I have a Sonarqube installation which is accessible only in the private network. Say the URL is: sonar.localdomain and my Gitlab is in: git.localdomain. They both use a self-signed SSL certificate.
When I run the Gitlab pipelines for the Sonarqube tests, I get the following (and rightly so):
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This is what my pipeline looks like:
sonarqube-check:
stage: test
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
GIT_DEPTH: "0"
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner
How do I go about fixing it?
Thanks in advance!
I fixed this by placing the certificate on the runners' image (runners use an AWS AMI for spinning up servers).
I then updated my Sonarqube pipeline script to:
sonarqube-check:
stage: test
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
GIT_DEPTH: "0"
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
before_script:
- keytool -import -alias sonar -storepass changeit -noprompt -keystore /usr/lib/jvm/java-17-openjdk/lib/security/cacerts -file /path/to/self-signed-sonarqube-cert.pem
script:
- sonar-scanner
Note: The cacerts path might be different for you. Search up what your JAVA_HOME environment variable is set to and then append it with /lib/security/cacerts