Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube: 7.5.0
Sonar Maven Plugin: 3.9.1.2184
What are you trying to achieve
I am working with a team that wants to run their project (Angular wrapped with Spring Boot) through a Sonar scan. The Angular sub-module has the majority of source, whereas the Spring Boot sub-module is simply intended to be a vehicle for hosting the Angular files and a means to easily utilize Cloud capabilities. It also includes a Cordova layer to fully realize the hybrid-hosted web app model, but those are mostly configuration files (no developer-created source). So that layer will not be scanned, but I figured I’d mention that it’s another aspect of the project.
This project is structured as a “pseudo” multi-module project. I say “pseudo” in a sense that the project is split up based on frameworks used (see simplified directory structure below), but there’s no over-arching parent that establishes an association with these sub-modules.
application
├── angular
| ├── src
| | └── app
| ├── package.json
| └── package-lock.json
└── spring
├── src
| ├── main
| | └── java
| └── test
| └── java
└── pom.xml
I understand that this may very well not be the optimal structure for this project. My question is mostly geared towards understanding if it’s possible for the Sonar scan to handle this project in its current state. If it’s absolutely not possible, then we can investigate alternative project structuring, or any other suggestions.
Ideally we’d like to run scans against both sub-modules. mvn sonar:sonar is invoked in our CI pipeline in the application/spring directory. The reason for scanning the project via the Maven Sonar plugin is that this project uses a templated CI pipeline, and that templated CI pipeline invokes one build system (based on developer specification in a pipeline configuration file) to download dependencies, compile, test, package and publish. So we use Maven but also register custom npm tasks into the build lifecycle using the exec-maven-plugin. I realize this might also be an area of opportunity, but it’s the best solution we’ve devised thus far to fit into our templated CI pipeline solution.
What have you tried so far to achieve this
I’ve referenced numerous community posts related to this same topic, but their concerns seem a bit different than our concerns…
Presently our pom.xml contains these sonar properties. Please note that I omitted a number of properties and only included those that I believe are pertinent to the issue.
As an aside, ${env.WORKSPACE} resolves to the absolute path of the workspace on Jenkins.
<sonar.projectBaseDir>${env.WORKSPACE}/application</sonar.projectBaseDir>
<sonar.modules>angular,spring</sonar.modules>
<!-- Angular sub-module -->
<angular.sonar.projectBaseDir>${env.WORKSPACE}/application/angular</angular.sonar.projectBaseDir>
<angular.sonar.projectKey>${project.groupId}:${project.artifactId}</angular.sonar.projectKey>
<angular.sonar.sources>src/app</angular.sonar.sources>
<angular.sonar.tests>src/app</angular.sonar.tests>
<angular.sonar.test.inclusions>**/*.spec.ts</angular.sonar.test.inclusions>
<angular.sonar.ts.tslint.configPath>tslint.json</angular.sonar.ts.tslint.configPath>
<!-- Spring sub-module -->
<spring.sonar.projectBaseDir>${env.WORKSPACE}/application/spring</spring.sonar.projectBaseDir>
<spring.sonar.projectKey>${project.groupId}:${project.artifactId}-spring</spring.sonar.projectKey>
<spring.sonar.sources>src/main/java</spring.sonar.sources>
<spring.sonar.tests>src/test/java</spring.sonar.tests>
The build fails with the following message.
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project application: Dir /var/jenkins/test123/workspace/job/application/angular/src/app should be relative to project baseDir -> [Help 1]
I was under the impression that the angular.sonar.projectBaseDir would be honored during the scan of files under application/angular. However, it seems sonar.projectBaseDir is taking priority. I also tried removing the sonar.projectBaseDir property from the pom file, but the results are the same.