SonarScanner for Gradle adds dependencies on JavaCompile tasks

Versions used

  • SonarScanner for Gradle, version 3.1.1
  • Java 11
  • Sonarcloud

Error observed

The sonarqube Gradle task executes the JavaCompile tasks from the project, which it should not do according to the documentation:

Starting with v3.0 of the SonarScanner for Gradle, task dependencies are no longer added automatically. Instead, the SonarScanner plugin enforces the correct order of tasks with mustRunAfter . You need to be either manually run the tasks that produce output before sonarqube , or you can add a dependency to the build script

This causes a problem when trying to scan a Java 8 project that cannot be built with Java 11, following the procedure in the documentation.

For example, I have some code that compiles with Java 8 but not Java 11, which produces the following error message when executing the sonarqube task:

$ gw sonarqube -Dorg.gradle.java.home=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64

> Task :compileJava FAILED
/home/staylor/projects/sonarscanner-deps-bug/src/main/java/Main.java:4: error: package sun.util is not visible
        new sun.util.ResourceBundleEnumeration(null, null);
               ^
  (package sun.util is declared in module java.base, which does not export it)
1 error

FAILURE: Build failed with an exception.

Executing the sonarqube task with the --dry-run argument shows that there are dependencies on compile tasks:

:compileJava SKIPPED
:processResources SKIPPED
:classes SKIPPED
:compileTestJava SKIPPED
:sonarqube SKIPPED

My test build.gradle file is as follows:

plugins {
    id 'java-library'
    id 'org.sonarqube' version '3.1.1'
}

The bug seems to have been introduced by this commit, which adds the JavaCompile dependences at SonarQubePlugin.java#L96.

Steps to reproduce

Following the procedure described here:

  1. Execute the build task using JDK 8.
  2. Execute the sonarqube task using JDK 11.

Expected: sonarqube task completes without error.
Actual: sonarqube task exits with an error on the project’s compileJava task.

Potential workaround

I was able to workaround the problem by building the Gradle plugin from souce based on a 3.0 SNAPSHOT commit, and then using the following build.gradle to include the resulting jar file:

buildscript {
    repositories {
        flatDir dirs: 'lib'
        mavenCentral()
    }
    dependencies {
        classpath group: 'org.sonarsource.scanner.gradle', name: 'sonarqube-gradle-plugin', version: '3.0-SNAPSHOT'
        classpath 'org.sonarsource.scanner.api:sonar-scanner-api:2.16.0.226'
    }
}
plugins {
    id 'java-library'
}
apply plugin: 'org.sonarqube'

Another option for a workaround is to use Gradle’s -x command-line argument to exclude the compile tasks, e.g.,

$ gw sonarqube -Dorg.gradle.java.home=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64 \
	-x compileJava -x compileTestJava -x compileGroovy
-x compileJava -x compileTestJava

This worked for me.
Thanks!

2 Likes