Versions
SonarQube: 7.5.0*
Sonar Maven Plugin: 3.9.1.2184
*I am aware much newer versions of SonarQube are available. Unfortunately I do not have the permissions necessary within my organization to perform the upgrade.
What am I trying to achieve
Our organization has defined a custom set of rules that teams must reference during their Sonar scans. A number of development teams use the multi-module Maven project composition for their applications. During the execution of the Sonar scan we are seeing errors in console output pointing to the sonar.java.libraries
property. This example was used to generate the multi-module-project and test the scan.
Important
My team and I have developed a templated pipeline solution for Jenkins that’s used by many application development teams. We’re looking to identify a non-complicated and sustainable solution that works for all teams that have multi-module Maven projects.
Command
A custom rules jar is downloaded and exploded prior to executing the command below. CUSTOM_RULES is a folder located at the root of the workspace (alongside the parent pom.xml file) and it contains all libraries necessary to account for all custom rules during the Sonar scan. Other non-invasive custom properties are set in the actual command; they have no influence on how sonar.java.libraries
is handled. However, those properties are omitted to keep the example simple.
Note
Tacking ${env.WORKSPACE}
to the beginning of the sonar.java.libraries
value (i.e., ${env.WORKSPACE}/CUSTOM_RULES/**/*.jar
) does not make a difference, and produces the same errors.
mvn -B sonar:sonar -Dsonar.java.libraries=CUSTOM_RULES/**/*.jar
Console Output
[ERROR] Invalid value for sonar.java.libraries
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project multi-module-project: No files nor directories matching 'CUSTOM_RULES/**/*.jar' -> [Help 1]
What have I tried so far to achieve this
Copying CUSTOM_RULES
at the root of the workspace into each sub-module resolves the issue. A hacky (and less sustainable) approach for our templated pipeline solution would be to determine if the help:evaluate
goal with project.modules
as the expression returns an array of strings. If it does, we can perform the copy/paste operation into each string (representative of a module/folder).
On a related note… while Gradle is a completely different build tool, the Sonar Gradle plugin is able to handle similar use cases successfully for both single module and multi-module project compositions.
Are less complex options available?