Getting error while running sonar scannar using cloud build with an advantage of secret manager

Question

Can you please help on my below issue. As i am doing sonar scanner using cloud build with an advantage of secret manger but facing issue. And followed same steps of https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets here is my code

steps:
  - name: 'gcr.io/$_PROJECT_ID/sonar-scanner:latest'
    entrypoint: 'bash'
    args:
    - '-c'
    - '-Dsonar.host.url=http://sonar:9000/'
    - '-Dsonar.login=$$USERNAME'
    - '-Dsonar.password=$$PASSWORD'
    - '-Dsonar.projectKey=$_BRANCH-analytics'
    - '-Dsonar.sources=.'
    secretEnv: ['USERNAME', 'PASSWORD']
    dir: 'analytics'
availableSecrets:
  secretManager:
  - versionName: projects/project-id/secrets/sonar_pass/versions/1
    env: 'PASSWORD'
  - versionName: projects/project-id/secrets/sonar_user/versions/2
    env: 'USERNAME'

tags: ['cloud-builders-community']

and the issue i am facing is:

bash: line 0: bash: -Dsonar.login=$USERNAME: invalid option name
ERROR
ERROR: build step 0 "gcr.io/project-id/sonar-scanner:latest" failed: step exited with non-zero status: 2

tried with different items but can't find a solution.

I am grateful if you guys help me on this. Thank you

score 1 · Answer 1 · edited Feb 10 '21 at 17:28

I actually had the same problem as you. It is indeed quite important that you use entrypoint: 'bash' and '-c', otherwise Cloud Build doesn't recognise the variables from the secret manager.

My cloudbuild.yaml step looks like this:

steps:
  id: 'sonarQube'
  name: 'gcr.io/$PROJECT_ID/sonar-scanner:latest'
  entrypoint: 'bash'
  args: 
    - '-c'
    - |
      sonar-scanner -Dsonar.host.url=<url> -Dsonar.login=$$SONARQUBE_TOKEN -Dsonar.projectKey=<project-key> -Dsonar.sources=.
secretEnv: ['SONARQUBE_TOKEN']
availableSecrets:
  secretManager:
  - versionName: projects/<project-id>/secrets/sonarqube-token/versions/latest
    env: 'SONARQUBE_TOKEN'

I had some problems with the latest sonar-scanner image, because it used alpine. I got the next error: jre-bin-java-not-found even though the image has Java. Based on this, I created thus my own Docker image based on Ubuntu instead of Alpine. You can find the image in a pull request.

Thank you very much .it's working for me.you saved me from time consuming. — Mahaboob, Feb 10 '21 at 21:45
No problem! If this answer or any other one solved your issue, please mark it as accepted :) — Jordy Heusdens, Feb 11 '21 at 08:49

score 0 · Answer 2 · answered Feb 10 '21 at 08:58

0

I found this example of using sonar-scanner in Cloud Build. It seems that sonar-scanner should be used without bash

I think that you should remove entrypoint: 'bash' and '-c'.

The similar approach is in this SO question. It should solve this error.

answered Feb 10 '21 at 08:58

vitooh

4,132
1
5
16

Hi Vitooh, Thanks for the update.I tried with the above approach by hard coding my sonar credentials and it was worked fine but while i started using secret manager(for secrets) things it is not working getting the error what i mentioned above. – Mahaboob Feb 10 '21 at 10:03

Getting error while running sonar scannar using cloud build with an advantage of secret manager

2 Answers2