Our project is using SpringBoot and also Lombok. The SonarQube scan is triggered by the synopsis GitHub Action (sonarsource/sonarqube-scan-action@master).
After the scan we had many major issues in SQ like ‘Remove this unused “errorMessage” private field’. We learned that this is caused because SQ does not find the Lombok library so we had to set the sonar.java.libraries property.
We tried to set sonar.java.libraries property to the path to Lombok library in the maven repository:
This did not work, we got the following error:
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: No files nor directories matching ‘/home/runner/.m2/repository/org/projectlombok/lombok/1.18.28/lombok-1.18.28.jar’
We tried different variations with ** and *, nothing worked. We checked the path for typos, it is correct (we see the jar with ls).
The Lombok library was only found when we copied the lombok.jar to a subdirectory under the target folder:
sonarqube_args: -Dsonar.sources=src/main -Dsonar.java.binaries=target -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml -Dsonar.tsql.file.suffixes=sql -Dsonar.plsql.file.suffixes=plsql -Dsonar.java.libraries=target/lombok/lombok-1.18.28.jar
Here are the versions we are using:
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
28INFO: Project root configuration file: NONE
29INFO: SonarScanner 188.8.131.5206
30INFO: Java 17.0.8 Alpine (64-bit)
31INFO: Linux 5.19.0-41-generic amd64
32INFO: User cache: /opt/sonar-scanner/.sonar/cache
33INFO: Analyzing on SonarQube server 184.108.40.206595
Is there a way to use the lombok.jar from the maven repository? What are the possible values for sonar.java.libraries? Only folders under target?