SonarQube LTS 8.9.6
checkstyle-sonar-plugin-9.2.1.jar
sonar-dependency-check-plugin-2.0.8.jar
Code to be analyzed is Java 1.8
Intended steps:
Stop app, Upgrade SQ LTS App
Start app,Upgrade 3rdparty plugins, restart app, Validate by running analysis.
After App upgrade, in Marketplace, observed (won’t let me post image):
Marketplace - Administration:
-
Checkstyle [External Analysers]
Provide Checkstyle rules for Java projects *
9.2.1 installed-
Updates:
- 9.3 Upgrade to Checkstyle 9.3
-
Updates:
[ Update to 9.3 ] [ Uninstall ]
- Dependency-Check [Integration]
-
- 2.0.8 installed
-
Updates:
- 3.0.1
Restore JDK8 compatibility
- 3.0.1
[ Update to 3.0.1 ] [ Uninstall ]
Clicked update to 9.3 and 3.0.1, restarted, ran validation. Got the following error:
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project pom-sampleApplication-all: The plugin [checkstyle] does not support Java 1.8.0_321: org/sonar/plugins/checkstyle/CheckstylePlugin has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0 -> [Help 1]
A check of the filesystsem reveals:
However, when applying the Update to 9.3, it actually updated to 10.0, released 4 days ago.
PRE-UG:
[sonarqube@btln002276]$ ls sonarqube-8*/extensions/plugins/checkstyle-sonar-plugin*
sonarqube-8.9.6.50800/extensions/plugins/checkstyle-sonar-plugin-9.2.1.jar
sonarqube-8.9.7.52159/extensions/plugins/checkstyle-sonar-plugin-9.2.1.jar
POST-UG::
[sonarqube@btln002276]$ ls sonarqube-8*/extensions/plugins/checkstyle-sonar-plugin*
sonarqube-8.9.6.50800/extensions/plugins/checkstyle-sonar-plugin-9.2.1.jar
sonarqube-8.9.7.52159/extensions/plugins/checkstyle-sonar-plugin-10.0.jar
Per Check styles:
Compatibility matrix from checkstyle team:
Checkstyle Plugin | Sonar min | Sonar max | Checkstyle | Jdk |
---|---|---|---|---|
10.0 | 8.9 | 8.9+ | 10.0 | 11 |
9.3 | 8.9 | 8.9+ | 9.3 | 1.8 |
9.2.1 | 8.9 | 8.9+ | 9.2.1 | 1.8 |
The SonarQube issue is:
Why did the plugin update to 10.0 if the Button clearly said update to 9.3? If the Updater had updated according to the button, I would not have had a problem.
Secondary issue:
Developer specified in their pom.xml:
<properties>
<java.version>11</java.version>
<sonar.version>8.9.0.43852</sonar.version>
<sonar-java.version>7.2.0.26923</sonar-java.version>
<checkstyle.version>10.0</checkstyle.version>
This is a similar mistake the dependency-check / dependency-check-sonar-plugin developer made several weeks ago: Plugin 3.0.0 requires Java 11 - incorrectly? #611 Rather than just discard the 3.0.0 and release a corrected a Java 8 compatible 2.0.9, they release as Java 8 compatible 3.0.1 (OK,but not semver correct).
That’s similar problems made by two 3rd party plugins in two weeks; that’s 25% of our third party plugins and 50% of the ones with newer releases.
Is a better guidance required for plugin developers as to how to provide a plugin release that includes a Java 8 compatible plugin for SonarQube 8.9.x AND if so desired, also release a Java 11 native/compatible variant? Or what they should be specifying for java.version and sonar.version; I am not a plugin Dev, just a user, so IDK.
Ia a better warning system required to flag Java incompatible plugins?
The Checkstyle notes at least revealed the update:
10.0 Mar 07, 2022 Release Notes
Upgrade to Checkstyle 10.0; Drop Java 1.8 Support
9.3 Feb 01, 2022 Release Notes
Upgrade to Checkstyle 9.3
While the DependencyCheck did not mention anything:
3.0.0 Feb 10, 2022 Release Notes
Update Plugin to SonarQube 8 API and deprecate XML-Reports
3.0.1 Feb 24, 2022 Release Notes
Restore JDK8 compatibility
I will also raise an issue with the plugin creator