Giters

pavedroad-io / roadctl

A kubectl compatible CLI for managing and creating applications and defining/managing CI/CD environments. The roadctl command uses blueprints based on provent design patterns driven by produciton metrics.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

sonar scanner fails because volumns directory is owned by root

jscharber opened this issue · comments

commented

The volumns directory which is created by cockroachdb container is initially owned by root.
We need the Makefile to detect and recursively change ownership to $USER to avoid tracebacks and the Makefile exiting the build process.

Second, correct the spelling of "volumes" to volumes in the dockerfile and k8s spec.

$ ls -l
total 180
drwxrwxr-x 2 jscharber jscharber  4096 Nov 17 10:09 artifacts
drwxrwxr-x 3 jscharber jscharber  4096 Nov 17 08:06 assets
drwxrwxr-x 2 jscharber jscharber  4096 Nov 17 08:06 builds
...
drwxrwxr-x 6 jscharber jscharber  4096 Nov 17 10:51 vendor
drwxr-xr-x 3 root      root       4096 Nov 17 10:09 volumes

The Sonar scanner expects read access to all files regardless if they are included in the analysis scope. When there is no access it throws an exception.

NFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 11.686s
INFO: Final Memory: 18M/64M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Failed to index files
	at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexFiles(ProjectFileIndexer.java:202)
	at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:158)
	at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexModulesRecursively(ProjectFileIndexer.java:137)
	at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:99)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:387)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:126)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.nio.file.AccessDeniedException: /home/jscharber/demo/src/test/volumes/data/db-1/cockroach-temp740295732/auxiliary
	at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(Unknown Source)
	at java.base/java.nio.file.Files.newDirectoryStream(Unknown Source)
	at java.base/java.nio.file.FileTreeWalker.visit(Unknown Source)
	at java.base/java.nio.file.FileTreeWalker.next(Unknown Source)
	at java.base/java.nio.file.Files.walkFileTree(Unknown Source)
	at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexDirectory(ProjectFileIndexer.java:209)
	at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexFiles(ProjectFileIndexer.java:196)
	... 23 more
ERROR: 
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
[jscharber@prdemo2 test (master)]$
commented

A cleaner way of handling this found in this post
moby/moby#3206

commented

The suggested workaround doesn't solve the problem as cockroach creates a number of other files in the directory.

The approach I settled on is:

## check: Start services and execute static code analysis and tests
check: root-check lint sonar-scanner $(ARTIFACTS) $(LOGS) $(ASSETS) $(DOCS)
.....

Then

root-check:
        @echo "chown from root to ${USER}"
        @$(shell sudo chown -R ${USER}.${USER} volumes)

Since the check line is managed by roadctl, this requires changes in the template and roadctl. I plan to modify the template for Makefiles to include a

{{.RootCheck}} variable

And then modify the lint check code.