Sonar-scanner token automation + I can't parse data into the index sonarqube server running in localhost:9000

Question

Here is the github action forkflow :

  - name: Start SonarQube container
    run: |
      docker run -d --name sonarqube -p 9000:9000 sonarqube:lts

  - name: Wait for SonarQube to be ready
    run: |
      echo "Waiting for SonarQube to be ready..."
      while ! curl -s http://localhost:9000/about; do
        echo "SonarQube is not ready yet... retrying in 30 seconds."
        sleep 30
      done
      echo "SonarQube is ready."

  - name: Set up SonarQube Scanner
    run: |
      curl -O https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip
      unzip sonar-scanner-cli-4.6.2.2472-linux.zip
      mv sonar-scanner-4.6.2.2472-linux sonar-scanner
      export GITHUB_PATH=$(pwd)/sonar-scanner/bin

  - name: Verify SonarQube Scanner
    run: |
      ./sonar-scanner/bin/sonar-scanner --version

  - name: Verify SonarQube Server Accessibility
    run: |
      curl -v http://localhost:9000

  - name: Generate SonarQube token
    id: generate_token
    run: |
      export TOKEN_RESPONSE=$(curl -s -X POST -H "Authorization: Basic $(echo -n "admin:admin" | base64)" "http://localhost:9000/api/user_tokens/generate" -d "name=ci-token")
      export SONAR_TOKEN=$(echo $TOKEN_RESPONSE | jq -r .token)

  - name: Run SonarQube scan
    run: |
      ./sonar-scanner/bin/sonar-scanner -X \
        -Dsonar.projectKey=gestion-du-materiel \
        -Dsonar.sources=gestion-du-materiel-back/src \
        -Dsonar.host.url=http://localhost:9000 \
        -Dsonar.login=${{ steps.generate_token.outputs.SONAR_TOKEN }}
        -Dsonar.ws.timeout=60 \
        -Dsonar.ce.task.timeout=600

Run ./sonar-scanner/bin/sonar-scanner -X \
  ./sonar-scanner/bin/sonar-scanner -X \
    -Dsonar.projectKey=<projetKey> \
    -Dsonar.sources=<src> \
    -Dsonar.host.url=http://localhost:9000 \
    -Dsonar.login= <TOKEN> \
    -Dsonar.ws.timeout=60 \
    -Dsonar.ce.task.timeout=600
  shell: /usr/bin/bash -e {0}
  env:
    JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.11-9/x64
    JAVA_HOME_17_X64: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.11-9/x64
15:19:43.443 INFO: Scanner configuration file: /home/runner/work/gestion-du-materiel/gestion-du-materiel/sonar-scanner/conf/sonar-scanner.properties
15:19:43.454 INFO: Project root configuration file: /home/runner/work/gestion-du-materiel/gestion-du-materiel/sonar-project.properties
15:19:43.525 INFO: SonarScanner 4.6.2.2472
15:19:43.526 INFO: Java 11.0.11 AdoptOpenJDK (64-bit)
15:19:43.527 INFO: Linux 6.5.0-1021-azure amd64
15:19:44.028 DEBUG: keyStore is : 
15:19:44.032 DEBUG: keyStore type is : pkcs12
15:19:44.032 DEBUG: keyStore provider is : 
15:19:44.033 DEBUG: init keystore
15:19:44.033 DEBUG: init keymanager of type SunX509
15:19:44.351 DEBUG: Create: /home/runner/.sonar/cache
15:19:44.364 INFO: User cache: /home/runner/.sonar/cache
15:19:44.364 DEBUG: Create: /home/runner/.sonar/cache/_tmp
15:19:44.368 DEBUG: Extract sonar-scanner-api-batch in temp...
15:19:44.377 DEBUG: Get bootstrap index...
15:19:44.380 DEBUG: Download: http://localhost:9000/batch/index
15:19:44.508 DEBUG: Get bootstrap completed
15:19:44.509 INFO: ------------------------------------------------------------------------
15:19:44.510 INFO: EXECUTION FAILURE
15:19:44.510 INFO: ------------------------------------------------------------------------
15:19:44.510 INFO: Total time: 1.123s
15:19:44.546 INFO: Final Memory: 3M/14M
15:19:44.546 ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
15:19:44.546 INFO: ------------------------------------------------------------------------
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
    at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
    at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
    at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
    at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to parse entry in bootstrap index: 
    at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.parse(BootstrapIndexDownloader.java:59)
    at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:44)
    at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
    at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
    ... 7 more

• I need to know how to generate a token without going into the server interface. TOKEN_RESPONSE=$(curl -s -X POST -H "Authorization: Basic $AUTH" "$SONARQUBE_URL/api/user_tokens/generate" -d "name=$TOKEN_NAME") TOKEN=$(echo $TOKEN_RESPONSE | jq -r .token) I'm using this command to create a token but it doesn't generate me my token but it doesn't return an error either.

---

• Also, I need to automate this pipeline to run a sonar scan in my source code using github actions. I deploy a sonarqube server running in localhost:9000 with docker than I install sonar-scanner locally, everything run properly but i can't parse the data scanner into the sonarqube index.

Anyone has already faced this issue ?

Answer 1

Check out the code from this repo on token generation

https://github.com/gitricko/sonarless/blob/a69e0c2439a150380b89d354a66e1586dfa039fa/makefile.sh#L119

This should work as this repo is about automating sonarqube setup and scanning through simple CLI. This might help

Answer 2

Normally, you would host sonarqube on a webserver (EC2, ECS, on-prem) and then have scanner run in CICD to perform the scan. It's interesting to see it running alongside in the CICD pipeline.

I am currently facing the same error plus and HTML body.

19:59:41.607 INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
19:59:41.623 INFO: Project root configuration file: /github/workspace/sonar-project.properties
19:59:41.655 INFO: SonarScanner 5.0.1.3006
19:59:41.655 INFO: Java 17.0.11 Alpine (64-bit)
19:59:41.655 INFO: Linux 6.5.0-1022-azure amd64
19:59:41.859 DEBUG: keyStore is : 
19:59:41.860 DEBUG: keyStore type is : pkcs12
19:59:41.860 DEBUG: keyStore provider is : 
19:59:41.860 DEBUG: init keystore
19:59:41.861 DEBUG: init keymanager of type SunX509
19:59:41.986 DEBUG: Create: /opt/sonar-scanner/.sonar/cache
19:59:41.989 INFO: User cache: /opt/sonar-scanner/.sonar/cache
19:59:41.990 DEBUG: Create: /opt/sonar-scanner/.sonar/cache/_tmp
19:59:41.993 DEBUG: Extract sonar-scanner-api-batch in temp...
19:59:41.997 DEBUG: Get bootstrap index...
19:59:41.997 DEBUG: Download: ***/batch/index
19:59:42.290 DEBUG: Get bootstrap completed
19:59:42.293 ERROR: Failed bootstrap index response: 
<!DOCTYPE html>
<html lang="en">

<head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8" charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <link rel="apple-touch-icon" href="/apple-touch-icon.png">
    <link rel="apple-touch-icon" sizes="57x57" href="/apple-touch-icon-57x57.png">
    <link rel="apple-touch-icon" sizes="60x60" href="/apple-touch-icon-60x60.png">
    <link rel="apple-touch-icon" sizes="72x72" href="/apple-touch-icon-72x72.png">
    <link rel="apple-touch-icon" sizes="76x76" href="/apple-touch-icon-76x76.png">
    <link rel="apple-touch-icon" sizes="114x114" href="/apple-touch-icon-114x114.png">
    <link rel="apple-touch-icon" sizes="120x120" href="/apple-touch-icon-120x120.png">
    <link rel="apple-touch-icon" sizes="144x144" href="/apple-touch-icon-144x144.png">
    <link rel="apple-touch-icon" sizes="152x152" href="/apple-touch-icon-152x152.png">
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon-180x180.png">
    <link rel="icon" type="image/x-icon" href="/favicon.ico">
    <meta name="application-name" content="SonarQube" />
    <meta name="msapplication-TileColor" content="#FFFFFF" />
    <meta name="msapplication-TileImage" content="/mstile-512x512.png" />
    <title>SonarQube</title>

    <link rel="stylesheet" href="/js/outU5ZMYZKI.css" />
</head>

<body>
    <div id="content" data-base-url="" data-server-status="UP" data-instance="SonarQube" data-official="true">
        <div class="global-loading">
            <i class="global-loading-spinner"></i>
            <span aria-live="polite" class="global-loading-text">Loading...</span>
        </div>
    </div>

    <script type="module" src="/js/outKLOTOZX4.js"></script>
</body>

</html>

19:59:42.293 INFO: ------------------------------------------------------------------------
19:59:42.294 INFO: EXECUTION FAILURE
19:59:42.294 INFO: ------------------------------------------------------------------------
19:59:42.295 INFO: Total time: 0.697s
19:59:42.315 ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
19:59:42.314 INFO: Final Memory: 4M/20M
19:59:42.314 INFO: ------------------------------------------------------------------------
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
    at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
    at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
    at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
    at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: java.lang.IllegalStateException: Fail to parse entry in bootstrap index: 
    at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.parse(BootstrapIndexDownloader.java:60)
    at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:44)
    at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
    at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
    ... 7 more

However, from my search so far only suggest that the issue is with scanner failing to communicate withe the sonarqube.

Have you tried having SonarQube and Scanner work locally? If so, would it be worth exposing local SonarQube to the internet with ngrok and configuring Scanner in GitHub action to use this SonarQube server instead? Doing so would let you inspect server logging closer and potentially mimic some of the requests. You could also use pipedream to intercept all traffic (if I recall the right tool for it).