Android gradle SonarQube plugin seems to overwrite global settings for sonar.host.url

mattias_ostergren · September 27, 2019, 8:10am

Hello!

I am experiencing a problem with the Android gradle SonarQube plugin when I want to specify a sonar.host.url other than localhost:9000. I cannot get the setting to take effect.

My analysis of the source it seems that the host.url parameter may be overwritten by sonarqube plugin. See details below:

Precondition

Here is the version of the plugin I am using in my gradle script

$ ./gradlew buildEnvironment
…

-– org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.1
-– org.sonarsource.scanner.api:sonar-scanner-api:2.9.0.887

There is NO local sonarqube host.

Steps to reproduce

A. I specify sonar.host.url via the command line:

$ ./gradlew -Dsonar.host.url=http://sonar-host -Dsonar.verbose=true --stacktrace sonarqube

Note that specifying -DsystemProp.sonar.host.url=… produce same end-result.
And adding setting to gradle.properties also results in below problem.

The build fails. Here is the interesting part of the stack trace:

Task …:sonarqube FAILED
SonarQube server [http://localhost:9000] can not be reached

…

Caused by: org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
at org.sonarqube.gradle.SonarQubeTask.run(SonarQubeTask.java:98)

Analysis

From:

github.com

SonarSource/sonar-scanner-gradle/blob/0b43edcf6facf89b76289942ba1dd9c20c842958/src/main/java/org/sonarqube/gradle/SonarQubeTask.java

/**
 * SonarQube Gradle Plugin
 * Copyright (C) 2015-2017 SonarSource
 * sonarqube@googlegroups.com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
 */
package org.sonarqube.gradle;

This file has been truncated. show original

sonar-scanner-gradle/src/main/java/org/sonarqube/gradle/SonarQubeTask.java

line 82: public void run() {

…

EmbeddedScanner scanner = EmbeddedScanner.create(LOG_OUTPUT)
  .setApp("ScannerGradle", getPluginVersion() + "/" + getProject().getGradle().getGradleVersion())

97: .addGlobalProperties(propertiesObject);
scanner.start();
scanner.runAnalysis(propertiesObject);
scanner.stop();
}

From:

github.com

SonarSource/sonar-scanner-commons/blob/c39215b183a5357b77537998a97b6290a41636d7/api/src/main/java/org/sonarsource/scanner/api/EmbeddedScanner.java

/*
 * SonarQube Scanner API
 * Copyright (C) 2011-2017 SonarSource SA
 * mailto:info AT sonarsource DOT com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 */
package org.sonarsource.scanner.api;

This file has been truncated. show original

sonar-scanner-api/api/src/main/java/org/sonarsource/scanner/api/EmbeddedScanner.java

line 154: public void start() {
initGlobalDefaultValues();
doStart();
}

line 183: private void initGlobalDefaultValues() {
setGlobalDefaultValue(ScannerProperties.HOST_URL, “http://localhost:9000”);
setGlobalDefaultValue(InternalProperties.SCANNER_APP, “SonarQubeScanner”);
setGlobalDefaultValue(InternalProperties.SCANNER_APP_VERSION, ScannerApiVersion.version());
}

Analysis

line 184 of EmbeddedScanner.java start() seems to overwrite the HOST_URL parameter with a call to initGlobalDefaultValue() that was set in SonarQubeTask.java line 97 with addGlobalProperties()

Later versions (e.g. 2.7.1) of the plugin has a similar chain of calls and also seems overwrite the HOST_URL parameter too.

Best regards

dmeneses · September 30, 2019, 9:20pm

Hi,

In the code you posted, setGlobalDefaultValue only sets the default value is the property key is not already present. It’s hard to believe that the scanner can’t be configured to connect to a different host other than localhost:9000, so this is a very strange situation.

Could you post how you are configuring the sonarqube task in your build.gradle? Or ideally do you have a simple reproducer?

mattias_ostergren · October 1, 2019, 7:07am

Hi,

Thanks for reply.

Here is the essential parts of the build gradle file.
They are taken from the instructions found here: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-gradle/

top level build.gradle

buildscript {
…
dependencies {
… maven setup …
classpath “org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.1”
}

app-level build.gradle

apply plugin: ‘kotlin-android’
…
apply plugin: ‘org.sonarqube’

sonarqube {
properties {
property “sonar.sourceEncoding”, “UTF-8”
property “sonar.host.ur”, “http://my-destination”
property “sonar.verbose”, “true”
}
}

no matter what I do e.g.
./gradlew sonarqube or ./gradlew -Dsonar.host.url=http://… sonarqube

or try to run from within Android studio

the result is unfortunately the same. It will try to access the http://localhost:9000

Both on my local windows machine and linux environment.

dmeneses · October 1, 2019, 3:04pm

Hi
Looks like you are loading a gradle plugin from the classpath, you should probably load from the official plugin repository. Also you can upgrade to the latest release v2.7.1.

Here is a minimal reproducer:

plugins {
  id "org.sonarqube" version "2.7.1"
}
apply plugin: 'org.sonarqube'

sonarqube {
  properties {
    property 'sonar.host.url', 'http://google.com'
  }
}

The result of gradle sonarqube is what is expected:

Task :sonarqube FAILED
Task ‘:sonarqube’ is not up-to-date because:
Task has not declared any outputs despite executing actions.
SonarQube server [http://google.com] can not be reached

dmeneses · October 1, 2019, 3:05pm

If you can get a reproducer of the problem (as a simple build.gradle thta works) that would be great.

mattias_ostergren · October 2, 2019, 1:02pm

Hi again,

Thanks for support!

Unfortunately the suggestion above (to specify plugin version) fails with a syntax error.

It seems that gradle doesn’t like the “plugins” clause.

mattias_ostergren · October 2, 2019, 1:05pm

And I will try to provide a simple way of reproducing the problem.

mattias_ostergren · October 3, 2019, 7:03am

@Duarte Meneses

Hi again,

Good news! I totally agree that my analysis above was off. However, I have found a “minimal” way of reproducing the problem I experienced, which seems to be due to some other problem.

In doing so I have also found a way to work-around it. And I can see now (from pcap packet traces) that I am able to reach my SonarQube host. I stumble into some other problem, but that is another story.

So thanks for patience and support.

I’ll make another post with the gradle files from my minimal project.

mattias_ostergren · October 3, 2019, 8:03am

Here is a gist with the gradle files of an Android project.

gist.github.com

https://gist.github.com/mattias-ostergren/6299bb730550974c291482fcd4bd7332

app:build.gradle

apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: 'kotlin-kapt'
apply plugin: 'org.sonarqube'

sonarqube {
    properties {
        property "sonar.sourceEncoding", "UTF-8"
        property "sonar.host.url", "http://local-sonar"

This file has been truncated. show original

build.gradle

// Top-level build file where you can add configuration options common to all sub-projects/modules.

buildscript {
    ext.kotlin_version = '1.3.41'
    repositories {
        mavenLocal()
        maven {
            url 'http://local-maven'
            credentials {
                username 'usr'

This file has been truncated. show original

gradle.properties

# Project-wide Gradle settings.
# IDE (e.g. Android Studio) users:
# Gradle settings configured through the IDE *will override*
# any settings specified in this file.
# For more details on how to configure your build environment visit
# http://www.gradle.org/docs/current/userguide/build_environment.html
# Specifies the JVM arguments used for the daemon process.
# The setting is particularly useful for tweaking memory settings.
org.gradle.jvmargs=-Xmx1536m
# When configured, Gradle will run in incubating parallel mode.

This file has been truncated. show original

There are more than three files. show original

The files are generated by Android Studio (v 3.5) by selecting “create empty activity”. I’ve also added an empty library. And then modified the files.

The problem is in “app:build.gradle” line 43. This will cause the sonarqube plugin to always go to the localhost (using the steps above).

Removing the androidTestImplementation makes the sonar.host.url setting take effect.

dmeneses · October 3, 2019, 6:39pm

Hi,
It would be best having a reproducer that doesn’t rely on a local maven repo
Anyway, I think I got it working. I do get an error because sonarqube is failing to detect the variation, probably due to misconfiguration.

Could you please try to:

Use v2.8 of sonarqube
Remove this block since I think it’s delegating to the extension in app and not in testlib.

Thanks.

mattias_ostergren · October 4, 2019, 6:37am

Thanks!
I got your point about maven local. My bad!
Life is very dificult behind corporate firewalls.

To be honest I don’t know how to specify a particular version of sonarqube plugin in my environment. My experience is the plugin {} clause causes syntax error in gradle… I need to research this a bit.

I confirm that removing the line skipProject=true will make the setting to take effect.