Gitlab Pipeline fails Sonarqube tests which uses self signed certificate

Question

I have a Sonarqube installation which is accessible only in the private network. Say the URL is: sonar.localdomain and my Gitlab is in: git.localdomain. They both use a self-signed SSL certificate.

When I run the Gitlab pipelines for the Sonarqube tests, I get the following (and rightly so):

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is what my pipeline looks like:

sonarqube-check:
  stage: test
  image: 
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: "0"
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - sonar-scanner

How do I go about fixing it?

Thanks in advance!

Answer 1

I fixed this by placing the certificate on the runners' image (runners use an AWS AMI for spinning up servers).

I then updated my Sonarqube pipeline script to:

sonarqube-check:
  stage: test
  image: 
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: "0"
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  before_script:
    - keytool -import -alias sonar -storepass changeit -noprompt -keystore /usr/lib/jvm/java-17-openjdk/lib/security/cacerts -file /path/to/self-signed-sonarqube-cert.pem
  script:
    - sonar-scanner

Note: The cacerts path might be different for you. Search up what your JAVA_HOME environment variable is set to and then append it with /lib/security/cacerts