sonar-scanner-npm icon indicating copy to clipboard operation
sonar-scanner-npm copied to clipboard

Published 20 hours ago verified publisher icon bellingard

ERROR: Unrecognized option: --from=ScannerNpm/2.7.0 after 07.07.2020

Open magnusev opened this issue 5 years ago • 3 comments

My build has stopped working after the newest realease of scanner

output: 13:56:01] Downloading from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.3.0.1492-linux.zip [13:56:01] (executable will be saved in cache folder: /tmp/.sonar/native-sonar-scanner) ERROR: Unrecognized option: --from=ScannerNpm/2.7.0 INFO: INFO: usage: sonar-scanner [options] INFO: INFO: Options: INFO: -D,--define <arg> Define property INFO: -h,--help Display help information INFO: -v,--version Display version information INFO: -X,--debug Produce execution debug output ERROR: Job failed: exit code 1

my parameters: sonar-scanner -Dsonar.projectKey=kai-$CI_PROJECT_NAME -Dsonar.organization=$SONAR_ORGANIZATION -Dsonar.host.url=$SONAR_HOST -Dsonar.login=$SONAR_LOGIN -Dsonar.typescript.lcov.reportPaths=coverage/lcov/lcov.info -Dsonar.sourceEncoding=UTF-8 -Dsonar.sources=src/app -Dsonar.exclusions=**/node_modules/**,**/*.spec.ts -Dsonar.tests=src/app -Dsonar.test.inclusions=**/*.spec.ts -Dsonar.branch.name=$CI_COMMIT_REF_NAME -Dsonar.branch.target=develop

Anyone have the same problem?

magnusev avatar Jul 07 '20 14:07 magnusev

This new param (--from) comes with the latest version of the SonarScanner CLI, 4.4.0, which is the default version used by the latest 2.7.0 version of the scanner for npm (issue #99, commit https://github.com/bellingard/sonar-scanner-npm/commit/333a33efe47ee5a785356465f28742765b999e39).

Have you fixed the version of the SonarScanner by setting the SONAR_SCANNER_VERSION environment variable somehow? (to 3.3.0.1492 most probably)

In any case, I'll have to make a fix to support this use case.

bellingard avatar Jul 07 '20 15:07 bellingard

Is this package still maintained? This error just hit me too with latest npm package v2.7.0:

     Info: Using sonar-scanner at /…/.sonar/native-sonar-scanner/sonar-scanner-4.0.0.1744-linux
     Info: Using java at /usr/lib/jvm/…jdk-11.0.5.10.1/bin/java
     Info: Using classpath /…/.sonar/native-sonar-scanner/sonar-scanner-4.0.0.1744-linux/lib/sonar-scanner-cli-4.0.0.1744.jar
     Info: Using project /workspace
     ERROR: Unrecognized option: --from=ScannerNpm/2.7.0
     INFO: 
     INFO: usage: sonar-scanner [options]
     INFO: 
     INFO: Options:
     INFO:  -D,--define <arg>     Define property
     INFO:  -h,--help             Display help information
     INFO:  -v,--version          Display version information
     INFO:  -X,--debug            Produce execution debug output
     Command failed!

Let me see if I understand this issue right; I'm probably missing something:

  • The official latest versions of the sonarqube scanner npm package and the java it invokes (at least if that is 4.0.0.1744?) not on speaking terms with each other.

  • This remains an unresolved issue since three months.

  • …and the recommended fix is to export an env var SONAR_SCANNER_VERSION=your-native-sonar-scanner-version-here and wait for the release of the npm package version 2.7.1 to be published.

A no-intervention fix-forward kind of approach would be lovely, but it seems that considering v2.7.0 busted and pinning v2.6.0 addressed this issue for me.

A more optimistic approach might be to depend on a server version range of "^2.6.0 < 2.7.0 || ^2.7.1" on the bet next published version will be compatible with itself (by the notes above, perhaps only if I export an env var SONAR_SCANNER_VERSION=4.0.0.1744?).

FWIW, people probably run into this problem because they have set up their ci/cd system using a locked-down docker image pre-baked with some working version of the java scanner, and force their npm scanner to not go attempt to download random code from the internet on every build, but instead manually vet updates once and then re-bake the docker image, if the java scanner ever needs to be upgraded.

Error messages at both npm and java ends might benefit from conveying the nature of a version conflict, if running in vetted mode is a use case sonarqube would support.

johan avatar Oct 15 '20 21:10 johan

@johan To be honest, I started looking at a fix when the issue was reported in the first place, but as I was starting writing it, I really wondered if it was the best thing to do. This fix adds complexity to the code, so the question was: is this really needed? Indeed, another approach could be to accept that this new version of the Npm Scanner is not compatible with local installations of SonarScanner CLI < 4.4.0 - in which case it should at least be documented. Given that this bug is not blocker, I felt keeping it open and getting comments on it shows how impacting it is. And it looks that it's impacting very few users in the end.

I fully agree that handling this case with proper error messages would definitely help users know what to do - like updating the local installation of the SonarScanner CLI on their Docker image for instance. This is probably what I'll be doing if this bug becomes highly voted.

bellingard avatar Oct 16 '20 08:10 bellingard

Hey guys, anyone still having this issue?

gabssnake avatar Sep 26 '22 19:09 gabssnake

I suggest we document this as-is

gabssnake avatar Oct 03 '22 18:10 gabssnake

I added this to the list of potential improvements:

  • #165

I'll close this for now. Feel free to reopen if anything new comes up.

gabssnake avatar Dec 04 '22 17:12 gabssnake