Question 112448 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – SonarQube github action not able to get projectKey

Currently trying to add SonarQube to my project with github actions. The issue is that it can’t get the projectKey and that it somehow tries to get a spring bean without having spring boot in my project. The code is as following:

Build.gradle:

plugins {
    id 'org.jetbrains.kotlin.jvm' version '1.7.0'
    id 'java'
    id 'org.owasp.dependencycheck' version '6.3.2'
    id 'com.google.cloud.tools.jib' version '3.2.1'
    id 'org.sonarqube' version '3.4.0.2513'
}

....

sonarqube {
    properties {
        property("sonar.projectKey", "NotificationApi")
        property("sonar.projectBaseDir", "src")
    }
}

Build.yaml:

on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request.
  push:
    branches:
      - master
  pull_request:
    types: [opened, synchronize, reopened]

name: NotificationApi Build
jobs:
  sonarqube:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

With the following error:

WARN: Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ClassRealm{javascript}-org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl': Unsatisfied dependency expressed through constructor parameter 4; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'AnalysisTempFolder' defined in org.sonar.scanner.analysis.AnalysisTempFolderProvider: Unsatisfied dependency expressed through method 'provide' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'DefaultInputProject' defined in org.sonar.scanner.scan.InputProjectProvider: Unsatisfied dependency expressed through method 'provide' parameter 2; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ProjectReactor' defined in org.sonar.scanner.scan.MutableProjectReactorProvider: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.api.batch.bootstrap.ProjectReactor]: Factory method 'provide' threw exception; nested exception is You must define the following mandatory properties for 'Unknown': sonar.projectKey
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 29.603s
ERROR: Error during SonarScanner execution
ERROR: You must define the following mandatory properties for 'Unknown': sonar.projectKey
ERROR: 
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
INFO: Final Memory: 22M/77M

What is wrong about this configuration and what needs to be changed to fix it?

Tags:

2

Answers


  1. 0

    According to the action README file as well as this thread, adding the projectBaseDir input to the SonarQube Scan step should make it work (informing the folder where the sonar-project.properties file is located):

          with:
        projectBaseDir: <project-folder>

    That way the project-level sonar-project.properties files should be detected correctly.

    In your case it would look like this:

          - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@master
        with:
          projectBaseDir: <project-folder>
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

    In case you didn’t create the project sonar-project.properties file yet:

    Project metadata, including the location to the sources to be
    analyzed, must be declared in the file sonar-project.properties in the base directory:

    sonar.projectKey=<replace with the key generated when setting up the project on SonarQube>

# relative paths to source directories. More details and properties are described
# in https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/ 
sonar.sources=.
    Login or Signup to reply.
  2. 0

    This one works fine for many env’s and many apps

    name: Sonarqube Scan CI

on:
  # Trigger analysis when pushing in master or pull requests, and when creating a pull request. 
  push:
    branches:
      - main
  pull_request:
      types: [opened, synchronize, reopened]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  sonarqube:
    name: Execute SQ CI
    runs-on: ${{ matrix.config.os }}
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    strategy:
      fail-fast: false
      matrix:
        config:
          - { os: [dev-ci-runner-cluster], account: "dev", env: "dev" }

        app: ["api", "frontend"]

    steps:
      - uses: actions/checkout@v3
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting
          fetch-depth: 0
      - name: SonarQube Scan ${{ matrix.app }}
        uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_URL }}
        with:
          projectBaseDir: ${{ matrix.app }}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search