Issues on resource folders using Sonar Gradle Plugin 2.6.2 and newer

SonarQube
, , ,
1

Hi!

I’ve got some issues on our companies projects in analyzing XML and CSS issues. On our company we have to primary tooling versions analyzing our projects:

Old tooling/versions used:

  • SonarQube Server 6.7.6.38781 on debian linux using Database PostgreSQL 9.4.21 (Driver: 42.2.1)
  • sonarCSS 1.0.3 build 724
  • sonarGroovy 1.5
  • sonarJava 5.10.2 build 17701
  • sonarXML 2.0.1 build 2020
  • Gradle project using Gradle 2.14.1
  • Sonar Gradle Plugin Version 2.0.1

New tooling/versions used:

  • SonarQube Server 6.7.6.38781 on debian linux using Database PostgreSQL 9.4.21 (Driver: 42.2.1)
  • sonarCSS 1.0.3 build 724
  • sonarGroovy 1.5
  • sonarJava 5.10.2 build 17701
  • sonarXML 2.0.1 build 2020
  • Gradle project using Gradle 4.10.1
  • Sonar Gradle Plugin Version 2.6.2

Error observed:
On old tooling the analysis works great. Java and groovy code get’s analysed properly. The .xml and .css files on resource folders get analysed correctly, too.
On new tooling, java and groovy gets analysed well, too. Some xml’s on java folders got analysed, too. But it is not possible to get sonar to analyse the resource folders. In gradle they are registered as resource source sets. I tried forcing sonar to analyse the resource folders by:

  • using source set auto detection
  • adding source folders in project configuration on sonarqube web app
  • adding folder to sonar property sonar.sources

Here the analysis log

SonarQube plugins:
  - Code Smells 4.0.0 (smells)
  - SonarCSS 1.0.3.724 (cssfamily)
  - PMD 3.1.3 (pmd)
  - jDepend 1.1.1 (jdepend)
  - Svn 1.8.0.1168 (scmsvn)
  - SonarJS 5.0.0.6962 (javascript)
  - Findbugs 3.9.2 (findbugs)
  - Groovy 1.5 (groovy)
  - SonarJava 5.10.2.17019 (java)
  - LDAP 2.2.0.608 (ldap)
  - Git 1.7.0.1491 (scmgit)
  - SonarXML 2.0.1.2020 (xml)
  - Pitest 0.9.1 (pitest)
  - PSG Java Regeln 1.0.3-SNAPSHOT (psgjavarules)
  - Build Breaker 2.2 (buildbreaker)
  - Checkstyle 4.17 (checkstyle)
Global properties:
  - email.from=SonarQube@***************
  - email.prefix=[SONARQUBE]
  - email.smtp_host.secured=******
  - email.smtp_port.secured=******
  - sonar.buildbreaker.queryInterval=30000
  - sonar.buildbreaker.queryMaxAttempts=120
  - sonar.core.id=***************
  - sonar.core.serverBaseURL=https://sonar-test.***************
  - sonar.core.startTime=2019-03-05T15:33:14+0100
  - sonar.dbcleaner.hoursBeforeKeepingOnlyOneSnapshotByDay=168
  - sonar.global.exclusions=**/generated/**/*.java
  - sonar.jacoco.reportPaths=target/jacoco.exec, target/jacoco-it.exec,build/output/jacoco/jacocoTest.exec
  - sonar.links.ci=https://jenkins-prod.***************
  - sonar.links.scm=https://***************
  - sonar.scm.disabled=false
  - sonar.svn.password.secured=******
  - sonar.svn.username=sonarqube
Settings for module: group:project:subproject
  - sonar.binaries=D:\projekte\intern\project\subproject\build\classes\java\main
  - sonar.java.binaries=D:\projekte\intern\project\subproject\build\classes\java\main
  - sonar.java.libraries=D:\.gradle\caches\modules-2\files-2.1\...
  - sonar.java.test.binaries=D:\projekte\intern\project\subproject\build\classes\java\test
  - sonar.java.test.libraries=D:\projekte\intern\project\subproject\build\classes\java\main,D:\projekte\intern\project\subproject\build\resources\main,D:\.gradle\caches\modules-2\files-2.1\...
  - sonar.junit.reportPaths=D:\projekte\intern\project\subproject\build\test-results\test
  - sonar.junit.reportsPath=D:\projekte\intern\project\subproject\build\test-results\test
  - sonar.libraries=D:\.gradle\caches\modules-2\files-2.1\...
  - sonar.moduleKey=group:project:subproject
  - sonar.projectBaseDir=D:\projekte\intern\project\subproject
  - sonar.projectKey=group:project:subproject
  - sonar.projectName=subproject
  - sonar.sources=D:\projekte\intern\project\subproject\src\main\java
  - sonar.surefire.reportsPath=D:\projekte\intern\project\subproject\build\test-results\test
  - sonar.tests=D:\projekte\intern\project\subproject\src\test\java
Settings for module: group:project
  - sonar.branch=plugintest
  - sonar.host.url=https://sonar-test.*****
  - sonar.java.libraries=D:\Tools\OpenJDK8\jre\lib\rt.jar
  - sonar.java.source=1.8
  - sonar.java.target=1.8
  - sonar.java.test.libraries=D:\Tools\OpenJDK8\jre\lib\rt.jar
  - sonar.libraries=D:\Tools\OpenJDK8\jre\lib\rt.jar
  - sonar.modules=:subproject
  - sonar.projectBaseDir=D:\projekte\intern\project
  - sonar.projectKey=group:project
  - sonar.projectName=project
  - sonar.projectVersion=1.0.2-SNAPSHOT
  - sonar.scanner.app=ScannerGradle
  - sonar.scanner.appVersion=2.7-SNAPSHOT/4.4.1
  - sonar.sourceEncoding=windows-1252
  - sonar.sources=
  - sonar.working.directory=D:\projekte\intern\project\build\sonar

I tried to do analysis by triggering on Jenkins build node (windows and linux) and on windows 10 workstation. Always same behaviour.

Steps to reproduce:

  • Create Gradle project using new tooling specs.
  • Register sonar gradle plugin
  • Register resource source set on build.gradle, e.g. src/main/resources
  • Add .xml or .css files on resource folder.
  • analyze project by ./gradlew sonarqube

potential workaround:

  • Use old tooling.
  • On new tooling, I was not able to identify a workaround

I hope you may provide a solution to analyze project on new tooling correctly. Thx.

Yours,

Christian

2

Hi,

It seems to me it’s a feature and not a bug :slight_smile: See this ticket implemented in Scanner for Gradle v2.5.

Try something like these to workaround this behaviour:

// build.gradle
sonarqube {
    properties {
        properties["sonar.sources"] += xxx
    }
}
3

Thanks for the help. Did work with a little modification:

subprojects { sp ->
  plugins.withId( 'java' ) {
    if( file( "${sp.projectDir}/src/main/resources" ).exists() ) {
      sonarqube {
        properties {
	   properties[ 'sonar.sources' ] +=  "${sp.projectDir}/src/main/resources"
        }
      }
    }
  }
}