Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: temporary fix for sonarqube #12847

Closed
wants to merge 1 commit into from
Closed

fix: temporary fix for sonarqube #12847

wants to merge 1 commit into from

Conversation

erikburt
Copy link
Collaborator

@erikburt erikburt commented Apr 16, 2024
edited
Loading

We are now experiencing problems with sonarqube scan due to a faulty push to the docker image hub.

Issue explained here: https://github.com/SonarSource/sonar-scanner-cli-docker/issues/223#issuecomment-2059724480

Essentially, the github action we rely on points to the 5.0.1 base image. However that tag was erroneously updated 9 months later (docker needs tag immutability!).

I forked the action to my personal account, and pinned the base image to the SHA from a previously successful run.

...
  #5 [internal] load build context
  #5 transferring context: 1.50kB done
  #5 DONE 0.0s
  
  #6 [1/5] FROM docker.io/sonarsource/sonar-scanner-cli:5.0.1@sha256:494ecc3b5b1ee1625bd377b3905c4284e4f0cc155cff397805a244dee1c7d575
  #6 resolve docker.io/sonarsource/sonar-scanner-cli:5.0.1@sha256:494ecc3b5b1ee1625bd377b3905c4284e4f0cc155cff397805a244dee1c7d575 done
  #6 extracting sha256:9398808236ffac29e60c04ec906d8d409af7fa19dc57d8c65ad167e9c4967006
  #6 sha256:494ecc3b5b1ee1625bd377b3905c4284e4f0cc155cff397805a244dee1c7d575 1.36kB / 1.36kB done
  #6 sha256:2f384fb1bbd5f033fa0b628efb5ef3d40b9cafaddb68b9ffdd8c3cacdc237199 5.05kB / 5.05kB done
...

@erikburt erikburt self-assigned this Apr 16, 2024
@erikburt erikburt requested review from a team as code owners April 16, 2024 19:05
@cl-sonarqube-production
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@chainchad
Copy link
Collaborator

Verified:

git diff 0e7aeb5 upstream/master                                                                                               
diff --git a/Dockerfile b/Dockerfile
index cd65f56..882c681 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM sonarsource/sonar-scanner-cli@sha256:494ecc3b5b1ee1625bd377b3905c4284e4f0cc155cff397805a244dee1c7d575
+FROM sonarsource/sonar-scanner-cli:5.0.1

 LABEL version="2.0.1" \
       repository="https://github.com/sonarsource/sonarqube-scan-action" \

@erikburt erikburt closed this Apr 17, 2024
@erikburt erikburt deleted the fix/sonarqube branch April 17, 2024 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chainchad chainchad chainchad approved these changes

Assignees

@erikburt erikburt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erikburt @chainchad