Scan Java 8 project with Java 11 Gradle scanner

Hello,

I am trying to scan a Java 8 project using a scanner running in Java 11. From what I have read in the documentation it sounds like it should be possible to compile the project with Java 8 and then run SonarScanner for Gradle with Java 11:

This does not have any impact on the Java version targeted by your project code. You can still analyze Java projects that target versions less than 11.

Firstly the project details:

  • Java 8 project.
  • Built with Gradle 6.8 running JDK 8.
  • SonarScanner for Gradle 3.1.1 running JDK 11.
  • Sonarcloud.

Here is my scanning process:

  1. Build with JDK 8:
./gradlew build -Dorg.gradle.java.home=/usr/lib/jvm/adoptopenjdk-8-hotspot-amd64

The build succeeds as usual.

  1. Scan with JDK 11:
./gradlew sonarqube -Dorg.gradle.java.home=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64

The problem:

In (2) the sonarqube task fails when Gradle attempts to execute the project’s JavaCompile tasks on the Java 8 code.

According to the documentation the SonarScanner plugin shouldn’t add and dependencies automatically:

Starting with v3.0 of the SonarScanner for Gradle, task dependencies are no longer added automatically. Instead, the SonarScanner plugin enforces the correct order of tasks with mustRunAfter . You need to be either manually run the tasks that produce output before sonarqube, or you can add a dependency to the build script

However, the output of ./gradlew sonarqube --dry-run confirms that the compileJava tasks from the project will be run.

The source code for the plugin also confirms that the JavaCompile dependencies being added by the SonarScanner plugin in SonarQubePlugin.java#L99.

Here are my questions:

  1. Could someone confirm whether the approach of building the project with Java 8 and scanning with Java 11 supported?
  2. There appears to be a contradiction related to the plugin dependences between the code and the documentation - is this a bug in the plugin or the documentation?

Thanks!

Okay I’ve managed to answer (1) with a bit more digging in the docs, which describe effectively the same scanning process as I am using -

https://sonarcloud.io/documentation/appendices/move-analysis-java-11#gradle

Created a bug report → SonarScanner for Gradle adds dependencies on JavaCompile tasks