According to
SonarSource plans to drop support for Java 11 as a runtime environment on 15th of November.
We are using SonarCloud and practically don’t have any “runtime environment”. What exactly will happen on 15th of November?
We have a command in a pipeline, which does the scan. Something like this:
mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar ...
Will it stop working? Will it stop working even if we won’t update the version number of the plugin? Really?
Hello,
The “runtime environment” I’m talking about in my various posts is the one of your pipeline.
If this command mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar is only there to scan the code and not to build+scan then you have to make sure that the “java” command that in used in the background by Maven is a Java 17.
It means before calling “mvn”, you need to tell your pipeline to run the next command in a Java 17 context.
I’ve asked ChatGPT to generate a pipeline file for GitHub Action just to show you what I’m talking about:
Can you share your pipeline so that we can better guide you?
Alex
I cannot just login on to Bamboo Agent using root credential and install JDK17. It it not how it works in bigger companies.
License department must clear out, if the usage of the JDK17 falls under the same agreement as the usage of JDK11. Additional efforts are coming because of visualized environment. Oracle License rules for visualized systems are terrifying sophisticated. The final decision must be proofed by Oracle enterprise customer support.
Then coming questions about compatibility, security, data privacy, patch management and so on.
Desktop Customer Support must include the new version into supported portfolio for Windows Desktops and clear ALL the questions mentioned before for the server environment once again.
It needs plenty of time, not 2 weeks and not 2 months.
If you insist of pulling the plug on 15. November for your cloud product, you risk to upset enterprise customers.
I understand all of that and this is why we sent the notification end of July so that companies like yours have the time to adjust. We will adjust the end support date according to the % of customers still on Java 11.
At some point we need to announce a date, otherwise, everyone will:
I am very sorry, but you didn’t send any notifications. First and only notification I received per Mail came yesterday:
The Sonar Team <hello@sonarsource.email>
Important Update: Transition to Java 17 for Continued SonarCloud Platform Support
End of July you started to print a deprecation message somewhere in the log output. Other members of the community already mentioned, that the word “deprecated” doesn’t include the needed urgency.
Even now you show the warning only in the internal page of the project. If some project is not in the active developing phase, nobody will know about the breaking change.
Hi,
I’m running Sonar scan of my .NET 7 project as part of my CI pipeline on GitHub Actions (see the complete workflow here):
name: CI
on:
push:
pull_request:
jobs:
build-ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: '7.0'
- name: Restore dependencies
run: dotnet restore ScreenshotCreator.sln
- name: Begin Sonar scan
run: |
dotnet tool install --global dotnet-sonarscanner
dotnet sonarscanner begin /k:mu88_ScreenshotCreator /o:mu88 /d:sonar.login=${{ secrets.SONAR_TOKEN }} /d:sonar.host.url=https://sonarcloud.io /d:sonar.cs.opencover.reportsPaths=tests/Tests/coverage.opencover.xml
- name: Build
run: dotnet build --no-restore ScreenshotCreator.sln
- name: Test and collect coverage
run: dotnet test --no-build /p:CollectCoverage=true /p:CoverletOutputFormat=opencover '/p:ExcludeByFile=\"**/Log.Prefix.cs\"'
- name: End Sonar scan
run: dotnet sonarscanner end /d:sonar.login=${{ secrets.SONAR_TOKEN }}
In the log output, I see that the latest version of Sonar scanner is successfully installed:
Run dotnet tool install --global dotnet-sonarscanner
You can invoke the tool using the following command: dotnet-sonarscanner
Tool 'dotnet-sonarscanner' (version '5.14.0') was successfully installed.
SonarScanner for MSBuild 5.14
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
01:43:24.025 Updating build integration targets...
01:43:25.54 Fetching analysis configuration settings...
01:43:27.056 Provisioning analyzer assemblies for cs...
01:43:27.057 Installing required Roslyn analyzers...
01:43:27.057 Processing plugin: csharp version 9.12.0.78982
01:43:27.925 Processing plugin: vbnet version 9.12.0.78982
01:43:28.218 Processing plugin: securitycsharpfrontend version 10.3.0-M1.25227
01:43:29.144 Provisioning analyzer assemblies for vbnet...
01:43:29.145 Installing required Roslyn analyzers...
01:43:29.145 Processing plugin: csharp version 9.12.0.78982
01:43:29.146 Processing plugin: vbnet version 9.12.0.78982
01:43:29.153 Incremental PR analysis: Automatically detected base branch 'main' from CI Provider 'GitHub Actions'.
01:43:29.545 Downloading cache. Project key: ***_ScreenshotCreator, branch: main.
01:43:31.003 Incremental PR analysis: 26 files out of 31 are unchanged.
01:43:31.042 Pre-processing succeeded.
However, ending the Sonar scan still gives me the following warning:
WARN: The version of Java (11.0.20.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
What do I have to do to get rid of the warning and use Java 17?
Thx!
Hello @mu88 ,
You should be able to add the following step at the beginning of your pipeline:
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'zulu'