Error while setting up SonarCloud for a multimodule Maven project

wassim · March 10, 2021, 10:56am

Project is hosted on:

GitHub - opencellsoft/core
Sonar project https://sonarcloud.io/project/configuration?id=opencellsoft_core
Both github actions and local maven where tested
the used command locally : mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar

secret was added to github or to env variables, and properties where added to core/pom.xml at integration · opencellsoft/core · GitHub

Different solutions where tested:

First Test
As suggested by the Sonarcloud configuration page the below properties where added but we got an error

<sonar.projectKey>opencellsoft_core</sonar.projectKey>
<sonar.organization>opencellsoft</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>

Error:
Project 'opencellsoft_core' can't have 2 modules with the following key: opencellsoft_core
Second attempt
transform the projectkey to
<sonar.projectKey>opencellsoft_core-${project.groupId}:${project.artifactId}</sonar.projectKey>
Error:
You're not authorized to run analysis. Please contact the project administrator.
3rd Attempt
Add modulekey properties
<sonar.projectKey>opencellsoft_core</sonar.projectKey> <sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
Error:
You're not authorized to run analysis. Please contact the project administrator.

Do you have any idea how to resolve this issue ?

Thanks

Peeter_Piegaze · March 10, 2021, 3:56pm

Hi Wassim,

Welcome to the community!

Your third example is basically correct. The top level POM should have the following:

<sonar.projectKey>opencellsoft_core</sonar.projectKey>
<sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
<sonar.organization>opencellsoft</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>

The basic idea is that for a multi-module analysis you only need to “sonarify” the top level POM and, in particular, add a parameterized sonar.moduleKey element, which you have done.

The error you are getting, “You’re not authorized to run analysis”, suggests that you may be using an incorrect project key or organization key. Or that you have not configured the correct SONAR_TOKEN environment variable / secret. Can you check these?

Peeter_Piegaze · March 11, 2021, 8:36am

I forked your repo and I was able to get an analysis using the equivalent of the above configuration (except I used my own project key and organization). Can you confirm that it works for you?

wassim · March 11, 2021, 8:51am

Yes I confirm that the issue was resolved on adding the secret token in Repository secrets instead of environment secrets in Github

Thanks!

Peeter_Piegaze · March 12, 2021, 9:36pm

By the way. While investigating this issue I found an problem where the scanner was throwing errors related to the Java version.

I was able to fix this by using the most recent version of the scanner plugin: version 3.8.0.2131

<build>
        <pluginManagement>
            <plugins>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
                    <version>3.8.0.2131</version>
                </plugin>
...
        </pluginManagement>
</build>

I suggest you make this change to your top level POM.

system · March 19, 2021, 9:36pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.