SonarScanner for Gradle adds dependencies on JavaCompile tasks

SonarQube Cloud
, , , ,
1

Versions used

  • SonarScanner for Gradle, version 3.1.1
  • Java 11
  • Sonarcloud

Error observed

The sonarqube Gradle task executes the JavaCompile tasks from the project, which it should not do according to the documentation:

Starting with v3.0 of the SonarScanner for Gradle, task dependencies are no longer added automatically. Instead, the SonarScanner plugin enforces the correct order of tasks with mustRunAfter . You need to be either manually run the tasks that produce output before sonarqube , or you can add a dependency to the build script

This causes a problem when trying to scan a Java 8 project that cannot be built with Java 11, following the procedure in the documentation.

For example, I have some code that compiles with Java 8 but not Java 11, which produces the following error message when executing the sonarqube task:

$ gw sonarqube -Dorg.gradle.java.home=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64

> Task :compileJava FAILED
/home/staylor/projects/sonarscanner-deps-bug/src/main/java/Main.java:4: error: package sun.util is not visible
        new sun.util.ResourceBundleEnumeration(null, null);
               ^
  (package sun.util is declared in module java.base, which does not export it)
1 error

FAILURE: Build failed with an exception.

Executing the sonarqube task with the --dry-run argument shows that there are dependencies on compile tasks:

:compileJava SKIPPED
:processResources SKIPPED
:classes SKIPPED
:compileTestJava SKIPPED
:sonarqube SKIPPED

My test build.gradle file is as follows:

plugins {
    id 'java-library'
    id 'org.sonarqube' version '3.1.1'
}

The bug seems to have been introduced by this commit, which adds the JavaCompile dependences at SonarQubePlugin.java#L96.

Steps to reproduce

Following the procedure described here:

  1. Execute the build task using JDK 8.
  2. Execute the sonarqube task using JDK 11.

Expected: sonarqube task completes without error.
Actual: sonarqube task exits with an error on the project’s compileJava task.

Potential workaround

I was able to workaround the problem by building the Gradle plugin from souce based on a 3.0 SNAPSHOT commit, and then using the following build.gradle to include the resulting jar file:

buildscript {
    repositories {
        flatDir dirs: 'lib'
        mavenCentral()
    }
    dependencies {
        classpath group: 'org.sonarsource.scanner.gradle', name: 'sonarqube-gradle-plugin', version: '3.0-SNAPSHOT'
        classpath 'org.sonarsource.scanner.api:sonar-scanner-api:2.16.0.226'
    }
}
plugins {
    id 'java-library'
}
apply plugin: 'org.sonarqube'
1 Like
Scan Java 8 project with Java 11 Gradle scanner
Passing Java 11 to SonarQube using Gradle with Java 8
Deprecated dependency when running gradle sonarqube
[Info] Gradle 7.5 changes: mustRunAfter constraints no longer violated by finalizedBy dependencies
4

Another option for a workaround is to use Gradle’s -x command-line argument to exclude the compile tasks, e.g.,

$ gw sonarqube -Dorg.gradle.java.home=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64 \
	-x compileJava -x compileTestJava -x compileGroovy
1 Like
5 
-x compileJava -x compileTestJava

This worked for me.
Thanks!

3 Likes
How do I prevent the Gradle sonarqube task from running tests?
7

A solution that worked better for me than running things twice, was using Java 11, but telling Gradle to compile to Java 8.

8

The option

-x compileJava -x compileTestJava

works perfectly.

Just using

sonar.java.jdkHome=PATH_TO_JAVA_8_HOME

as specified here is not enough, because the sonarqube task triggers the compileJava task, which in turn could fail because during the sonar build the JDK is set to 11.

Thanks!

1 Like