I am using Sonarqube to optimize my code quality in my project and I tried adding it to my CI cycle on GitLab but I am getting an error. When I just run mvn sonar:sonar in my IntelliJ terminal it works, but it somehow throws an error while executed in my GitLab CI. The error is:
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project rlstop: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
My gitlab-ci.yml:
stages:
- build
- test
- sonarqube
build:
script: "mvn compile"
test:
script: "mvn test"
stage: test
sonarqube:
script: "mvn sonar:sonar"
stage: sonarqube
application.properties:
spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
spring.datasource.url=...
spring.datasource.username=...
spring.datasource.password=...
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.format_sql = true
## Hibernate Properties
# The SQL dialect makes Hibernate generate better SQL for the chosen database
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.SQLServer2012Dialect
# Hibernate ddl auto (create, create-drop, validate, update)
spring.jpa.hibernate.ddl-auto = update
sonar.java.binaries=bin
Does anybody know what this error means and how to resolve it?
The error mentioned that you need to provide the compiled classes of java using sonar.java.binaries
In your .gitlab-ci.yml file:
stages:
- build
- test
- sonarqube
build:
stage: build
script: "mvn compile"
test:
stage: test
script: "mvn test"
sonarqube:
stage: sonarqube
script: "mvn -U install sonar:sonar -Dsonar.projectKey=Gitlab-CI -Dsonar.projectName=Gitlab-CI -Dsonar.sources=. -Dsonar.java.binaries=**/* -Dsonar.language=java"
If in case you have added <sonar-java-binaries>target/classes</sonar-java-binaries> in your pom.xml, please remove. Only, have the entry of maven-sonar-plugin in the plugins section of pom.xml
Hope this might help you.
Related
I'm trying to automatically deploy a simple maven project to AWS lambda using Github, codebuild. When I build the project locally and upload the JAR file to lambda its works fine. However the issue occurs when I try to build the project using codebuild it always fails on a build stage throwing "COMMAND_EXECUTION_ERROR: Error while executing command: mvn package. Reason: exit status 1".
below is my buildspec.yml
version: 0.2
phases:
install:
runtime-versions:
java: corretto11
build:
commands:
- mvn package
- sam package
--template-file template.yml
--s3-bucket iit-cloud
--output-template-file packaged-template.yml
artifacts:
files:
- target/HelloWorld-1.0.jar
enter image description here
Please kindly help me
I am trying to build a gitlab CI/CD pipeline on my java maven project. I tried all the stages on my local machine and they are passing successfully but when I try the same things on gitlab repo it is throwing error. I tried almost every solution and gone through numerous posts to resolve the errors but to no use. Here is my yml content:
image: maven:3.5-jdk-8
variables:
MAVEN_CLI_OPTS: "-s .m2/settings.xml --batch-mode"
MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository"
include:
- template: Security/SAST.gitlab-ci.yml
cache:
paths:
- .m2/settings.xml
# Define stages
# Stages group various steps into one block,
# if any step fails, the entire stage fails
stages:
- validate
- compile
- SonarQube
- test
validate:
stage: validate
script:
- mvn validate
compile:
stage: compile
script:
- mvn $MAVEN_CLI_OPTS compile
sonarqube-check:
image: maven:3.6.3-jdk-11
stage: SonarQube
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
script:
- mvn sonar:sonar \ -Dsonar.projectKey=XX.XX.XXX.XXX \ -Dsonar.host.url=http://XX.XX.XXX.XXX \ -Dsonar.login=XX.XX.XXX.XXX -X
allow_failure: true
spotbugs-sast:
variables:
COMPILE: "false"
SECURE_LOG_LEVEL: "debug"
artifacts:
reports:
sast: gl-sast-report.json
#spotbugs-sast:
# variables:
# SECURE_LOG_LEVEL: "debug"
#FAIL_NEVER: 1
test:
stage: test
script:
- mvn $MAVEN_CLI_OPTS test -B
The stage validate and compile are running fine but I am getting warnings in sonar check and spotbugs sast. The same is running fine on my local.
In the sonarqube check the error is:
Error resolving version for plugin ' -Dsonar.host.url=http://XX.XX.XXX.XXX' from the repositories [local (/builds/XX.XX.XXX.XXX/.m2/repository), central (https://repo.maven.apache.org/maven2)]: Plugin not found in any plugin repository -> [Help 1]
org.apache.maven.plugin.version.PluginVersionResolutionException: Error resolving version for plugin ' -Dsonar.host.url=http://XX.XX.XXX.XXX' from the repositories [local (/builds/XXXX/XXXXX/.m2/repository), central (https://repo.maven.apache.org/maven2)]: Plugin not found in any plugin repository
and for the spotbugs-sast warning the error is:
[FATA] [Find Security Bugs] ▶ lstat /root/.m2/repository: no such file or directory
I have spent numerous hours resolving this and waiting for the project to compile successfully with all the stages but every time I was disappointed. Please help. I appreciate your time.
Maven recognized the String -Dsonar.host.url=http://XX.XX.XXX.XXX as a plugin/goal that it needs to resolve.
This is caused by the \ in your script.
Instead of:
mvn sonar:sonar \ -Dsonar.projectKey=XX.XX.XXX.XXX \ -Dsonar.host.url=http://XX.XX.XXX.XXX \ -Dsonar.login=XX.XX.XXX.XXX -X
try:
mvn sonar:sonar -Dsonar.projectKey=XX.XX.XXX.XXX -Dsonar.host.url=http://XX.XX.XXX.XXX -Dsonar.login=XX.XX.XXX.XXX -X
I assume that you copied that command from a format like this:
mvn sonar:sonar \
-Dsonar.projectKey=XX.XX.XXX.XXX \
-Dsonar.host.url=http://XX.XX.XXX.XXX \
-Dsonar.login=XX.XX.XXX.XXX -X
In bash the \ must be at the end of the line if the command contains a linebreak so it's recognized as one command.
But you need to remove it if you convert it to one line.
I have been trying to get more into the methodology of continuous integration as of recent, and have chosen Travis CI for the job. However, on one of my projects that uses Java and Kotlin my local builds pass, but fail on Travis.
I've been unable to make sense of the error messages that I am getting as to why my build is failing. kotlin-maven-plugin seems to be the origin of the errors. The problematic command as seen in the build logs is mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V.
I have run this command locally with no errors and a successful build.
Here's a relevant snippet of the stack trace from the CI Build Job:
[INFO] --- kotlin-maven-plugin:1.4.32:compile (compile) # BytesToJava ---
[ERROR] java.lang.ExceptionInInitializerError
at com.intellij.pom.java.LanguageLevel.<clinit>(LanguageLevel.java:25)
at com.intellij.core.CoreLanguageLevelProjectExtension.<init>(CoreLanguageLevelProjectExtension.java:26)
at com.intellij.core.JavaCoreProjectEnvironment.<init>(JavaCoreProjectEnvironment.java:42)
at org.jetbrains.kotlin.cli.jvm.compiler.KotlinCoreProjectEnvironment.<init>(KotlinCoreProjectEnvironment.kt:26)
at org.jetbrains.kotlin.cli.jvm.compiler.KotlinCoreEnvironment$ProjectEnvironment.<init>(KotlinCoreEnvironment.kt:121)
at org.jetbrains.kotlin.cli.jvm.compiler.KotlinCoreEnvironment$Companion.createForProduction(KotlinCoreEnvironment.kt:425)
Would appreciate some resources or even a relevant issue thread. Thanks in advance :)
Travis Build Logs
The problem was being caused by an issue with illegal reflective operations and the Kotlin Maven Plugin with any project over Java 9 (my project uses Java 15). As described by this thread on YouTrack, a workaround is to:
A workaround is to run mvn with the following environment variable: MAVEN_OPTS=--illegal-access=permit
Adding a global environment variable with the same value to my .travis.yml fixed the issue.
I have java project and I want to integrate it with SonarCloud I Follow the official steps:
Inspecting code with the SonarQube Scanner #
Before inspecting your code, you need to:
Create a user authentication token for your account on SonarCloud.
Encrypt this token travis encrypt abcdef0123456789 or define SONAR_TOKEN in your Repository Settings
Find which SonarCloud.io organization you want to push your project on and get its key
Create a sonar-project.properties file for your project (see the documentation). Then add the following lines to your .travis.yml file
to trigger the analysis:
add in my travis.yml file
addons:
sonarcloud:
organization: "xelian-github"
token:
secure: ${SONAR_TOKEN}
branches:
- master
script:
# other script steps might be done before running the actual analysis
- sonar-scanner
Where SONAR_TOKEN is a variable on Travis CI pointing to the key from SonarCloud.(It is not encrypted).
From SonarCloud I add permissions
But when I start the travis build I have the following error:
Setting environment variables from repository settings
$ export SONAR_TOKEN=[secure]
....
ERROR: Error during SonarQube Scanner execution
ERROR: You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator.
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
It seems to me that I the travis do not have permissions to upload results to SonarCloud. Is the problem in the token or in some Sonar configurations.
The official entry point to configure a project on SonarCloud is the "Get Started" page:
You will see that for Maven projects, you don't need to create a sonar-project.properties file at all
You will even find a link to a sample Maven project that is analyzed on SonarCloud
Finally I find a solution. In the root path whete the yml file is you have to add:
sonar-project.properties
# Required metadata
sonar.projectKey=java-sonar-runner-simple:master
sonar.projectName=Rss-service
sonar.projectVersion=1.0
# Comma-separated paths to directories with sources (required)
sonar.sources=/microservice-application/rss-reader-service/src/main/java
sonar.java.binaries=/microservice-application/rss-reader-service/target/classes
# Language
sonar.language=java
# Encoding of the source files
sonar.sourceEncoding=UTF-8
And in the travis.yml I add:
script:
# other script steps might be done before running the actual analysis
- mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install sonar:sonar
Edit:
sonar-project.properties not necessary. Only maven goals make sense.
I've successfully setup a project which uses Travis CI to for builds and tests. Now I'm trying to add Coverity Scan.
I created a branch called coverity_scan and set it be used for coverity builds. After I push a commit to this branch I can see in Travis CI build console that Coverity tool starts doing its job:
Coverity Scan analysis selected for branch coverity_scan.
Coverity Scan analysis authorized per quota.
...
Running Coverity Scan Analysis Tool...
The Travis build succeeds and in Coverity build-log.txt file I see this:
2016-10-06T21:02:39.132946Z|cov-build|2665|info|>
2016-10-06T21:02:39.132946Z|cov-build|2665|info|> Build time (cov-build overall): 00:01:36.812431
2016-10-06T21:02:39.132946Z|cov-build|2665|info|>
2016-10-06T21:02:39.134719Z|cov-build|2665|info|> Build time (Java emits total): 00:01:07.595656
2016-10-06T21:02:39.134719Z|cov-build|2665|info|>
2016-10-06T21:02:39.134719Z|cov-build|2665|info|>
2016-10-06T21:02:39.134763Z|cov-build|2665|info|> Emitted 30 Java compilation units (100%) successfully
2016-10-06T21:02:39.134763Z|cov-build|2665|info|> [WARNING] Recoverable errors were encountered during 1 of these Java compilation units.
2016-10-06T21:02:39.134763Z|cov-build|2665|info|>
2016-10-06T21:02:39.134763Z|cov-build|2665|info|> 30 Java compilation units (100%) are ready for analysis
2016-10-06T21:02:39.134763Z|cov-build|2665|info|> For more details, please look at:
2016-10-06T21:02:39.134763Z|cov-build|2665|info|> /home/travis/build/Edvinas01/chat-rooms/server/cov-int/build-log.txt
However after this finishes, I do not see any submitted builds or changes in projects Coverity dashboard. The project status stays on pending.
I've followed this guide and setup my .travis.yml file like this:
language: java
jdk:
- oraclejdk8
before_script:
- cd server
- chmod +x gradlew
script:
# Run tests when not on coverity branch.
- if [ ${COVERITY_SCAN_BRANCH} != 1 ]; then
./gradlew check;
fi
cache:
directories:
- ~/.gradle
after_success:
# Upload coveralls when not on coverity branch.
- if [ ${COVERITY_SCAN_BRANCH} != 1 ]; then
./gradlew cobertura coveralls;
else
cat cov-int/build-log.txt;
fi
notifications:
email:
on_success: change
env:
matrix:
- TERM=dumb
global:
# COVERITY_SCAN_TOKEN
- secure: "<TOKEN>"
before_install:
- echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
addons:
coverity_scan:
project:
name: "Edvinas01/chat-rooms"
description: "Build submitted via Travis CI"
notification_email: "<EMAIL>"
build_command_prepend: "./gradlew clean"
build_command: "./gradlew build"
branch_pattern: coverity_scan
Do I have to specify some additional configuration so that my Coverity builds get published?
Got some time and created a virtual machine with java and the coverity analysis tool. After pulling my project and running the tool I noticed this in the logs:
[WARNING] No files were emitted. This may be due to a problem with your configuration
or because no files were actually compiled by your build command.
After fiddling quite a bit and looking at other projects, I found out that this was due to Gradle version. My project was using 3.0 so I downgraded to 2.14.1 and it finally seems to be working.
For what is worth, there is no issue with using Coverity with any Gradle version, as long as you make sure you are not using the daemon (just to be sure you may specify --no-daemon on the command line).
That said, there are a number of other easy to miss gotchas, resulting in not-quite-obvious error messages.
For useful background, see Caleb's answer here:
Can't get Coverity Scan to work (Java/Kotlin/Gradle 3.3 on Windows and Travis)
For working example, you may refer to this project:
https://github.com/ddimtirov/nuggets