In our Java SpringBoot project we are using GitHub actions to run SonarScan. It was working like a charm until I've added first custom library to the project. That library is in Nexus repo and accessible only via VPN.
Locally project is built without any issues and works fine. Unit-testing and dev deployment GH actions run successfully. But SonarScan action is failing on :compileJava because of the missing resource (log below).
Looks like it tries to get it from the Apache Maven although it is in the Nexus. Here is the relevant part of the log:
> Task :compileJava
Watching 37 directories to track changes
Resolving global dependency management for project 'project_name'
Resource missing. [HTTP GET: https://repo.maven.apache.org/maven2/com/company_name/lib_name/1.0.7-SNAPSHOT/maven-metadata.xml]
Resource missing. [HTTP GET: https://repo.maven.apache.org/maven2/com/company_name/lib_name/1.0.7-SNAPSHOT/lib_name-1.0.7-SNAPSHOT.pom]
Excluding []
FAILURE: Build failed with an exception.
> Task :compileJava FAILED
* What went wrong:
:compileJava (Thread[included builds,5,main]) completed. Took 4 mins 35.418 secs.
1 actionable task: 1 executed
Execution failed for task ':compileJava'.
> Could not resolve all files for configuration ':compileClasspath'.
> Could not resolve com.company_name:lib_name:1.0.7-SNAPSHOT.
Required by:
project :
> Skipped due to earlier error
Here is our build.gradle file (shortened):
plugins {
id 'org.springframework.boot' version '2.6.4'
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'java'
id 'java-library'
id "org.sonarqube" version "3.3"
}
//Sets Java Version
java {
toolchain {
languageVersion.set(JavaLanguageVersion.of(17))
}
}
ext {
set('mongoVersion', '4.4.1')
set('mavenUsername', "maven.user")
set('mavenPassword', "password")
set('mavenUrl', "https://nexus-repo-url/repository/repo-name")
}
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
maven {
credentials {
username "${mavenUsername}"
password "${mavenPassword}"
}
url "${mavenUrl}"
authentication {
basic(BasicAuthentication)
}
}
}
dependencies {
...
implementation "com.company_name:lib_name:1.0.7-SNAPSHOT"
}
sonarqube {
properties {
property "sonar.projectKey", "prject_key"
property "sonar.java.binaries", "build/classes"
}
}
I am obviously missing some path somewhere, but failing to find where actually.
CodePudding user response:
Solved. Issue was related to the VPN and got fixed in .github/workflows/sonar.yml:
name: SonarScan
on:
pull_request:
push:
branches:
- main # or the name of your main branch
jobs:
build:
name: SonarScan
runs-on: ubuntu-latest <-- should be [self-hosted, main] to pass the wall
steps:
...
CodePudding user response:
Could not resolve com.company_name:lib_name:1.0.7-SNAPSHOT.
which seems to be populated by
dependencies {
...
implementation "com.company_name:lib_name:1.0.7-SNAPSHOT"
}
uneducated guess says you're most likely relying on com.company_name
and lib_name
to be supplied as arguments to your code.
which is kind of weird since you're treating it as a dependency, not a parameter.
it's difficult to imagine the context of that application, but checking whether my repo contains com.company_name and/or lib_name etc etc snapshot is where i'd start.