Scanner not detecting project version from Maven build?

SonarQube
,
1

Hey all,

I’m trying to resolve an issue:

In the project results … on the “Activity” tab … I’m seeing project version as “not provided”.

According the to the documentation:

https://docs.sonarqube.org/latest/analysis/analysis-parameters/

sonar.projectVersion | The project version | <version> for Maven projects, otherwise “not provided”

From that I assume the scanner will discover and set project.version= from pom.xml?

This project is a Maven product. In fact, it’s your example product:

GitHub - SonarSource/sonar-scanning-examples: Shows how to use the Scanners

In Jenkins, I’m using a Pipeline (somewhat) like the following:

node {
  def mvnHome
  def sonarqube_props
  stage('Preparation') {
     mvnHome = tool 'Maven-X'
     sonarqube_props = "-Dsonar.projectKey=sonar-scanning-examples -Dsonar.java.binaries=**/target/classes"
  }
  stage('SCM') {
     git 'https://github.com/SonarSource/sonar-scanning-examples.git'
  }
  stage('Build') {
     // Run the maven build
     withEnv(["MVN_HOME=$mvnHome"]) {
        if (isUnix()) {
           sh '"$MVN_HOME/bin/mvn" -f sonarqube-scanner-maven/pom.xml -Dmaven.test.failure.ignore clean package'
        } else {
           bat(/"%MVN_HOME%\bin\mvn" -f sonarqube-scanner-maven\pom.xml -Dmaven.test.failure.ignore clean package/)
        }
     }
  }
  // Display build artifacts on Job Status page ...
  stage('Results') {
      junit '**/target/surefire-reports/TEST-*.xml'
      archiveArtifacts '**/target/*.jar'
  }
  stage('SonarQube Analysis') {
     def scannerHome = tool 'Scanner-X';
     withSonarQubeEnv('Server-X') {
       sh "${scannerHome}/bin/sonar-scanner $sonarqube_props"
     }
  }
}

… where the following are defined in Jenkins configuration:

  • Maven-X
  • Server-X
  • Scanner-X

I’ll try to dig into some verbosity output, but I wanted to ask the question here.

I noticed two similar requests were are still open:

Thanks in advance,
-'ank

2

Hi!

I noticed that you’re running the SonarScanner manually (the “sonar-scanner” executable). For Maven projects the easiest way to run an analysis is using SonarScanner for Maven.

Your pipeline could be simplified to:

node {
  def mvnHome
  stage('Preparation') {
     mvnHome = tool 'Maven'
  }
  stage('SCM') {
     git 'https://github.com/SonarSource/sonar-scanning-examples.git'
  }
  stage('Build') {
     // Run the maven build
     withSonarQubeEnv('SonarQube') {
        withEnv(["MVN_HOME=$mvnHome"]) {
           if (isUnix()) {
              sh '"$MVN_HOME/bin/mvn" -f sonarqube-scanner-maven/pom.xml -Dmaven.test.failure.ignore clean package sonar:sonar'
           } else {
              bat(/"%MVN_HOME%\bin\mvn" -f sonarqube-scanner-maven\pom.xml -Dmaven.test.failure.ignore clean package sonar:sonar/)
           }
        }
     }
  }
  // Display build artifacts on Job Status page ...
  stage('Results') {
      junit '**/target/surefire-reports/TEST-*.xml'
      archiveArtifacts '**/target/*.jar'
  }
}

Note that I added the withSonarQubeEnv in the build stage and added the sonar:sonar goal in the Maven command.

Of course, you can run the SonarQube analysis in a different stage if you prefer, just calling mvn sonar:sonar inside a withSonarQubeEnv. :wink:

1 Like
3

Thanks for this! I need to try this out!

My only concern with using sonar:sonar … this initiated the need for a sonar.properties defining a server that is not localhost:9000.

My logic and understanding is a little muddled as I’m progressing but I thought there are two approaches to scanning

  1. Scanner client
  2. Maven plugin

I was steering towards the scanner client in the hopes of consolidating redundant details at the Jenkins server, like host config and authentication. Alternatively, the plugin command appeared to require these details in the Jenkins/SCM workspace as a (somewhat redundant) properties file across all build products.

I realize there’s still a need to make a unique project.key definition … somewhere. =)

Thanks again!

4

I’ve confirmed your solution.

It makes sense that the maven plugin implementation can discover the . =)

Thanks again!

5

I don’t understand why you need a sonar.properties file. The SonarQube server is configured in Jenkins and is “injected” using withSonarQubeEnv.

This is exactly what the SonarScanner for Jenkins does. :wink: You can configure all these details in Jenkins itself.

Using SonarScanner for Maven the project key will be defined automatically using groupId:artifactId from the pom.xml file.

6

Ha! We replied at the same time. I’m glad it helped.

1 Like
7

Muito obrigado!

1 Like