Skip to content

sonarqube-10/25.2.0.102705 package update #41189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
OddBloke merged 2 commits into from
Feb 4, 2025
Merged

sonarqube-10/25.2.0.102705 package update #41189

OddBloke merged 2 commits into from
Feb 4, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Feb 3, 2025

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Feb 3, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Feb 3, 2025

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

• Detected Error: "Hunk #1 FAILED at 12. 1 out of 1 hunk FAILED -- saving rejects to file gradle.properties.rej"

• Error Category: Configuration/Patch

• Failure Point: The patch step failed when trying to apply elastic-search-server.patch to gradle.properties

• Root Cause Analysis: The patch is failing because the target file (gradle.properties) has likely changed in the newer version of SonarQube, causing the patch lines to no longer match the context

• Suggested Fix:

  1. Update the elastic-search-server.patch file to match the new file content:
    • Get the current gradle.properties content: 
      cat gradle.properties
    • Create a new patch with proper context: 
      diff -u gradle.properties.orig gradle.properties > elastic-search-server.patch
  2. Alternatively, modify the property directly in the build step: 
    - name: build
  runs: |
    sed -i 's/elasticsearchVersion=.*/elasticsearchVersion=7.17.15/' gradle.properties
    ./gradlew build -x test -DbuildNumber=${{vars.build-number}}

• Explanation: Patch failures typically occur when the source file has changed significantly from when the patch was created. The fix either updates the patch file to match the new file structure or directly modifies the required property during build.

• Additional Notes:

  • SonarQube regularly updates its Elasticsearch dependency versions
  • The patch might need regular maintenance as SonarQube versions change
  • Consider using sed/awk commands in the build step for more resilient property modifications

• References:

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Feb 3, 2025
@OddBloke OddBloke self-assigned this Feb 3, 2025
wolfi-bot and others added 2 commits February 3, 2025 15:04
@wolfi-bot @OddBloke
sonarqube-10/25.2.0.102705 package update
5d09e2c 
Signed-off-by: wolfi-bot <[email protected]>
@OddBloke
sonarqube-10: drop superseded patch
bbb36d6 
Upstream now specify ElasticSearch version 8.16.3.
@OddBloke OddBloke force-pushed the wolfictl-94fd25e7-1e54-44fd-93e3-15038d592984 branch from f04ca72 to bbb36d6 Compare February 3, 2025 20:04
@octo-sts octo-sts bot added the bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. label Feb 3, 2025
@stevebeattie stevebeattie added the malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. label Feb 3, 2025
@stevebeattie
Copy link
Member

stevebeattie commented Feb 3, 2025

For the failed malcontent scan, the sonarqube plugin jar files (sonar-csharp-plugin-10.6.0.109712.jar and sonar-vbnet-plugin-10.6.0.109712.jar) do indeed contain emmbedded zip files that contain sonarqube dlls. Malcontent has false positive markings for these, but I'm not sure why the aren't getting surfaced here.

Marked as reviewed so shouldn't block merging.

@stevebeattie stevebeattie mentioned this pull request Feb 4, 2025
Closed
@OddBloke OddBloke requested a review from a team February 4, 2025 11:36
@OddBloke OddBloke enabled auto-merge February 4, 2025 11:36
@OddBloke OddBloke merged commit b8728b3 into main Feb 4, 2025
14 of 15 checks passed
@OddBloke OddBloke deleted the wolfictl-94fd25e7-1e54-44fd-93e3-15038d592984 branch February 4, 2025 14:21
@octo-sts octo-sts bot mentioned this pull request Jun 2, 2025
Closed
@octo-sts octo-sts bot mentioned this pull request Jul 7, 2025
Merged
@octo-sts octo-sts bot mentioned this pull request Oct 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@powersj powersj powersj approved these changes

Assignees

@OddBloke OddBloke

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. request-version-update request for a newer version of a package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@stevebeattie @powersj @OddBloke @wolfi-bot