Run maven sonar with already compiled java files

SonarQube
, ,
1

We are using SonarQube 9.7 Enterprise Edition (We will be upgrading to a newer version soon) on a k8s EKS cluster in a jenkins scripted pipeline. The project is a mono-repo, the maven file has modules defined.

The issue I have for this particular project, is that it is written in java 1.8 and the mvn sonar:sonar needs java 11 (and I believe java 17 with SonarQube 9.9). So we need to compile the code before we run mvn sonar at a later stage. How do I kick off mvn sonar:sonar without it trying to re-build or compile the project?

I tried passing in the param -Dsonar.java.binaries=GenericHandler/target/classes, but it still tries to rebuild everything.

I got it working fine with that property and the sonar-scanner cli. The issue I am trying to solve, is that this is a generic pipeline. There are some projects that are mono-repos and some that are just 1 project repos. Is there a way that the maven file needs to be written so the mvn sonar command picks up all of the class files?

I found this sample project, but not seeing how it would handle my scenario.

Any help would be greatly appreciated.

Thanks!

2

Hi,

Welcome to the community!

Okay, I’ll omit the nagging. :smiley:

Ehm… It shouldn’t be doing that. Which is why we explicitly tell people to run it like this:

mvn clean verify sonar:sonar -Dsonar.token=myAuthenticationToken

If it were automatically doing the compile, we wouldn’t need to tell people to verify.

You’ve got something else triggering the compile, and I don’t have enough Maven background to tell you what. But… maybe a profile?

 
HTH,
Ann

3

Hi Ann,

So when I run that command, it looks like it kicks everything off again to be re-built…

I came across this post that seems to have the same issue (unfortunately the link to the doc the post references, seems to be no longer valid. But I think it was trying to point to here to the “Jenkins” section)

I had to remove the clean and verify part of the command and add in my version. It also looks like you can pass in a -X at the end of maven to turn on debugging.

mvn sonar:sonar -Dsonar.java.source=1.8 -Drevision=1.0.0 -Dsonar.token=myAuthenticationToken -X

This seems to have fixed my particular issue.

Sample scripted jenkins pipeline code (We use pod templates)

...
stage('Build') {
  container('jdk8') {
    sh "mvn compile -Drevision=1.0.0"
    }
}
stage('SonarQube') {
  container('jdk11') {
    withSonarQubeEnv('sonarqube') {
      sh "mvn sonar:sonar -Dsonar.java.source=1.8 -Drevision=1.0.0 -X"
    }
  }
}
...

Thanks for your help!

4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.