Jenkins 管道 sonarqube 质量门 webhook 与配置的 webhook 秘密不匹配
[英]Jenkins pipeline sonarqube quality gate webhook didn't match the configured webhook secret
问题描述
I had a jenkins declarative pipeline with a sonarqube scanner up and running.
我有一个 jenkins 声明性管道,其中有一个 sonarqube 扫描器启动并运行。
I have had a problem when I have configured in sonar the "force user authentication" setting.当我在声纳中配置“强制用户身份验证”设置时遇到问题。 After having configured it, I changed the Sonarqube Server configuration in Jenkins, selecting the proper admin token.配置完成后,我更改了 Jenkins 中的 Sonarqube 服务器配置,选择了正确的管理令牌。
I'm using the last version of sonarqube plugin for jenkins.我正在为 jenkins 使用最新版本的 sonarqube 插件。
This is the extract of my jenkins declarative pipeline of sonar:这是我的 jenkins 声纳声明管道的摘录:
stage('Sonarqube scan') {
environment {
scannerHome = tool 'SonarQubeScanner'
SONAR_API_TOKEN=credentials('sonar_api_token')
}
steps {
withSonarQubeEnv('sonarqube') {
sh '''$scannerHome/bin/sonar-scanner \
-Dsonar.projectKey=${SONAR_PROJECT} \
-Dsonar.projectName=${SONAR_PROJECT} \
-Dsonar.exclusions=**test**,**setup.py \
-Dsonar.projectVersion=0.4.0 \
-Dsonar.python.coverage.reportPaths=${WORKSPACE}/report.xml \
-Dsonar.sourceEncoding=UTF-8'''
}
}
}
stage('Sonarqube quality gate') {
steps {
timeout(time: 10, unit: 'MINUTES') {
waitForQualityGate abortPipeline: true
}
}
}
And I get the following error from the jenkins pipeline log:我从 jenkins 管道日志中得到以下错误:
The incoming webhook didn't match the configured webhook secret
I have refreshed the sonarqube admin user token but it still does not work.我已经刷新了 sonarqube 管理员用户令牌,但它仍然不起作用。 I have made sure that admin user can run analisys and have the right permissions.我已确保管理员用户可以运行 analisys 并拥有正确的权限。
EDIT: I'm creating the project and its webhook via API, with the followings curls:编辑:我正在通过 API 创建项目及其 webhook,具有以下卷曲:
curl -s -X POST -u "${SONAR_API_TOKEN}:" "http://sonarurl:9000/api/projects/create" -d "name=${SONAR_PROJECT}&project=${SONAR_PROJECT}&visibility=public"
curl -s -X POST -u "${SONAR_API_TOKEN}:" "http://sonarurl:9000/api/webhooks/create" -d "name=jenkins&project=${SONAR_PROJECT}&url=https://jenkinsurl:8443/sonarqube-webhook/"
Also, Jenkins (standalone in machine) has a certificate and goes through https 8443 port and sonarqube http 9000 (in docker).此外,Jenkins(在机器中独立)有证书并通过 https 8443 端口和 sonarqube http 9000(在 docker 中)。
In Sonarqube, the task has a SUCCESSFUL status and to me, it is like Jenkins is not capable of retrieving the successful status from sonarqube and I don't understand why because the scanner is running perfectly and I have reviewed the logs and I didn't see anything.在 Sonarqube 中,任务具有成功状态,对我来说,就像 Jenkins 无法从 sonarqube 中检索成功状态,我不明白为什么因为扫描仪运行完美,我已经查看了日志,但我没有什么都看不到。
What could be the problem?可能是什么问题呢?
1 个解决方案
解决方案1
1 已采纳 2022-02-15 19:59:19
The webhook secret is different than the SonarQube API token you use to submit the scan in the "Sonarqube scan" stage. Webhook 秘密不同于您在“Sonarqube 扫描”阶段用于提交扫描的 SonarQube API 令牌。 It seems that you have mismatch between webhook secret configuration in SonarQube and the one in Jenkins. SonarQube 和 Jenkins 中的 webhook 秘密配置似乎不匹配。
Check the "Webhook Secret" in the "SonarQube servers" section in Jenkins configuration - it should be set to "None" (when no secret is set in SonarQube) or match the value configured in SonarQube (when there is one).检查 Jenkins 配置中“SonarQube 服务器”部分中的“Webhook 秘密”——它应该设置为“无”(当 SonarQube 中没有设置秘密时)或匹配 SonarQube 中配置的值(当有一个时)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.