I have a project which is written in java 8. It is kind of complex for me and very dependent to java 8. However I also happen to have a SonarQube and a Jenkins instance which is trying to use java 11 to scan the projects.
When java 11 is used to run:
mvn clean verify
I get java 8 dependency errors in the project and when I use java 8 I can not use sonarscanner.
I could not find and answer yet.
Any solution or suggestions ?
You can use your Jenkins instance (using JDK8) to build and submit the project to your SonarQube instance running on JDK11.
Using SonarQube's recommended scanner you can configure your project to use the remote SQ server:
pom.xml
<properties>
<sonar.host.url>https://sonarqube.cldbz.net/</sonar.host.url>
<sonar.junit.reportsPath>target/surefire-reports</sonar.junit.reportsPath>
<sonar.jacoco.reportPath>target/jacoco.exec</sonar.jacoco.reportPath>
<sonar.sources>src/main</sonar.sources>
</properties>
and then trigger the scanning process on Jenkins with mvn sonar:sonar which would submit your project's scan results to your SQ server.
You can even test this without pom.xml changes:
mvn clean verify sonar:sonar -Dsonar.login=<token> -Dsonar.host.url=https://<sonar-server>:<port>.
Related
I'm new to maven and I'm having some issues building some code. A colleague uses the following command to build one of our projects:
mvn clean install –Drevision=5.0.0-local-SNAPSHOT –P bld
This works on his machine but not on mine. I get
[ERROR] Unknown lifecycle phase "▒Drevision=5.0.0-local-SNAPSHOT".
Any idea what is could be causing this? I use Maven version 3.6.3 with java 1.8.0_92. Also how do I make a run configuration on Eclipse for the command line above? Do I just just remove "mvn" and add the rest to the "Goals" field?
I guess that the - at the beginning of -Drevision=... is not a real - but some other dash.
Try not to copy/paste, but enter it directly.
howlger already answered the part about Eclipse.
Built failed while creating aws-sdk-v2 jars due to spotbugs plugin.
Steps to reproduce the error:
clone latest version of aws-sdk-java-v2
In terminal, go to directory and run mvn clean install
Error:
Failed to execute goal com.github.spotbugs:spotbugs-maven-plugin:3.1.11:spotbugs (spotbugs) on project aws-sdk-java-pom: Execution spotbugs of goal com.github.spotbugs:spotbugs-maven-plugin:3.1.11:spotbugs failed: Unable to load the mojo 'spotbugs' in the plugin 'com.github.spotbugs:spotbugs-maven-plugin:3.1.11'. A required class is missing: Could not initialize class org.codehaus.groovy.vmplugin.v7.Java7
I tried to rebuild the project by deleting spotbugs-maven-plugin but I that didn't solve the problem.
I had no .mavenrc file yet, but recently had added Java 17 to test something via Home Brew. As a result, I started seeing this issue. I created a ~/.mavenrc and added the following to it:
JAVA_HOME=`/usr/libexec/java_home -v 1.8.0`
This allowed me to get back to using Java 8 with Maven just like my default Java version would be.
I had a similar problem and it turned out my installation of Java 15 was the culprit. Once I got maven to use my standard java version (1.8 Corretto) I could build the project again. Use mvn -version to check which java it's currently using.
Personally I had to set JAVA_HOME in my .mavenrc file, setting it in my bash profile didn't help.
SonarQube: 8.2.0.32929
sonar-scanner: 3.0.3.778
jacoco: 0.8.4
jdk: 1.8
mvn: 3.6.3
What are you trying to achieve
I am trying to achieve code coverage by using sonar-scanner but I am getting code coverage 0 in sonarqube dashboard.
What have you tried so far to achieve this
I configured the multi-module java project using https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-maven/maven-multimodule
and created sonar-project.properties file in base directory with below configuration
sonar.projectKey=org.sonarqube.sonarscanner-maven-aggregate
sonar.projectName=Sonar Scanner Maven Aggregate
sonar.projectVersion=1.0
sonar.language=java
sonar.java.binaries=.
If I use mvn sonar:sonar it works. but with sonar-scanner it is not working.
It works fine with sonarqube 7.8.
Any insight would be appreciated.
I fixed this issue.
while running sonar-scanner command, I added the xmlReportPaths as a define property like sonar-scanner -Dsonar.coverage.jacoco.xmlReportPaths=tests/target/site/jacoco-aggregate/jacoco.xml,../tests/target/site/jacoco-aggregate/jacoco.xml
If your projects are set up as multi-module, you will have to feed the coverage report from each module to the last module that will run as part of the build (probably integration tests modules)
https://community.sonarsource.com/t/coverage-test-data-importing-jacoco-coverage-report-in-xml-format/12151
https://community.sonarsource.com/t/in-sonarqube-8-2-code-coverage-is-always-showing-0/21666
https://docs.sonarqube.org/latest/analysis/coverage/
https://stackoverflow.com/a/15535970
Following the steps mentioned in this example project by Sonar team helped me
https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-maven/maven-multimodule
As you already followed these steps, one thing I was missing was the aggregated report was not generated in the last module and I was doing it in one module before that which was our integration test module. But there was one more deployment module in our case
Edit 3:
I also tried to set maven proxy through java option parameters mentioned at this thread.
Edit 2:
I'm sure intellij idea are using same settings.xml, same maven binary and the same local repository as system maven.
Edit 1:
I tried to check build log of each workload, the main difference is about how to invoke maven at the very beginning of build log.
For intellij idea, it's like below:
C:\Program Files\Java\jdk1.8.0_101\bin\java.exe" -Dmaven.multiModuleProjectDirectory=C:\Users\eugene\IdeaProjects\alluxio -Dmaven.home=C:\apache-maven-3.5.4-bin\apache-maven-3.5.4 -Dclassworlds.conf=C:\apache-maven-3.5.4-bin\apache-maven-3.5.4\bin\m2.conf "-Dmaven.ext.class.path=C:\Program Files\JetBrains\IntelliJ IDEA\plugins\maven\lib\maven-event-listener.jar" -Dfile.encoding=UTF-8 -classpath C:\apache-maven-3.5.4-bin\apache-maven-3.5.4\boot\plexus-classworlds-2.5.2.jar org.codehaus.classworlds.Launcher -Didea.version2019.2.4 -DskipTests=true -T 2C clean install -DskipTests -Dmaven.javadoc.skip -Dfindbugs.skip -Dcheckstyle.skip -Dlicense.skip
For system shell, maven just launched without this invoking info.
I'm using maven to build a project Alluxio from source code.
I tried both Windows 10 and Ubuntu and found same issue when using intellij idea, let me clarify it into details.
OS: windows 10/ Ubuntu 18.04
Maven: 3.5.4
Build command: mvn -T 2C clean install -DskipTests -Dmaven.javadoc.skip -Dfindbugs.skip -Dcheckstyle.skip -Dlicense.skip
The Alluxio can be built successfully using maven 3.5.4 directly but failed with several errors using intellij idea. What makes me confused is that I configured intellij idea to use system maven 3.5.4 and used exactly same build command. Why errors happened here but not in system shell.
The error I met is like:
Failure to find com.google.guava:listenablefuture:jar:sources:9999.0-empty-to-avoid-conflict-with-guava in https://repo1.maven.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced
And also like:
sourceFile C:\Users\eugene\IdeaProjects\alluxio\table\server\underdb\target\alluxio-table-server-underdb-2.2.0-SNAPSHOT-jar-with-dependencies.jar does not exist
The method used to trigger maven build from intellij idea:
Click maven icon at right top corner
Click Execute Maven Goal
Input mvn -T 2C clean install -DskipTests -Dmaven.javadoc.skip -Dfindbugs.skip -Dcheckstyle.skip -Dlicense.skip and enter to launch build
The maven settings in intellij idea is as default except change the maven binary from build-in binary to system maven 3.5.4.
Thanks for your help in advance.
I have seen two issues that will produce an error message like you see and it has nothing to do with IntelliJ.
The first occurs when Maven fails to successfully download an artifact from a repository (e.g., network interruption). It will mark the artifact as failed and will refuse to retry until some period lapses. Cleaning your local Maven cache or removing that artifact's folder will fix this issue.
The second occurs when two separate Maven builds attempt to download the same artifact from different repositories. Many years ago, Maven had a problem with people building modified versions of open-source projects (e.g., Apache Commons) and publishing them in a publicly available repository. I don't remember the details but this caused lots of issues. Maven now records the repository used to fetch an artifact. When two Maven projects use different repositories, the second one built will fail because the repository does not match. I had this occur when switching to a private repository, Artifactory, and not having all my projects migrated yet.
Since you are attempting to build the same project with two tools, your issue appears to be a variant of the second issue. I suspect that IntelliJ is using a different settings.xml than what you have available from the command line and that IntelliJ is using different repositories. Repositories can be specified in the settings.xml as well as the project's POM.
Try deleting your local cache and building from IntelliJ first. If it succeeds and then the shell build fails, this is your problem.
Update: See this answer for more details on why Maven started tracking the repository but note the the tracking file is now called _remote.repositories.
https://stackoverflow.com/a/16870552/252344
official documentation http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven says that the proper way of invoking sonar is:
mvn clean install -DskipTests=true
mvn sonar:sonar
but doesn't say why. how does sonar work? does it need compiled classes? so why not just mvn clean compile? or does it need a jar file? so why not just mvn clean package? what exactly does sonar plugin?
Explanation from a SonarSource team member:
In a multi-module build an aggregator plugin can't resolve dependencies from target folder. So you have two options:
mvn clean install && mvn sonar:sonar as two separate processes
mvn clean package sonar:sonar as a single reactor
I was surprised too, so I made a tweet an received the following answer from the official Maven account:
If the plugin is not designed to use the target/classes folder as a substitute, then yes you would need to have installed to get the jar when running *in a different session*. Complain to the plugin author if they force you to use install without foo reason [ed - #connolly_s]
The SonarQube analyzer indeed needs compiled classes (e.g for Findbugs rules, coverage). And since by default it executes tests itself, the compile phase can skip tests.
You can run SonarQube as part of a single Maven command if you meet some requirements:
As Mithfindel mentions, some SonarQube plugins need to analyze .class files. And if you run unit tests outside of SonarQube, then of course the testing plugins must read output from the test phase.
Got integration tests? Then you need to run after the integration-test phase.
If you want to run SonarQube as a true quality gate then you absolutely must run it before the deploy phase.
One solution is to just attach SonarQube to run after the package phase. Then you can get a full build with a simple clean install or clean deploy. Most people do not do this because SonarQube is time-consuming, but the incremental mode added in 4.0 and greatly improved in the upcoming 4.2 solves this.
As far as the official documentation goes, it's a lot easier to say "build and then run sonar:sonar" then it is to say, "open your POM, add a build element for the sonar-maven-plugin, attach it to verify, etc".
One caveat. SonarQube requires Java 6, so if you're building against JDK 1.5 (still common in large organizations), the analysis will have to happen in a separate Maven invocation with a newer JDK selected. We solved this issue with custom Maven build wrapper.