Skip to content

sonarqube/25.8.0.111929 package update #61615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
octo-sts wants to merge 1 commit into from
Closed

sonarqube/25.8.0.111929 package update #61615

octo-sts wants to merge 1 commit into from

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Aug 4, 2025

@wolfi-bot
sonarqube/25.8.0.111929 package update
7c2e035 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr sonarqube P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. labels Aug 4, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Aug 4, 2025

🩹 Build Failed: Patch Application Failed

patch unexpectedly ends in middle of line
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
Hunk #1 ignored at 507.
1 out of 1 hunk ignored -- saving rejects to file build.gradle.rej

Build Details

Category Details
Build System melange
Failure Point patch step - applying GHSA-hq9p-pm7w-8p54-remediation.patch to build.gradle

Root Cause Analysis 🔍

The patch file GHSA-hq9p-pm7w-8p54-remediation.patch appears to be malformed (ends in middle of line) or has already been applied to the source code. The patch system detected this as a reversed or previously applied patch and refused to apply it, causing the build pipeline to fail.

🔍 Build failure fix suggestions

Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:

Similar PRs with fixes

Suggested Changes

File: sonarqube.yaml

  • version_update at line 3 (package.version)
    Original:
version: "25.8.0.111929"

Replacement:

Check upstream releases and update to latest version

Content:

Update to latest upstream version to get incorporated security fixes
  • commit_update at line 46 (expected-commit)
    Original:
expected-commit: 0c6c41672afa3161e036ecd9104abe50641e4725

Replacement:

Update to commit hash matching new version tag

Content:

Update expected-commit to match the new version's commit hash
  • removal at line 48-50 (pipeline patch step)
    Original:
  - uses: patch
    with:
      patches: GHSA-hq9p-pm7w-8p54-remediation.patch

Content:

Remove the patch step since the fix is now incorporated upstream

File: sonarqube/GHSA-hq9p-pm7w-8p54-remediation.patch

  • file_deletion (entire file)
    Original:
entire patch file

Replacement:

delete file

Content:

Delete the patch file as it's no longer needed
Click to expand fix analysis

Analysis

All three similar build failures show a consistent pattern: patch application failures occur when patches are already incorporated into newer upstream versions. In each case, the fix involved updating to a newer package version and removing the patch step entirely. The pattern is: 1) Update package version to latest upstream release, 2) Update expected-commit to match new version, 3) Remove the patch step from pipeline, 4) Delete the patch file itself. This suggests that upstream has already incorporated the security fixes that the patches were addressing.

Click to expand fix explanation

Explanation

The build failure occurs because the GHSA-hq9p-pm7w-8p54-remediation.patch cannot be applied - it's either malformed or already incorporated into the current source code. Based on the pattern from all three similar fixes, the most likely scenario is that the upstream SonarQube project has already incorporated the security fix that this patch was addressing in a newer release. The patch is being rejected because the changes it attempts to make have already been applied in the upstream codebase. By updating to the latest upstream version and removing the patch step, we eliminate the patch application failure while ensuring we have the most recent security fixes directly from upstream. This approach aligns with Wolfi's principle of keeping packages up to date with upstream releases.

Click to expand alternative approaches

Alternative Approaches

  • If updating to latest version is not immediately possible, examine the patch file for formatting issues (like missing newlines) and fix them manually
  • Check if the patch needs to be applied in reverse (-R flag) if the changes were already applied but in a different context
  • Verify the patch target file path matches the actual file structure in the current version
  • Consider creating a new patch file based on the actual differences between current source and desired state

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Aug 4, 2025
@octo-sts octo-sts bot closed this Aug 6, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Aug 6, 2025

superseded by #61799

@octo-sts octo-sts bot deleted the wolfictl-bac23edb-c653-426f-8e9d-116551fb9b9d branch August 7, 2025 00:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR automated pr P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-version-update request for a newer version of a package sonarqube

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wolfi-bot