Sanner fails with "Orphan Module" Error on maven project

Hi,

There is error occuring after scan on a maven project.

Error:  Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:5.1.0.4751:sonar (default-cli) on project trino-root: Unable to determine structure of project. Probably you use Maven Advanced Reactor Options with a broken tree of modules. "trino-cli" is orphan -> [Help 1]
Error:  
Error:  To see the full stack trace of the errors, re-run Maven with the -e switch.
Error:  Re-run Maven using the -X switch to enable full debug logging.
Error:  
Error:  For more information about the errors and possible solutions, please read the following articles:
Error:  [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Error: Process completed with exit code 1.

and this is github action file context

name: Sonarqube Build

on:
  push:
    branches:
      - "release**"
      - "custom**"

  pull_request:
    types: [opened, synchronize, reopened]


jobs:
  build:
    name: Build and analyze
    runs-on: runner-ubuntu-medium-ondemand-amd64

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Set up JDK
        uses: actions/setup-java@v4
        with:
          java-version: 22
          distribution: 'zulu' # Alternative distribution options are available.
          cache: maven
      - name: Set up Maven
        run: |
          sudo apt install -y maven
      - name: Echo $JAVA_HOME
        run: echo $JAVA_HOME
      - name: Echo $MVN
        run: mvn -v
      - name: Cache SonarQube packages
        uses: actions/cache@v4
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Cache Maven packages
        uses: actions/cache@v4
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Build and analyze
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        run: |
            mvn -B -T 2C verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
            -pl '!:trino-server-rpm,!:trino-docs,!:trino-proxy,!:trino-verifier,!:trino-benchto-benchmarks,!:trino-tests' \
            -Dsonar.inclusions=**/*.java -Dsonar.exclusions=trino-client/**,**/src/test/**,client/** \
            -Dair.check.skip-all -DskipTests -Denforcer.fail=false -Denforcer.skip=true \
            -Dsonar.projectKey=projectKey \
            -Dsonar.projectName='trino'

the project is this. GitHub - trinodb/trino: Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)

I’ve found a similar issue discussed here: Maven Advanced Reactor Options with a broken tree of modules - #6 by Shriram_Venkatasubra

and I assume removing dependeny-reduced pom might help to solve the error but because of side effect of doing that we can’t remove that .

I wonder if there’s other ways to solve this issue.

Thank you.

Hi,

Could you provide the full analysis log, starting from the analysis command itself?

 
Thx,
Ann

0_Build and analyze.txt (2.7 MB)

Hi,

Thanks for the log.

As you shared in your first post, the error message suggests you’ve used Maven Advanced Reactor Options. Have you?

Would it be possible to have a secondary, non-dependency-reduced pom that was only used for analysis?

 
Ann

Hi,
Yes, there is ‘-pl’ option in the command.

Would it be possible to have a secondary, non-dependency-reduced pom that was only used for analysis?

→ Do you mean using a separate POM file for SonarQube analysis by specifying it with the -f option during the analysis phase?"

Also, this is an open-source project, so the issue should be reproducible if needed.

Hi,

I’m no Mavenista, so I’m not sure about the mechanics. I’m just trying to find you a workaround.

 
Ann

Okay. I’ll have a look.

->And why did you ask that? Does it mean we shouldn’t use any Maven Advanced Reactor Options with SonarScanner?

Hi,

Because I’m trying to understand the context. Could you answer?

 
Thx,
Ann

Hi,

Yes, there’s Maven Advanced Reactor Option.

Also about this

Using non-dependency-reduced pom only during analysis does not align with our intended direction.

Is there any other technically feasible way to address this issue, aside from that?

Additionally, we believe it is important to first understand the root cause — specifically, what kind of interaction is occurring between SonarQube analysis and the POM file that leads to this error.

If possible, please share any documentation or explanation that can help us better understand the cause.

Any updates?

Hey @viva,
I am trying to reproduce the issue you are having. Can you clarify a few things for me:

1. Do you have a specific commit/branch you tested against?
2. I see that your analysis command both excludes subprojects from the goals but also excludes specific folders using sonar.exclusions. Did you consider excluding the subprojects by adding the property <sonar.skip>true</sonar.skip> to the pom.xml of the projects you want to exclude? It is the first option offered in the documentation and might work out better for what you are trying to do

Let us know if that solves your problem.

Cheers,

Dorian