Plugin does not work with Sonarqube 9.1

[axylophon]

Hi we updated our SonarQube and the branch Plugin. So far so good, but the Devops PR decoration is not working anymore. An exception is thrown during the PR decoration. The same error is also thrown when accessing the DevOps Platform Integration menu in the SonarQube UI. Is this caused by the SonarQube 9.1 Version?

java.lang.NoSuchMethodError: org.sonar.db.alm.setting.AlmSettingDto.getPersonalAccessToken()Ljava/lang/String;
	at com.github.mc1arke.sonarqube.plugin.almclient.azuredevops.DefaultAzureDevopsClientFactory.createClient(DefaultAzureDevopsClientFactory.java:53)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.azuredevops.AzureDevOpsPullRequestDecorator.createClient(AzureDevOpsPullRequestDecorator.java:79)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.azuredevops.AzureDevOpsPullRequestDecorator.createClient(AzureDevOpsPullRequestDecorator.java:60)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.DiscussionAwarePullRequestDecorator.decorateQualityGateStatus(DiscussionAwarePullRequestDecorator.java:67)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.PullRequestPostAnalysisTask.finished(PullRequestPostAnalysisTask.java:160)
	at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.executeTask(PostProjectAnalysisTasksExecutor.java:110)
	at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.finished(PostProjectAnalysisTasksExecutor.java:101)
	at org.sonar.ce.task.step.ComputationStepExecutor.executeListener(ComputationStepExecutor.java:91)
	at org.sonar.ce.task.step.ComputationStepExecutor.execute(ComputationStepExecutor.java:63)
	at org.sonar.ce.task.projectanalysis.taskprocessor.ReportTaskProcessor.process(ReportTaskProcessor.java:81)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.executeTask(CeWorkerImpl.java:212)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.run(CeWorkerImpl.java:194)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.findAndProcessTask(CeWorkerImpl.java:160)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$TrackRunningState.get(CeWorkerImpl.java:135)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:87)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:53)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)

• SonarQube Version: 9.1 (build 47736)
• Plugin Version: 1.9.0

[Rybue]

Hi
We having the same issue with Sonarqube 9.1 CE and plugin version 1.9.0

[mc1arke]

The plugin hasn't been updated for Sonarqube 9.1 yet. The methods for accessing the passwords/keys/tokens in Sonarqube now allow for the values to be encrypted, so require passing the encryption token into the relevant methods. I've got changes on my machine, but haven't tested that they work when encryption is enabled.

[mc1arke]

Can you try running the Snapshot from the artefacts section of https://github.com/mc1arke/sonarqube-community-branch-plugin/actions/runs/1279732750 and let me know if it resolves the issue for you please?

[axylophon]

Thank you very much for your quick response! I have installed the Snapshot but we have now issues with spaces in the project and repository names.

The PR decoration must be configured:

But we have a space in our names so it is not found:

I assume the space is the issue because a project/repo combination without spaces is working fine.

Error when saving:
2021.09.28 08:43:14 ERROR web[AXwrDReRoh7bqy5KAAMA][c.g.m.s.p.a.a.AzureDevopsRestClient] Azure Devops response status did not match expected value. Expected: 200\r\nHTTP/1.1 404 Not Found\r\n

Error when analyzing:

2021.09.28 08:43:24 ERROR ce[AXwrJJXMpA_JVSv-Mudr][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Execution of task class com.github.mc1arke.sonarqube.plugin.ce.pullrequest.PullRequestPostAnalysisTask failed
java.lang.IllegalStateException: An unexpected response code was returned from the Azure Devops API - Expected: 200, Got: 404
	at com.github.mc1arke.sonarqube.plugin.almclient.azuredevops.AzureDevopsRestClient.validateResponse(AzureDevopsRestClient.java:157)
	at com.github.mc1arke.sonarqube.plugin.almclient.azuredevops.AzureDevopsRestClient.execute(AzureDevopsRestClient.java:129)
	at com.github.mc1arke.sonarqube.plugin.almclient.azuredevops.AzureDevopsRestClient.retrievePullRequest(AzureDevopsRestClient.java:107)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.azuredevops.AzureDevOpsPullRequestDecorator.getPullRequest(AzureDevOpsPullRequestDecorator.java:98)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.azuredevops.AzureDevOpsPullRequestDecorator.getPullRequest(AzureDevOpsPullRequestDecorator.java:60)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.DiscussionAwarePullRequestDecorator.decorateQualityGateStatus(DiscussionAwarePullRequestDecorator.java:69)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.PullRequestPostAnalysisTask.finished(PullRequestPostAnalysisTask.java:160)
	at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.executeTask(PostProjectAnalysisTasksExecutor.java:110)
	at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.finished(PostProjectAnalysisTasksExecutor.java:101)
	at org.sonar.ce.task.step.ComputationStepExecutor.executeListener(ComputationStepExecutor.java:91)
	at org.sonar.ce.task.step.ComputationStepExecutor.execute(ComputationStepExecutor.java:63)
	at org.sonar.ce.task.projectanalysis.taskprocessor.ReportTaskProcessor.process(ReportTaskProcessor.java:81)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.executeTask(CeWorkerImpl.java:212)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.run(CeWorkerImpl.java:194)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.findAndProcessTask(CeWorkerImpl.java:160)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$TrackRunningState.get(CeWorkerImpl.java:135)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:87)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:53)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)

Additionally the images in the Comment of the PR are not rendered correctly - if I open it in a new tab the image is shown. Also the spaces are not looking good. The screenshot is from a successful run where Project and Repo do not have spaces:

Is this comment a new feature?

[mc1arke]

The comment isn't new in this release, but was added in the 8.9 release. You may have to setup the base image URL in the Sonarqube global settings if your Sonarqube sever isn't internet facing.

[mc1arke]

Can you confirm if it's the space that's causing issues, or the umlaut above the o? We URL encode the project name when passing it in the API calls (https://github.com/mc1arke/sonarqube-community-branch-plugin/blob/master/src/main/java/com/github/mc1arke/sonarqube/plugin/almclient/azuredevops/AzureDevopsRestClient.java#L106) so I'd have thought a space would be ok, although I don't think I've actually tested spaces or special characters against the live Azure API

[axylophon]

We also have a project which is called "ADL Server" - there it is also not working so I assume it is the space...

But on the SonarQube Frontend it is also not working - this is not part of you plugin I guess so it is maybe a common SonarQube issue?

[axylophon]

Btw the images are working in firefox but not in chrome. Chrome is blocking it because our SonarQube Instance is not accessed via https

[mc1arke]

Could you raise a separate issue for the space in the project name please, as it's unrelated to Sonarqube 9.1 support. I can't do much about the HTTP vs HTTPS issue as there's already a way of working around that by specifying an alternative location to load images from within your Sonarqube installation.

[axylophon]

I have created the new issue. The HTTPS issue is resolved by using a reserve proxy to provide an https access to SonarQube.

[rupertgti]

The plugin 1.9.0 is compatible with Sonar9.1? I have an error. I attach the log error:

2021.10.15 10:27:22 INFO  app[][o.s.a.SchedulerImpl] Process[es] is up
2021.10.15 10:27:22 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='web', ipcIndex=2, logFilenamePrefix=web]] from [/opt/sonarqube]: /usr/lib/jvm/java-11-openjdk/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml -javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.9.0.jar=web -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-9.1.0.47736.jar:/opt/sonarqube/lib/jdbc/postgresql/postgresql-42.2.19.jar org.sonar.server.app.WebServer /opt/sonarqube/temp/sq-process13312598435066625467properties
Error opening zip file or JAR manifest missing : ./extensions/plugins/sonarqube-community-branch-plugin-1.9.0.jar
Error occurred during initialization of VM
agent library failed to init: instrument
2021.10.15 10:27:22 WARN  app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [web]: 1
2021.10.15 10:27:22 INFO  app[][o.s.a.SchedulerImpl] Process[web] is stopped
2021.10.15 10:27:22 WARN  app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 143
2021.10.15 10:27:22 INFO  app[][o.s.a.SchedulerImpl] Process[es] is stopped
2021.10.15 10:27:22 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped

I follow the configuration in readme, this is an extract of my deployment configuration:

        - name: SONAR_WEB_JAVAOPTS
          value: >-
            -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml
            -javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.9.0.jar=web
        - name: SONAR_CE_JAVAOPTS
          value: >-
            -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml
            -javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.9.0.jar=ce

[guenhter]

Interesting. I use

Community EditionVersion 9.1 (build 47736)

and the plugin starts up well.

[pcolmer]

Can you try running the Snapshot from the artefacts section of https://github.com/mc1arke/sonarqube-community-branch-plugin/actions/runs/1279732750 and let me know if it resolves the issue for you please?

I've set this up with Docker running sonarqube:9.1-community and it doesn't seem to be working. If I click on the "+" next to a branch name, I see this pop-up:

Get the most out of SonarQube with branch and PR/MR analysis
With Developer Edition you can analyze every pull/merge request. You can also watch the quality of your release branches by analyzing each one individually in SonarQube.

[rupertgti]

Interesting. I use

Community EditionVersion 9.1 (build 47736)

and the plugin starts up well.

Is it in kubernetes? could you share your deployment configuration? SONAR_WEB_JAVAOPTS and SONAR_CE_JAVAOPTS

Thank you!

[guenhter]

@pcolmer

I also get the popup but branches are created when I scan a project with the branch-property set.

@rupertgti

No, I run it via docker on a local server.

[pcolmer]

@guenhter

I also get the popup but branches are created when I scan a project with the branch-property set.

How are you doing this?

I'm using GitHub Actions and if I try to set the the branch name, Sonar really gets upset.

    steps:
      - name: Fetch git repository
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Set environment variables
        run: |
          # Short name for current branch. For PRs, use target branch (base ref)
          GIT_BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}}
          echo "GIT_BRANCH=$GIT_BRANCH" >> $GITHUB_ENV
      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@master
        with:
          args: >
            -Dsonar.branch.name=${{ env.GIT_BRANCH }}
        env:
          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}

java.lang.IllegalStateException: Failed to upload report: Error 500 on ***/api/ce/submit?projectKey=resource-hub&characteristic=branch%3Ddevelop&characteristic=branchType%3DBRANCH : {"errors":[{"msg":"An error has occurred. Please contact your administrator"}]}
	at org.sonar.scanner.report.ReportPublisher.upload(ReportPublisher.java:207)
	at org.sonar.scanner.report.ReportPublisher.execute(ReportPublisher.java:142)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:355)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: org.sonarqube.ws.client.HttpException: Error 500 on ***/api/ce/submit?projectKey=resource-hub&characteristic=branch%3Ddevelop&characteristic=branchType%3DBRANCH : {"errors":[{"msg":"An error has occurred. Please contact your administrator"}]}
	at org.sonarqube.ws.client.BaseResponse.failIfNotSuccessful(BaseResponse.java:36)
	at org.sonar.scanner.bootstrap.DefaultScannerWsClient.failIfUnauthorized(DefaultScannerWsClient.java:112)
	at org.sonar.scanner.bootstrap.DefaultScannerWsClient.call(DefaultScannerWsClient.java:75)
	at org.sonar.scanner.report.ReportPublisher.upload(ReportPublisher.java:205)
	... 21 more

This only breaks after introducing the -Dsonar.branch.name setting.

[guenhter]

:) I just started a docker container, copied the plugin into the right dir, added the two config lines, restarted the container and that's it.
When I find the time tomorrow, I'll try to create a Dockerfile which does that and I'll share this with you then.

[pcolmer]

I just started a docker container, copied the plugin into the right dir, added the two config lines, restarted the container and that's it.

but how are you triggering the branch property? Are you using -Dsonar.branch.name as I am? How are you doing the scanning? Through a command line tool or a GitHub action? I'm asking these questions so that I can try and eliminate possibilities at my end.

Thank you :)

[guenhter]

Here the steps how I managed it to work:

Dockerfile

FROM sonarqube:9.1.0-community

RUN wget -O /opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.9.0.jar https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/1.9.0/sonarqube-community-branch-plugin-1.9.0.jar && \
     sed -i 's#.*sonar.web.javaAdditionalOpts=.*#sonar.web.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.9.0.jar=web#' /opt/sonarqube/conf/sonar.properties && \
     sed -i 's#.*sonar.ce.javaAdditionalOpts=.*#sonar.ce.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.9.0.jar=ce#' /opt/sonarqube/conf/sonar.properties \

1. Build the docker file with:

docker image build -t mysonarqube:9.1.0 .

2. Start the built image

docker container run -d --name sonarqube -p 9000:9000 mysonarqube:9.1.0

3. Log into sonarqube and generate the authorization token
4. Run the scanner with:

// master
docker container run \
    --rm \
    -e SONAR_HOST_URL="http://YOUR_SONARQUBE_IP_ADDRESS:9000" \
    -e SONAR_LOGIN="YOUR_AUTH_TOKEN" \
    -v $(pwd):/usr/src \
    sonarsource/sonar-scanner-cli \
    -Dsonar.projectKey=myproject \
    -Dsonar.branch.name=master

// branch
docker container run \
    --rm \
    -e SONAR_HOST_URL="http://YOUR_SONARQUBE_IP_ADDRESS:9000" \
    -e SONAR_LOGIN="YOUR_AUTH_TOKEN" \
    -v $(pwd):/usr/src \
    sonarsource/sonar-scanner-cli \
    -Dsonar.projectKey=myproject \
    -Dsonar.branch.name=featureBranch1

[pcolmer]

Thanks, @guenhter. This was very helpful and helped me see where I was going wrong with setting up the Docker container.

However, it still doesn't work if I use Sonar's GitHub Action to trigger the scanning. The server itself complains with this:

ERROR web[AXzvRbIgCmcmSVQyAACZ][o.s.s.w.WebServiceEngine] Fail to process request http://sonarqube.linaro.org/api/ce/submit?projectKey=resource-hub&characteristic=branch%3Ddevelop&characteristic=branchType%3DBRANCH
java.lang.IllegalStateException: Current edition does not support branch feature

and the Action reports:

java.lang.IllegalStateException: Failed to upload report: Error 500 on ***/api/ce/submit?projectKey=resource-hub&characteristic=branch%3Ddevelop&characteristic=branchType%3DBRANCH : {"errors":[{"msg":"An error has occurred. Please contact your administrator"}]}

It would seem that the current incarnation of the plugin is not "doing enough" to convince Community Edition that branch feature is supported and allowed. (This might also be why clicking on the + doesn't display the branch menu but an upgrade message instead).

(Just to add that the above are from when we're doing a straightforward scan of a branch, not a PR scan)

[codingwish]

Can you try running the Snapshot from the artefacts section of https://github.com/mc1arke/sonarqube-community-branch-plugin/actions/runs/1279732750 and let me know if it resolves the issue for you please?

It does work for me on CE 9.1 (build 47736) with Azure DevOps. No errors when saving the devops configuration in settings and branch pulldown menu works as well.

[renperez-cpi]

any update on this? I am running into the same issue. I am running sonarqube community 9.1 in kubernetes. the plugin seems to load fine but when I add -Dsonar.branch.name in github action i get the error java.lang.IllegalStateException: Current edition does not support branch feature. i tried using the snapshot jar from above but still does not work @mc1arke

[renperez-cpi]

@pcolmer were you able to find a workaround for this?

[joelguittet]

+1

Running 9.2 Community Edition, I have the error "Current edition does not support branch feature" when running analysis, HTTP error 500 returned to the pipeline.

Some logs, seems normal, no error shown.... :

 SonarQube Server / 9.2.3.50713 / 1b1f8b8c104707c779f31658dccf9736f8a266c4
...
INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Community Branch Plugin / 1.9.0 / null

[mc1arke]

1.10.0 of the plugin has been released supporting Sonarqube 9.1 and Sonarqube 9.2

[pcolmer]

@renperez-cpi apologies for the delay in replying. I was trying to set up a completely new instance of CE with the plugin and a clean database to see what the behaviour was then.

Unlike @codingwish, I'm still not seeing the branch pulldown menu:

Attempting to analyse multiple branches using the GitHub Action sonarsource/sonarqube-scan-action@master results in all of the scan results being stored against the same branch.

I'll create a new GitHub issue so that this can be investigated further with @mc1arke.