ssmoghe07
February 20, 2024, 8:39pm
1
For my project, sonarClound was not scanning project because of java source version 11.
I am using Java, Maven and Github action workflows.
Note: I have scan the develop branch with java source version 17.
mvn -B -U sonar:sonar -Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }}
-Dsonar.host.url=${{ env.sonar_host_url }}
-Dsonar.projectKey=${{ env.project_key }}
-Dsonar.organization=myorg
-Dsonar.java.source=17
-Dsonar.verbose=true
-Dsonar.pullrequest.key=${{env.CHANGE_ID}}
-Dsonar.pullrequest.branch=${{env.BRANCH_NAME}}
-Dsonar.pullrequest.base=${{env.CHANGE_TARGET}}
-Dsonar.pullrequest.provider=GitHub
-Dsonar.coverage.jacoco.xmlReportPaths='target/site/jacoco/jacoco.xml'
-Dsonar.pullrequest.github.repository=myorg/myproject
-Dsonar.pullrequest.github.endpoint=https://api.github.com
-Dsonar.cpd.exclusions=**/*Dto.java
ganncamp
February 22, 2024, 1:00pm
2
Hi,
Welcome to the community!
This isn’t a question of your sonar.java.source value; that simply tells analysis what version you’re coding with/to.
What’s important in this context (I assume - it’s difficult to know for sure without the error message) is the version of Java running the analysis. It sounds like you need to upgrade Java on your build agent.
ssmoghe07
February 22, 2024, 7:02pm
3
Thanks G Ann Campbell for replying.
github action code
- name: SonarQube Scan
run: |
# all branches having PR will trigger this
mvn -B -U jacoco:report
pwd
RPT=$(find . -name jacoco.xml)
echo "$RPT"
cat $(find . -name jacoco.xml)
if [ "${{ github.event_name }}" == "pull_request" ]; then
mvn -B -U sonar:sonar \
-Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }} \
-Dsonar.host.url=${{ env.sonar_host_url }} \
-Dsonar.projectKey=${{ env.project_key }} \
-Dsonar.organization=******* \
-Dsonar.java.source=17 \
-Dsonar.verbose=true \
-Dsonar.pullrequest.key=${{env.CHANGE_ID}} \
-Dsonar.pullrequest.branch=${{env.BRANCH_NAME}} \
-Dsonar.pullrequest.base=${{env.CHANGE_TARGET}} \
-Dsonar.pullrequest.provider=GitHub \
-Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
-Dsonar.pullrequest.github.repository=*******/******** \
-Dsonar.pullrequest.github.endpoint=https://api.github.com \
-Dsonar.cpd.exclusions=**/*Dto.java \
-Dsonar.test.inclusions=src/main/java/com/*******/emr/sg/**/**/*,src/main/java/com/*******/emr/restapi/sg/**/* \
-Dsonar.coverage.exclusions=com/*******/emr/sg/conf/*,com/*******/emr/sg/exception/*
else
mvn -B -U sonar:sonar \
-Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }} \
-Dsonar.host.url=${{ env.sonar_host_url }} \
-Dsonar.projectKey=${{ env.project_key }} \
-Dsonar.verbose=true \
-Dsonar.java.source=17 \
-Dsonar.organization=******* \
-Dsonar.branch.name=${{ env.BRANCH_NAME }} \
-Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
-Dsonar.test.inclusions=src/main/java/com/*******/emr/sg/**/**/*,src/main/java/com/*******/emr/restapi/sg/**/* \
-Dsonar.coverage.exclusions=com/*******/emr/sg/conf/*,com/*******/emr/sg/exception/*
fi
Maven configuration
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.18.1</version>
<configuration>
<systemPropertyVariables>
<jacoco-agent.destfile>target/jacoco.exec</jacoco-agent.destfile>
</systemPropertyVariables>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.10</version>
<executions>
<execution>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<phase>prepare-package</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
sonar log.txt (34.8 KB)
ssmoghe07
February 22, 2024, 7:47pm
5
Sorry for the confusion.
I am not sure why sonar cloud not showing analysis.
ganncamp
February 22, 2024, 7:56pm
6
Hi,
Can we have the analysis log from the non-local (CI?) analysis?
ssmoghe07
February 22, 2024, 7:57pm
7
Logs from github action (non local)
sonar log.txt (34.8 KB)
ganncamp
February 22, 2024, 8:05pm
8
Hi,
Thanks for the log. (Sorry, I didn’t realize the first log was the right one.)
So your main branch analysis shows 0s on everything. What shows up under the Code tab? Because in the log, I’m seeing this:
2024-02-22T18:24:19.9235032Z [INFO] 2 languages detected in 2 preprocessed files
2024-02-22T18:24:19.9240786Z [INFO] 427 files ignored because of inclusion/exclusion patterns
...
2024-02-22T18:24:20.6588623Z [INFO] Project configuration:
2024-02-22T18:24:20.6594918Z [INFO] Excluded sources: **/build-wrapper-dump.json, src/main/java/com/*****/emr/sg/**/**/*, src/main/java/com/*****/emr/restapi/sg/**/*
2024-02-22T18:24:20.6598057Z [INFO] Included tests: src/main/java/com/*****/emr/sg/**/**/*, src/main/java/com/*****/emr/restapi/sg/**/*
2024-02-22T18:24:20.6649485Z [INFO] Excluded sources for coverage: com/*****/emr/sg/conf/*, com/*****/emr/sg/exception/*
2024-02-22T18:24:20.6664265Z [INFO] 2 files indexed
Is it expected that your exclusion configurations leave only 2 files in the analysis?
ssmoghe07
February 22, 2024, 8:28pm
9
sorry I redacted org name from the logs. Replaced org name with ***.
2024-02-22T18:24:20.6588623Z [INFO] Project configuration:
2024-02-22T18:24:20.6594918Z [INFO] Excluded sources: **/build-wrapper-dump.json, src/main/java/com/qhrtech/emr/sg/**/**/*, src/main/java/com/qhrtech/emr/restapi/sg/**/*
2024-02-22T18:24:20.6598057Z [INFO] Included tests: src/main/java/com/qhrtech/emr/sg/**/**/*, src/main/java/com/qhrtech/emr/restapi/sg/**/*
2024-02-22T18:24:20.6649485Z [INFO] Excluded sources for coverage: com/qhrtech/emr/sg/conf/*, com/qhrtech/emr/sg/exception/*
2024-02-22T18:24:20.6664265Z [INFO] 2 files indexed
2024-02-22T18:24:20.6693554Z [INFO] Quality profile for java: QHR Sonar Java
ssmoghe07
February 22, 2024, 9:50pm
10
only exception and config java file are excluded. Rest of the files (more than 200) are included.
ganncamp
February 23, 2024, 12:57pm
11
Hi,
That’s not what your log says:
I think we’ve found the source of the difference. Going back to the log you uploaded yesterday, you’re passing a lot of parameters on the analysis command line.
Now, here’s something intersting:
2024-02-22T18:23:56.5022136Z if [ "workflow_dispatch" == "pull_request" ]; then
2024-02-22T18:23:56.5022691Z mvn -B -U sonar:sonar \
2024-02-22T18:23:56.5023318Z -Dsonar.token=*** \
2024-02-22T18:23:56.5023816Z -Dsonar.host.url=https://sonarcloud.io \
2024-02-22T18:23:56.5024396Z -Dsonar.projectKey=*****_******** \
2024-02-22T18:23:56.5024920Z -Dsonar.organization=***** \
2024-02-22T18:23:56.5025418Z -Dsonar.java.source=17 \
2024-02-22T18:23:56.5025846Z -Dsonar.verbose=true \
2024-02-22T18:23:56.5026293Z -Dsonar.pullrequest.key= \
2024-02-22T18:23:56.5026793Z -Dsonar.pullrequest.branch=develop \
2024-02-22T18:23:56.5027307Z -Dsonar.pullrequest.base= \
2024-02-22T18:23:56.5027815Z -Dsonar.pullrequest.provider=GitHub \
2024-02-22T18:23:56.5028423Z -Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
2024-02-22T18:23:56.5029148Z -Dsonar.pullrequest.github.repository=*****/******** \
2024-02-22T18:23:56.5029958Z -Dsonar.pullrequest.github.endpoint=https://api.github.com \
2024-02-22T18:23:56.5030649Z -Dsonar.cpd.exclusions=**/*Dto.java \
2024-02-22T18:23:56.5031630Z -Dsonar.test.inclusions=src/main/java/com/*****/emr/sg/**/**/*,src/main/java/com/*****/emr/restapi/sg/**/* \
2024-02-22T18:23:56.5032866Z -Dsonar.coverage.exclusions=com/*****/emr/sg/conf/*,com/*****/emr/sg/exception/*
2024-02-22T18:23:56.5033593Z else
2024-02-22T18:23:56.5034131Z mvn -B -U sonar:sonar \
2024-02-22T18:23:56.5034710Z -Dsonar.token=*** \
2024-02-22T18:23:56.5035211Z -Dsonar.host.url=https://sonarcloud.io \
2024-02-22T18:23:56.5035772Z -Dsonar.projectKey=*****_******** \
2024-02-22T18:23:56.5036272Z -Dsonar.verbose=true \
2024-02-22T18:23:56.5036707Z -Dsonar.java.source=17 \
2024-02-22T18:23:56.5037153Z -Dsonar.organization=***** \
2024-02-22T18:23:56.5037677Z -Dsonar.branch.name=develop \
2024-02-22T18:23:56.5038241Z -Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
2024-02-22T18:23:56.5039262Z -Dsonar.test.inclusions=src/main/java/com/*****/emr/sg/**/**/*,src/main/java/com/*****/emr/restapi/sg/**/* \
2024-02-22T18:23:56.5040477Z -Dsonar.coverage.exclusions=com/*****/emr/sg/conf/*,com/*****/emr/sg/exception/*
2024-02-22T18:23:56.5041212Z fi
This is a cleaned-up quote from your log. You conditionally set the analysis command based on whether it’s a PR or not. (You shouldn’t need to do that. The PR values are picked up automatically from your environment, but anyway…)
What’s interesting is that in both branches, you include -Dsonar.verbose=true. And yet, the log that follows is not verbose . Explicitly, everything in the log is INFO-level or above. A verbose log would include DEBUG statements, and yours does not.
So the question is: what exactly is the analysis command that’s being run, where is it coming from, and what command-line flags does it include? (Okay, yes. That’s three questions.
.)