Getting sonar to work from init.gradle

SonarQube Cloud
1

Hi there,

Is there a guide to getting sonar to work from init.gradle as opposed to using build.gradle? We are trying to get this to work and hitting an issue where it appears the analysis is done, we see in the logs that number of files has been analysed and that the upload has succeeded but we also don’t see any files or issues in SonarCloud.

The intent behind doing it this way is that we need to analyse lots of projects and I do not want to modify their build files and processes - we simply want to have sonar be an ‘add-on’ to the process’ for now.

What we done is as follows:

  • put the following into init.gradle
          allprojects {
             buildscript {
                repositories {
                    mavenCentral()
                    maven {
                      url "https://plugins.gradle.org/m2/"
                    }
                }
                dependencies {
                  classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:4.2.1.3168"
                }
          }
        
          apply plugin: 'java'
          apply plugin: 'jacoco'
          
          afterEvaluate { project ->
              project.apply plugin: 'org.sonarqube'
          }               
        }
  • put into gradle.properties the following:
          systemProp.sonar.host.url=https://sonarcloud.io
          systemProp.sonar.projectKey=REDACTED-ON-PURPOSE-SK
          systemProp.sonar.projectName=REDACTED-ON-PURPOSE-PN
          systemProp.sonar.organization=REDACTED-ON-PURPOSE-ORg  
          systemProp.qualitygate.wait=true
  • run gradle using:
gradle -Dsonar.token="REDACTED_TOKEN" -Dsonar.verbose=true -Dorg.gradle.daemon=false --init-script init.gradle --info --stacktrace properties sonar

Now, the thing is:

  • we see that report is successfully uploaded
  • we see that properties are set (which is consistent with successful update as, if this wasn’t correct, report could not be matched to correct organisation and project)
  • we see in SonarCloud UI that the branch this is analysing is completed, and the timestamp when this was analysed is as expected and commit# matches and nicely links to Gitlab (which we use as CI)
  • we did not analyse master branch yet (could this be cause of the problem?)
  • but we see no issues and no code and no code coverage.

This looks like most likely culprit but I’m not sure what to do with this:

216 source files to be analyzed

[1066](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1066)> Task :sonar

[1067](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1067)Could not report issue with code highlighting, using plain text instead. Check whether the product is outdated.

[1068](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1068)java.lang.UnsupportedOperationException: null

[1069](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1069) at org.sonar.api.batch.sensor.issue.internal.DefaultIssueLocation.newMessageFormatting(DefaultIssueLocation.java:97)

[1070](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1070) at org.sonarsource.kotlin.plugin.InputFileContextImpl.message(InputFileContext.kt:94)

[1071](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1071) at org.sonarsource.kotlin.plugin.InputFileContextImpl.reportIssue(InputFileContext.kt:69)

[1072](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1072) at org.sonarsource.kotlin.api.AbstractCheck.reportIssue$sonar_kotlin_plugin(AbstractCheck.kt:66)

[1073](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1073) at org.sonarsource.kotlin.api.AbstractCheck.reportIssue$sonar_kotlin_plugin(AbstractCheck.kt:85)

[1074](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1074) at org.sonarsource.kotlin.api.AbstractCheck.reportIssue$sonar_kotlin_plugin$default(AbstractCheck.kt:80)

[1075](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1075) at org.sonarsource.kotlin.checks.SimplifiedPreconditionsCheck.visitFunctionCall(SimplifiedPreconditionsCheck.kt:79)

[1076](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1076) at org.sonarsource.kotlin.api.CallAbstractCheck.visitCallExpression(CallAbstractCheck.kt:42)

[1077](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1077) at org.sonarsource.kotlin.api.CallAbstractCheck.visitCallExpression(CallAbstractCheck.kt:27)

[1078](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1078) at org.jetbrains.kotlin.psi.KtCallExpression.accept(KtCallExpression.java:35)

[1079](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1079) at org.sonarsource.kotlin.visiting.KtChecksVisitor$visit$1$1$1.invoke(KtChecksVisitor.kt:39)

[1080](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1080) at org.sonarsource.kotlin.visiting.KtChecksVisitor$visit$1$1$1.invoke(KtChecksVisitor.kt:34)

[1081](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1081) at org.sonarsource.kotlin.plugin.MetricsUtilsKt.measureDuration(MetricsUtils.kt:26)

[1082](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1082) at org.sonarsource.kotlin.visiting.KtChecksVisitor.visit(KtChecksVisitor.kt:34)

[1083](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1083) at org.sonarsource.kotlin.visiting.KotlinFileVisitor.scan(KotlinFileVisitor.kt:28)

[1084](https://gitlab.com/coinmetrics/exporters/defi-exporter/-/jobs/4605030225#L1084) at org.sonarsource.kotlin.plugin.KotlinSensor$visitFile$1.invoke(KotlinSensor.kt:258)

We also see lots of:

Failed to prepare download of the sensor cache
org.sonar.api.utils.MessageException: Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator

in the logs which is not consistent with the fact that the report was uploaded successfully i.e. it can’t be that these are not set.

We’re using the following docker image: gradle:8.2.0-jdk11-jammy instead of one from SonarCloud docs (gradle:alpine) but I don’t think this is the cause of problem.

What would you suggest to advance this?
I also tried to login to the support channel but it does not appear to allow logins using my private or corporate email which I don’t quite understand as we are a customer.

Thanks in advance,

Dalen

2

Hey there.

  • Can you share your GitLab CI YAML file?
  • Is this failure in the context of a pull request, and do you have more success on a branch?
3

Thanks Colin,

This is scan on a branch; we have not tried yet to deal with pull requests.

GitLab CI file (sorry - not very tidy):

sonarqube-check:
  image: gradle:8.2.0-jdk11-jammy

  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  stage: build
  script:
    - |
        cat >> gradle.properties << EOF
          
          systemProp.sonar.host.url=https://sonarcloud.io
          systemProp.sonar.projectKey=REDACTED
          systemProp.sonar.projectName=REDACTED
          systemProp.sonar.organization=REDACTED  
          systemProp.qualitygate.wait=true
        EOF
    - |
        cat >> init.gradle << EOF
          allprojects {
             buildscript {
                repositories {
                    mavenCentral()
                    maven {
                      url "https://plugins.gradle.org/m2/"
                    }
                }
                dependencies {
                  classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:4.2.1.3168"
                }
          }
        
          apply plugin: 'java'
          apply plugin: 'jacoco'
          
          afterEvaluate { project ->
              project.apply plugin: 'org.sonarqube'
          }               
        }        
        EOF
    - cat init.gradle
    - cat gradle.properties
    - mkdir /p .gradle
    - mv gradle.properties .gradle
    - gradle -Dsonar.token="REDACTED" -Dsonar.verbose=true -Dorg.gradle.daemon=false --init-script init.gradle --info --stacktrace properties sonar
    - gradle properties
  tags:
    - REDACTED
  allow_failure: true
  rules:
    - if: $CI_COMMIT_BRANCH == 'REDACTED'

What we do from each of the main projects, we just use include to include this file and we see that separate agent is spawned as expected. As said, what confuses me is that I see upload working and even analysis shows correct number of files but the results of the upload are non-existent. And there’s lots of these ‘Project not found’ exceptions despite the fact that it does successfully upload what appears to be empty report or maybe, a report that is damaged by above Java exception.

4

Hi guys,

I’m hoping someone from SonarQube team has some ideas how to proceed with this?

Thanks,

Dalen

5

Can you clarify what you mean here with screenshots? I’m not quite sure I understand.

Perhaps you’re analyzing as a short-lived branch which contains no changes compared to your main branch, and as a result there are 0 “New” lines of code? Short-lived branches only show issues/metrics on new lines of code.

6

Colin,

We found a different way around it by using sonarsource/sonar-scanner-cli:latest image.

However, our (very inconclusive) testing has shown that results were not visible until we analysed master branch. Is this something you’d expect?

Finally, is there a way to customise Project Key? If we import project from GitLab it seems to assign some alphanumeric name for the Key but ideally, we’d like this to map to GitLabs “Project Id”. I think UI does not allow to modify this once created.

7

Hey there.

I would really suggest that you continue to use the Scanner for Gradle.

Yes, this sounds like what would happen if you are scanning a short-lived branch or a pull request (as linked above). You would receive full results on the scan of a long lived branch, like your default main/master/develop branch.

Have you tried using init.gradle while analyzing your default branch?

Yes, you can update the project key under the project-level Administration > Update Key

8

No, we didn’t try to code merge that. I suspect it would probably work but I prefer the new method anyway.

As for updating project key, thanks. That worked.