Home > OS >  Jenkins pipeline sonarqube quality gate webhook didn't match the configured webhook secret
Jenkins pipeline sonarqube quality gate webhook didn't match the configured webhook secret

Time:02-16

I had a jenkins declarative pipeline with a sonarqube scanner up and running.

I have had a problem when I have configured in sonar the "force user authentication" setting. After having configured it, I changed the Sonarqube Server configuration in Jenkins, selecting the proper admin token.

I'm using the last version of sonarqube plugin for jenkins.

This is the extract of my jenkins declarative pipeline of sonar:

stage('Sonarqube scan') {
            environment {
                scannerHome = tool 'SonarQubeScanner'
                SONAR_API_TOKEN=credentials('sonar_api_token')
            }
            steps {
                withSonarQubeEnv('sonarqube') {
                    sh '''$scannerHome/bin/sonar-scanner \
                    -Dsonar.projectKey=${SONAR_PROJECT} \
                    -Dsonar.projectName=${SONAR_PROJECT} \
                    -Dsonar.exclusions=**test**,**setup.py \
                    -Dsonar.projectVersion=0.4.0 \
                    -Dsonar.python.coverage.reportPaths=${WORKSPACE}/report.xml \
                    -Dsonar.sourceEncoding=UTF-8'''
                }
            }
        }
        stage('Sonarqube quality gate') {
            steps {
                timeout(time: 10, unit: 'MINUTES') {
                    waitForQualityGate abortPipeline: true
                }
            }
        }

And I get the following error from the jenkins pipeline log:

The incoming webhook didn't match the configured webhook secret

I have refreshed the sonarqube admin user token but it still does not work. I have made sure that admin user can run analisys and have the right permissions.

EDIT: I'm creating the project and its webhook via API, with the followings curls:

curl -s -X POST -u "${SONAR_API_TOKEN}:" "http://sonarurl:9000/api/projects/create" -d "name=${SONAR_PROJECT}&project=${SONAR_PROJECT}&visibility=public" 

curl -s -X POST -u "${SONAR_API_TOKEN}:" "http://sonarurl:9000/api/webhooks/create" -d "name=jenkins&project=${SONAR_PROJECT}&url=https://jenkinsurl:8443/sonarqube-webhook/"

Also, Jenkins (standalone in machine) has a certificate and goes through https 8443 port and sonarqube http 9000 (in docker).

In Sonarqube, the task has a SUCCESSFUL status and to me, it is like Jenkins is not capable of retrieving the successful status from sonarqube and I don't understand why because the scanner is running perfectly and I have reviewed the logs and I didn't see anything.

What could be the problem?

CodePudding user response:

The webhook secret is different than the SonarQube API token you use to submit the scan in the "Sonarqube scan" stage. It seems that you have mismatch between webhook secret configuration in SonarQube and the one in Jenkins.

Check the "Webhook Secret" in the "SonarQube servers" section in Jenkins configuration - it should be set to "None" (when no secret is set in SonarQube) or match the value configured in SonarQube (when there is one).

  • Related