Java 11 deprecated vs SonarScanner for Gradle

Jun_Wu · August 3, 2023, 11:15am

If we only use the gradle plugin to run the command ./gradlew sonarqube for passing the result file to SonarCloud, would it been impacted?

Alexandre_Gigleux · August 3, 2023, 2:32pm

Hello,

I moved your question to a dedicated thread. I confirm that all scans are impacted if they are not running in a Java17 context.

When you use the SonarScanner for Gradle, you need to make sure that your scan is running in a Java17+ context.
Actually when you run ./gradlew sonarqube (it should be ./gradlew sonar BTW), this triggers under the hood the compile gradle steps and the sonar step because sonar needs to get the binaries to generate accurate results. This is something we will change soon to be more explicit and users will have to run ./gradlew assemble sonar to get the same accurate results.

If your build is already relying on Java17, you have nothing specific to do.
If you have to continue to build with Java11, then you need to do it in two steps:

JAVA_HOME=path to Java11
./gradlew assemble
JAVA_HOME=path to Java17
./gradlew sonar -x compile

Alex

Jun_Wu · August 9, 2023, 2:51am

Hey Alexandre.

Thanks for your reply.

Actually, I am using ./gradlew sonarqube only, maybe the version or function I used is not latest.

I am not familiar with the difference between ./gradlew sonarqube and ./gradlew sonar, so I ask chatGPT.

Base on the chatGPT’s reply:
1. ./gradlew sonarqube is used to analyze and measure the quality of code
2. ./gradlew sonar is used to simply view the results of a previous analysis

And combine your reply, ./gradlew sonarqube is same with ./gradlew assemble sonar -x compile.

I have following questions want to double confirm:

What’s the ./gradlew sonarqube meaning?
If you are right, I only need to separated the ./gradlew sonarqube to ./gradlew assemble in java11 and ./gradlew sonar -x compile in java17, it should work after java11 deprecated

Thank you in advance.
Have a nice day.

Colin · August 9, 2023, 8:07am

ChatGPT has data up until September 2021 – and gradle sonar was introduced in October 2022… so ChatGPT is just making stuff up. gradle sonarqube is deprecated and replaced with gradle sonar because the scanner is used for both SonarQube and SonarCloud.

Yes, this is correct.

Jun_Wu · August 9, 2023, 8:24am

Hey Colin,

Thank you for your confirmations.
I think it should help me a lot, I will try it later, then choose the final solution.

Have a nice day.

Jun_Wu · August 23, 2023, 10:47am

Hey, hope you are doing well.

I still have a question.
My project is a Android project, I run the command of ./graddlew sonar -x compile failed due to the project has multiple tasks which name involves compile.

Is there any other way to skip complication for ./gradlew sonar?
To my understanding, we only need to skip the complication step and analyze the dex/class file directly.

Alexandre_Gigleux · August 24, 2023, 9:04am

Hello,

Sorry, I should have been more clear. You should exclude all the compile tasks. To get their names, you can run this to get the list of the tasks that will be executed:

gradle build --dry-run

Then, you should locate all the “compile” related tasks and exclude them.
For example, if I run this command on a very simple Java project, I will get this:

:compileJava SKIPPED
:processResources SKIPPED
:classes SKIPPE
:jar SKIPPED
:startScripts SKIPPED
:distTar SKIPPED
:distZip SKIPPED
:assemble SKIPPED
:compileTestJava SKIPPED
:processTestResources SKIPPED
:testClasses SKIPPED
:test SKIPPED
:check SKIPPED
:build SKIPPED

So the command to scan with Sonar will be:

./graddlew sonar -x compileJava -x compileTestJava