Skip to content

TaskCTL to eirctl migration#741

Draft
RichardSlater wants to merge 53 commits intomasterfrom
chore/eirctl
Draft

TaskCTL to eirctl migration#741
RichardSlater wants to merge 53 commits intomasterfrom
chore/eirctl

Conversation

@RichardSlater
Copy link
Contributor

@RichardSlater RichardSlater commented Aug 11, 2025

[XXXX-<Title> - Please use the Work Item number and Title as PR Name, not subtasks]

📲 What

Migration from taskctl to eirctl based upon eirctl migration guide.

🤔 Why

Usage of taskctl is deprecated within Ensono Digital.

🛠 How

Following steps in: https://github.com/Ensono/eirctl/blob/docs/migration/docs/migration.adoc

👀 Evidence

🕵️ How to test

Notes for QA

✅ Acceptance criteria Checklist

  • Code peer reviewed?
  • Documentation has been updated to reflect the changes?
  • Passing all automated tests, including a successful deployment?
  • Passing any exploratory testing?
  • Rebased/merged with latest changes from development and re-tested?
  • Meeting the Coding Standards?

@RichardSlater RichardSlater self-assigned this Aug 11, 2025
@RichardSlater RichardSlater added the terraform Pull requests that update Terraform code label Aug 11, 2025
@RichardSlater RichardSlater changed the title Chore/eirctl TaskCTL to eirctl migration Aug 11, 2025
@RichardSlater
Copy link
Contributor Author

RichardSlater commented Oct 10, 2025
edited
Loading

🔧 SonarScanner Java Detection Issue - Resolution Summary

Problem Overview

During the eirctl migration, the CI pipeline encountered a critical issue where dotnet-sonarscanner could not detect Java, despite Java being installed and available in the container:

Could not find 'java' executable in JAVA_HOME or PATH.
The SonarScanner did not complete successfully
Post-processing failed. Exit code: 1

Root Cause Analysis

The issue stemmed from environment variable propagation problems between PowerShell and child .NET processes in Docker containers:

  1. Container Image Versions: Initial attempts used ensono/eir-dotnet:1.2.22 and ensono/eir-infrastructure:1.2.22
  2. Environment Variable Inheritance: PowerShell environment variables ($env:JAVA_HOME, $env:PATH) don't reliably propagate to child processes spawned by .NET tools
  3. SonarScanner CLI Subprocess: The dotnet-sonarscanner tool launches the SonarScanner CLI as a child process, which couldn't access the Java runtime

Resolution Path

Final Solution (Commits: 649c20c, 1fff5d2)

Upgraded container versions + Explicit environment configuration

  1. Container Upgrade:

    • Updated to ensono/eir-dotnet:1.2.26 (includes pre-installed Java 17)
    • Updated to ensono/eir-infrastructure:1.2.26

  2. Explicit Environment Variable Configuration:

    $env:JAVA_HOME = "/usr/lib/jvm/java-17-openjdk-amd64";
$env:PATH = "$env:JAVA_HOME/bin:$env:PATH";
    • Set before both Invoke-SonarScanner -start and -stop operations
    • Added diagnostic output showing JAVA_HOME and PATH values
    • Ensures .NET child processes have direct access to Java

Attempted Solutions That Failed

  1. Attempt 1 (Commit: ab1927b):

    • ❌ Installing Java on GitHub Actions runner
    • Failed because eirctl runs tests inside Docker container, which cannot access runner's filesystem

  2. Attempt 2 (Commit: fab7fbf):

    • ❌ Mounting Java from runner into Docker container via volume mounting
    • Failed due to volume mounting complexity and environment variable expansion issues in eirctl

  3. Attempt 3 (Commit: 29d4eca):

    • ❌ Installing Java inside Docker container using apt-get
    • Failed due to PowerShell/bash syntax conflicts when mixing &&, >, 2>&1 operators

  4. Attempt 4 (Commit: d4b352f):

    • ❌ Wrapping apt-get in bash -c to fix syntax issues
    • Failed (reason: overtaken by container upgrade approach)

Key Learnings

  1. Container Image Selection: Using container images with pre-installed Java (v1.2.26) is more reliable than runtime installation
  2. Environment Variable Propagation: Explicit environment variable setting is necessary before each SonarScanner operation
  3. PowerShell in Docker: Mixing bash and PowerShell syntax in Docker containers requires careful handling
  4. JAVA_HOME Configuration: Must point to JDK directory (e.g., /usr/lib/jvm/java-17-openjdk-amd64), not the binary

Related Issues

Files Modified

  • build/eirctl/tasks.yaml - Updated test task with explicit JAVA_HOME/PATH configuration
  • build/eirctl/contexts.yaml - Updated container versions to 1.2.26
  • .github/workflows/ci-simple-api.yml - Removed unnecessary Java setup steps
  • .github/workflows/ci-cqrs.yml - Removed unnecessary Java setup steps

@RichardSlater
fix: Replace bash && operators with PowerShell semicolons
1e57915 
The previous commit introduced bash && operators which are not valid
PowerShell syntax. PowerShell requires semicolons (;) to chain commands.

This fixes the parser error:
'Unexpected token '=' in expression or statement'

All command separators in the test task now use PowerShell-compatible
semicolons instead of bash && operators.
@RichardSlater
fix: Use Process-level environment variables for Java detection
4b0b62d 
The previous approach of setting $env:JAVA_HOME and $env:PATH was not
propagating to child processes spawned by .NET tools (dotnet-sonarscanner).

This commit uses [System.Environment]::SetEnvironmentVariable() with
Process scope to ensure JAVA_HOME and PATH are properly inherited by
all child processes in the PowerShell session, including the SonarScanner
CLI invoked by dotnet-sonarscanner.

Key changes:
- Use SetEnvironmentVariable with Process target instead of $env: syntax
- Set environment variables once at the start of the test task
- Remove redundant re-setting before Invoke-SonarScanner -stop
- Add diagnostic output to verify variables are set correctly
@RichardSlater
fix: Add SONAR_SCANNER_JAVA_OPTS to specify Java location directly
b59a5c0 
Set SONAR_SCANNER_JAVA_OPTS with -Djava.home to tell the SonarScanner
JVM directly where Java is installed, bypassing PATH lookup issues.

Also added diagnostic output to show which java executable is being
resolved, and ensured JAVA_HOME/PATH are set before both start and stop
operations.

This approach passes the Java location as a JVM system property which
should work even if environment variable inheritance to child processes
is problematic.
@RichardSlater
fix: Replace conflicting Java executable with symlink to Java 17
ab1f479 
- Remove /usr/local/java/bin/java and create symlink to correct Java 17
- This ensures SonarScanner CLI finds the correct Java regardless of PATH
- Eliminates environment variable propagation issues through process chain
- Removes diagnostic output and redundant env var settings
@RichardSlater
fix: Use sh -c to execute Java symlink in shell context instead of Po…
a44e3a4 
…werShell

PowerShell in the container doesn't recognize sudo or native shell commands like ln. This fix wraps the symlink commands in 'sh -c' to execute them in a proper shell environment where these commands are available.
@RichardSlater
docs: Add comprehensive analysis of SonarScanner Java detection issue
d75a28b 
Created detailed documentation analyzing the persistent Java detection failure in eirctl Docker containers during the taskctl to eirctl migration.

Document includes:

- Problem statement with technical root cause analysis

- Detailed breakdown of 10 remediation attempts with commit links

- Architecture analysis of process chains and environment propagation

- 7 proposed solutions with implementation details and risk assessment

- Comparison matrix and recommended hybrid approach

- Investigation checklist and lessons learned

- Complete references and build log excerpts

This 31-page document serves as a comprehensive resource for:

- Understanding the multi-level environment variable inheritance issue

- Evaluating solution options (container fix, context config, bash scripts)

- Planning the path forward to unblock the eirctl migration

Related: PR #741
@RichardSlater RichardSlater mentioned this pull request Oct 17, 2025
Merged
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 20, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@RichardSlater RichardSlater

Labels

terraform Pull requests that update Terraform code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RichardSlater