Gitlab-runner sonar-scanner (docker image) ci pipeline

SAGO · January 16, 2020, 12:03pm

Hi there.

I’m setting up a pipeline using giltab runner and that involve sonar-scanner as code quality tool.

I have installed gitllab-runner and gitlab on different machine, as best-practies.
On gitlab-runner machine I have installed docker and I have customize config.toml to use docker executor and runner.docker with sonar-scanner image.

so this is my config.toml:

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "test-ci"
  url = "https://private.gitlab.com"
  token = "mySecretTOKEN"
  tls-ca-file = "/etc/gitlab-runner/certs/mycert.crt"
  executor = "docker"
  environment = ["GIT_SSL_NO_VERIFY=1"]
  [runners.custom_build_dir]
  [runners.docker]	
    tls_verify = false
    image = "sonarsource/sonar-scanner-cli:latest"
    shm_size = 0
    privileged = false
    volumes = ["/etc/sonar-scanner/conf:/opt/sonar-scanner/conf:rw", $PWD:/usr/src:rw ]
    userns_mode = root

This config create a shared runner and run on every commit and all works properly.

I’m facing with an error when gitlab runner launch sonar-scanner docker image.

This is my .gitlab-ci.yml:

variables:
  SONAR_TOKEN: "mySonarTOKEn"
  SONAR_HOST_URL: "http://my.sonar.com"
  GIT_DEPTH: "0"
sonarqube-check:
  stage: test
  script:
    - sonar-scanner -Dsonar.qualitygate.wait=true -Dsonar.projectKey=ci_pipeline -Dsonar.host.url=\"$SONAR_HOST_URL\" -Dsonar.login=\"$SONAR_TOKEN\"
  allow_failure: true
  only:
    - tags
    - master

When pipeline start the sonar-scanner tool, the scan failed cause:

 * [new ref]         refs/pipelines/97 -> refs/pipelines/97
   83ab887..e66e3ce  master            -> origin/master
e[32;1mChecking out e66e3ce4 as master...e[0;m

e[32;1mSkipping Git submodules setupe[0;m
section_end:1579172808:get_sources
e[0Ksection_start:1579172808:restore_cache
e[0Ksection_end:1579172813:restore_cache
e[0Ksection_start:1579172813:download_artifacts
e[0Ksection_end:1579172817:download_artifacts
e[0Ksection_start:1579172817:build_script
e[0KINFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 4.2.0.1873
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 3.10.0-957.el7.x86_64 amd64
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 0.883s
INFO: Final Memory: 2M/58M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: Unable to create user cache: /usr/src/.sonar/cache
	at org.sonarsource.scanner.api.internal.cache.FileCache.createDir(FileCache.java:147)
	at org.sonarsource.scanner.api.internal.cache.FileCache.<init>(FileCache.java:46)
	at org.sonarsource.scanner.api.internal.cache.FileCache.create(FileCache.java:52)
	at org.sonarsource.scanner.api.internal.cache.FileCacheBuilder.build(FileCacheBuilder.java:48)
	at org.sonarsource.scanner.api.internal.JarDownloaderFactory.create(JarDownloaderFactory.java:42)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:68)
	at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
	at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.nio.file.AccessDeniedException: /usr/src/.sonar
	at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(Unknown Source)
	at java.base/java.nio.file.Files.createDirectory(Unknown Source)
	at java.base/java.nio.file.Files.createAndCheckIsDirectory(Unknown Source)
	at java.base/java.nio.file.Files.createDirectories(Unknown Source)
	at org.sonarsource.scanner.api.internal.cache.FileCache.createDir(FileCache.java:145)
	... 9 more
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

the runner try to create /usr/src/.sonar/cache without success.

So there is a config that i need to add to config.toml or .gitlab-ci.yml that allow sonar-scanner docker image to create that folder?

thanks in advance.

nightman68 · January 17, 2020, 6:50pm

Hi there,

my guess is that the volume is not set correctly in your config file:

volumes = ["/etc/sonar-scanner/conf:/opt/sonar-scanner/conf:rw", $PWD:/usr/src:rw ]

The env. variable $PWD points to what path? Try to set it to /tmp/sonar or some similar. When the images is not running as root set acc. permissions.

Good luck!

mungell · June 9, 2020, 3:57pm

Hi @SAGO,

Had similar issue, got it resolved with SONAR_PROJECT_BASE_DIR environment variable.
Try to set it with CI_PROJECT_DIR variable value.

I’ve explained my solution here (dev.to).