gitlab-ci. Just realise this useful solution, but I'm facing an issue. I'm using local host SonarQube, been testing the script below:

sonar-qube:
  stage: sonar-qube
  image: ciricihq/gitlab-sonar-scanner
  variables:
    SONAR_URL: http://localhost:9000
    SONAR_ANALYSIS_MODE: publish
  script:
    - echo "sonar scan..."
    - gitlab-sonar-scanner
    - echo "testing..."

However, I'm receiving message like

ERROR: SonarQube server [http://localhost:9000] can not be reached

For your information, I have started up SonarQube server from terminal before the yml script run. Hope anyone from the community could provide advice in this matter. Thanks!

The LTS release is now 6.7

I get the following warnings:

• WARN: The use of the issues mode (sonar.analysis.mode=issues) is deprecated. This mode will be dropped in the future.
• WARN: Ability to set quality profile from command line using 'sonar.profile' is deprecated and will be dropped in a future SonarQube version.
• WARN: The use of "sonar.branch" is deprecated and replaced by "sonar.branch.name". See https://redirect.sonarsource.com/doc/branches.html.

The last one is most important for me as sonar.branch is now incompatible with sonar.branch.name and I cannot use the new branch feature by SonarQube.

For the correct analysis of the projects where Typescript is used, it is necessary to add the command for the installation of npm and typescript.

It would be nice to add this:

RUN \
        apk add --no-cache npm && \
        npm install -g typescript

There is no default command and no entrypoint defined in the Dockerfile.
Thus, everybody not using the .gitlab-ci.yml using this image needs to explicitly call it with:

docker run ciricihq/gitlab-sonar-scanner gitlab-sonar-scanner

As the gitlab-sonar-scanner script is the main purpose of this image. We could define it as the default command or maybe even as the default entrypoint.

There's another project aiming to do the same:

https://git.johnnei.org/Johnnei/sonar-gitlab-plugin

Try if it can be compatible with this approach

Take a look the code bellow in sonar-scanner-run.sh:

#!/bin/sh

URL=$SONAR_URL
SONAR_TOKEN=$SONAR_TOKEN

if [ -z "$SONAR_PROJECT_KEY" ]; then
  echo "Undefined \"projectKey\"" && exit 1
else
  COMMAND="sonar-scanner -Dsonar.host.url=\"$URL\" -Dsonar.projectKey=\"$SONAR_PROJECT_KEY\""
....

I can't see SONAR_TOKEN being used. Can I login in my private sonar using token and put the report inside it?

As this is a plugin for properly integrating sonarqube with gitlab, the option sonar.gitlab.failure_notification_mode should be set to exit-code by default.

Otherwise, if the build crashes it generates a strange behavior in the pipelines, as described in gabrie-allaigre/sonar-gitlab-plugin#51

If you create a sonar-project.properties file, sonarqube complains if you don't set sonar.projectKey on that file. We should not require SONAR_PROJECT_KEY env var if a properties file exists.

Please,

I have this error when running sonar-scanner, it is something related to Gitlab API V3.

Caused by: java.io.FileNotFoundException: https://gitlab.com/api/v3/projects at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1872) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at com.talanlabs.gitlab.api.v3.http.GitLabHTTPRequestor.parse(GitLabHTTPRequestor.java:336) at com.talanlabs.gitlab.api.v3.http.GitLabHTTPRequestor.toPaged(GitLabHTTPRequestor.java:144) at com.talanlabs.gitlab.api.v3.services.GitLabAPIProjects.getProjects(GitLabAPIProjects.java:101) at com.talanlabs.gitlab.api.v3.services.GitLabAPIProjects.getProjects(GitLabAPIProjects.java:43) at com.talanlabs.sonar.plugins.gitlab.GitLabApiV3Wrapper.getGitLabProject(GitLabApiV3Wrapper.java:90) at com.talanlabs.sonar.plugins.gitlab.GitLabApiV3Wrapper.init(GitLabApiV3Wrapper.java:63)

When sonar-scanner try to scan a *.sh shell file it throws an error:

11:54:30.693 INFO: Sensor ShellCheck Sensor [shellcheck]
11:54:30.693 DEBUG: ShellCheck sensor executed with context: org.sonar.scanner.sensor.ModuleSensorContext@31228d83
11:54:30.693 DEBUG: Analyzing file: collectDependencies.sh
11:54:30.694 DEBUG: Executing command: [shellcheck, -x, -f, json, /builds/*****/*****/debinstall/collectDependencies.sh]
11:54:30.699 ERROR: Error executing command
java.io.IOException: Cannot run program "shellcheck": error=2, No such file or directory
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048)
...
Caused by: java.io.IOException: error=2, No such file or directory
	at java.lang.UNIXProcess.forkAndExec(Native Method)
	at java.lang.UNIXProcess.<init>(UNIXProcess.java:247)
	at java.lang.ProcessImpl.start(ProcessImpl.java:134)
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029)
	... 32 common frames omitted
11:54:30.699 INFO: Sensor ShellCheck Sensor [shellcheck] (done) | time=6ms

A https://hub.docker.com/r/koalaman/shellcheck-alpine docker image is available for that purpose.

Due to this if: https://github.com/ciricihq/gitlab-sonar-scanner/blob/develop/sonar-scanner-run.sh#L11

We'll remove it for now, unless someone comes with a solution for setting it without overwriting the definition in sonar-project.properties file.