为啥 SonarQube 不从 yaml 构建更新 Azure DevOps 质量门状态?

Posted

技术标签:

【中文标题】为啥 SonarQube 不从 yaml 构建更新 Azure DevOps 质量门状态?【英文标题】:Why is SonarQube not updating Azure DevOps quality gate status from yaml builds?为什么 SonarQube 不从 yaml 构建更新 Azure DevOps 质量门状态? 【发布时间】:2020-06-24 08:25:39 【问题描述】:

我有 SonarQube 任务更新 Azure DevOps 构建中的拉取请求状态。在迁移到 YAML 时,同一组任务根本不做任何事情。在传统的构建管道中,这是可行的。

我们从准备 sonarqube 任务开始,构建源代码,运行代码分析,然后发布质量门控结果。

都是绿色的。没有错误,但 PR 仍未更新。

日志也完全没有问题。

##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
##[debug]loading INPUT_POLLINGTIMEOUTSEC
##[debug]loading SECRET_SONARQUBE_ENDPOINT
##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
##[debug]loaded 6
##[debug]Agent.ProxyUrl=undefined
##[debug]Agent.CAInfo=undefined
##[debug]Agent.ClientCert=undefined
##[debug]Agent.SkipCertValidation=undefined
##[debug]SONARQUBE_SCANNER_PARAMS="sonar.host.url":"http://my.Server:9000/sonarqube","sonar.login":***,"sonar.projectKey":"MyProjectNew","sonar.projectName":"MyProjectNew","sonar.projectVersion":"1.2.1-PullRequest0857.4","sonar.pullrequest.key":"857","sonar.pullrequest.base":"release/1.2.0","sonar.pullrequest.branch":"test_sq","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://my.Server/azure.devops/","sonar.pullrequest.vsts.project":"MyProject","sonar.pullrequest.vsts.repository":"MyProject","sonar.scanner.metadataFilePath":"C:\\902_agent2\\_work\\_temp\\sonar\\1.2.1-PullRequest0857.4\\cbdee85f-7901-004a-4db3-ce64c82c3a94\\report-task.txt","sonar.verbose":"true"
##[debug]SONARQUBE_ENDPOINT=***
##[debug][SQ] API GET: '/api/metrics/search' with query ""f":"name","ps":500"

##[debug]pollingTimeoutSec=300
##[debug][SQ] API GET: '/api/server/version' with query "undefined"
##[debug]Response: 200 Body: "8.0.0.29455"
##[debug]Build.BuildNumber=1.2.1-PullRequest0857.4

##[debug][SQ] Task status:IN_PROGRESS
##[debug][SQ] Waiting for task 'AXDJFJJRnBJSMrEnUvVb' to complete.
##[debug][SQ] API GET: '/api/ce/task' with query ""id":"AXDJFJJRnBJSMrEnUvVb""
##[debug]Response: 200 Body: ""task":"id":"AXDJFJJRnBJSMrEnUvVb","type":"REPORT","componentId":"AXCqY5jNnBJSMrEnUvTJ","componentKey":"MyProjectNew","componentName":"MyProjectNew","componentQualifier":"TRK","status":"IN_PROGRESS","submittedAt":"2020-03-11T11:38:58+0100","submitterLogin":"admin","startedAt":"2020-03-11T11:38:58+0100","executionTimeMs":15906,"logs":false,"organization":"default-organization","pullRequest":"857","warnings":[]"
##[debug][SQ] Task status:IN_PROGRESS
##[debug][SQ] Waiting for task 'AXDJFJJRnBJSMrEnUvVb' to complete.
##[debug][SQ] API GET: '/api/ce/task' with query ""id":"AXDJFJJRnBJSMrEnUvVb""
##[debug]Response: 200 Body: ""task":"id":"AXDJFJJRnBJSMrEnUvVb","type":"REPORT","componentId":"AXCqY5jNnBJSMrEnUvTJ","componentKey":"MyProjectNew","componentName":"MyProjectNew","componentQualifier":"TRK","analysisId":"AXDJLSW--Jp4Jqq6qd3Y","status":"SUCCESS","submittedAt":"2020-03-11T11:38:58+0100","submitterLogin":"admin","startedAt":"2020-03-11T11:38:58+0100","executedAt":"2020-03-11T11:39:15+0100","executionTimeMs":16516,"logs":false,"hasScannerContext":true,"organization":"default-organization","pullRequest":"857","warningCount":0,"warnings":[]"
##[debug][SQ] Task status:SUCCESS
##[debug][SQ] Task complete: "id":"AXDJFJJRnBJSMrEnUvVb","type":"REPORT","componentId":"AXCqY5jNnBJSMrEnUvTJ","componentKey":"MyProjectNew","componentName":"MyProjectNew","componentQualifier":"TRK","analysisId":"AXDJLSW--Jp4Jqq6qd3Y","status":"SUCCESS","submittedAt":"2020-03-11T11:38:58+0100","submitterLogin":"admin","startedAt":"2020-03-11T11:38:58+0100","executedAt":"2020-03-11T11:39:15+0100","executionTimeMs":16516,"logs":false,"hasScannerContext":true,"organization":"default-organization","pullRequest":"857","warningCount":0,"warnings":[]
##[debug][SQ] Retrieve Analysis id 'AXDJLSW--Jp4Jqq6qd3Y.'
##[debug][SQ] API GET: '/api/qualitygates/project_status' with query ""analysisId":"AXDJLSW--Jp4Jqq6qd3Y""
##[debug]Response: 200 Body: ""projectStatus":"status":"OK","conditions":["status":"OK","metricKey":"new_reliability_rating","comparator":"GT","periodIndex":1,"errorThreshold":"1","actualValue":"1","status":"OK","metricKey":"new_security_rating","comparator":"GT","periodIndex":1,"errorThreshold":"1","actualValue":"1","status":"OK","metricKey":"new_maintainability_rating","comparator":"GT","periodIndex":1,"errorThreshold":"1","actualValue":"1"],"periods":[],"ignoredConditions":false"
##[debug][SQ] Generate analysis report.'
##[debug]Number of analyses in this build: 1
##[debug]Overall Quality Gate status: ok
##[debug]System.TeamFoundationCollectionUri=https://my.Server/azure.devops/
##[debug]System.TeamProjectId=d93c50f4-ade5-4e28-99c0-35966c7a0de6
##[debug]Build.BuildId=14012
##[debug]["op":0,"path":"/sonarglobalqualitygate","value":"ok"]
SYSTEMVSSCONNECTION exists true
##[debug]SYSTEMVSSCONNECTION exists true
SYSTEMVSSCONNECTION exists true
##[debug]SYSTEMVSSCONNECTION exists true
##[debug]Acquiring a build API object.
##[debug]Creating a new build property with global Quality Gate Status
##[debug]build.artifactStagingDirectory=C:\902_agent2\_work\2\a
##[debug][SQ] Summary saved at: C:\902_agent2\_work\2\a\.sqAnalysis\SonarQubeBuildSummary.md
##[debug][SQ] Uploading build summary from C:\902_agent2\_work\2\a\.sqAnalysis\SonarQubeBuildSummary.md
##[debug]Processed: ##vso[task.addattachment type=Distributedtask.Core.Summary;name=SonarQube Analysis Report;]C:\902_agent2\_work\2\a\.sqAnalysis\SonarQubeBuildSummary.md

【问题讨论】:

【参考方案1】:

感谢@mickaelcaro SonarSource 我查看了日志! web.log 中没有任何内容,但我打开 ce.logs,发现:

2020.03.12 11:37:29 WARN  ce[AXDOTaXpnKCkbQ_udAPU][c.s.C.D.C.C] Failed to decorate Azure DevOps Pull Request: API resource location 225f7195-f9c7-4d14-ab28-a83f7ff77e1f is not registered on https://My.Azure.DevOps.Server/. javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

跑:

keytool -import -alias tfs -keystore  "C:\Program Files\Java\jdk-12.0.1\lib\security\cacerts" -file c:\certs\my-b64.cer

输入密码changeit(如果您尚未设置自己的密码)。

【讨论】:

以上是关于为啥 SonarQube 不从 yaml 构建更新 Azure DevOps 质量门状态?的主要内容,如果未能解决你的问题,请参考以下文章

无法使用 Google Cloud 构建从 cloudbuild.yaml 运行 Sonarqube 分析

通过 Yaml Pipelines 将标签传递给项目 Sonarqube

将 sonarqube 扫描器配置为在云源存储库上作为云构建中的一个步骤运行

MSBuild.SonarQube.Runner.Tool不分析.cs文件

扫描后未在 sonarqube 中更新项目

为啥 Jupyter notebook 不从 VBA 运行?