sonar scanner fails because volumns directory is owned by root
jscharber opened this issue · comments
The volumns directory which is created by cockroachdb container is initially owned by root.
We need the Makefile to detect and recursively change ownership to $USER to avoid tracebacks and the Makefile exiting the build process.
Second, correct the spelling of "volumes" to volumes in the dockerfile and k8s spec.
$ ls -l
total 180
drwxrwxr-x 2 jscharber jscharber 4096 Nov 17 10:09 artifacts
drwxrwxr-x 3 jscharber jscharber 4096 Nov 17 08:06 assets
drwxrwxr-x 2 jscharber jscharber 4096 Nov 17 08:06 builds
...
drwxrwxr-x 6 jscharber jscharber 4096 Nov 17 10:51 vendor
drwxr-xr-x 3 root root 4096 Nov 17 10:09 volumes
The Sonar scanner expects read access to all files regardless if they are included in the analysis scope. When there is no access it throws an exception.
NFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 11.686s
INFO: Final Memory: 18M/64M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Failed to index files
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexFiles(ProjectFileIndexer.java:202)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:158)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexModulesRecursively(ProjectFileIndexer.java:137)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:99)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:387)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:126)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.nio.file.AccessDeniedException: /home/jscharber/demo/src/test/volumes/data/db-1/cockroach-temp740295732/auxiliary
at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
at java.base/sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(Unknown Source)
at java.base/java.nio.file.Files.newDirectoryStream(Unknown Source)
at java.base/java.nio.file.FileTreeWalker.visit(Unknown Source)
at java.base/java.nio.file.FileTreeWalker.next(Unknown Source)
at java.base/java.nio.file.Files.walkFileTree(Unknown Source)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexDirectory(ProjectFileIndexer.java:209)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexFiles(ProjectFileIndexer.java:196)
... 23 more
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
[jscharber@prdemo2 test (master)]$
A cleaner way of handling this found in this post
moby/moby#3206
The suggested workaround doesn't solve the problem as cockroach creates a number of other files in the directory.
The approach I settled on is:
## check: Start services and execute static code analysis and tests
check: root-check lint sonar-scanner $(ARTIFACTS) $(LOGS) $(ASSETS) $(DOCS)
.....
Then
root-check:
@echo "chown from root to ${USER}"
@$(shell sudo chown -R ${USER}.${USER} volumes)
Since the check line is managed by roadctl, this requires changes in the template and roadctl. I plan to modify the template for Makefiles to include a
{{.RootCheck}} variable
And then modify the lint check code.