Can Sonar work with incremental Maven builds?

We’re using SonarQube 7.9, Developer Edition (currently trialling), and the Sonar Scanner for Maven, version 3.6.0.1398.

We use TeamCity for CI, and Maven to build Java projects. TeamCity offers an option that it calls “incremental building”. That basically means it will not re-built the whole project every time, particularly for feature/bug fix branches, but only those modules where the actual changes are (and those that depend on them, if applicable). It achieves that by kicking off a Maven build with the -pl :module1 :module2 ... option to limit which modules are covered. It often reduces build times significantly.

I’m now trying to integrate Sonar analysis with this build approach. But I’ve not been lucky so far. Without the incremental build setup, i.e. when the whole project is built in a TeamCity job, we can just add the Sonar analysis as the following build step and it all works fine. But when we enable the incremental build option, the Sonar analysis in the next step will fail because it is missing the binaries for those modules that were unchanged. This of course makes sense for a full analysis, but I was somehow hoping that it would work for a branch analysis. I there some basic misunderstanding there about what branch analysis runs do?

Next thing I tried was to add the Sonar analysis as an additional Maven target in the main build, so that it would also get the pl ... option to limit the module scope. But this failed, again because it failed to resolve some compiled binaries.

Then I tried adding the -pl parameter (and -am) to the Sonar analysis run in a separate build step after the main build. In that case the (branch) analysis did complete, and a report was submitted to my central SonarQube server. However the results were very unpredictable: On exactly the same set of changes on the branch, sometimes it would show zero issues, sometimes loads, but most of them on code that wasn’t touched at all by the changes. Test coverage would mostly show as zero although it isn’t, on a few occasions it showed a higher percentage.

Has anyone tried using Sonar with this incremental build approach before? Do you reckon it should be possible to do it, or do I have a basic misunderstanding of how the branch analysis works? Any suggestions are appreciated.

Hi,

Welcome to the community!

I’m not shocked that your results analyzing a subset of the project were strange, although that might not have been entirely due to the limited analysis. It sounds like you may also have the SCM integration disabled or the SCM data files unavailable to analysis?

You might be able to get this to work using inclusions. Normally I counsel setting inclusions and exclusions via the UI, altho that doesn’t seem practical in your case. Just keep in mind that correctly setting them via analysis parameters can be tricky, so be patient.

Another approach to try is seeding your workspace with the artifacts from a full build of the base branch (probably main/master in most cases) and just overlaying the new build of the modules that have changed.

 
HTH,
Ann