How To Use The Sonar Maven Plug-in

Question

Easy question here. I want to add sonar to be executed on every Maven build. I tried:

<plugin>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.1.1</version>
</plugin>

and

<plugin>
    <groupId>org.codehaus.sonar</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>5.1</version>
</plugin>

and

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>2.7.1</version>
</plugin>

because a) I couldn't figure out what the plug-ins do and/or b) which one is the current one.

If I only add the above to <build> -> <plugins> it's not executed ever (so the plug-in doesn't have a default execution). So of course I added a <execution> instruction, and after that Sonar gets executed, but with the following error message:

<executions>
    <execution>
        <phase>prepare-package</phase>
        <goals>
            <goal>sonar</goal>
        </goals>
    </execution>
</executions>

Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.1.1:sonar (default) on project org.acme.project.build: Can not execute Findbugs: This project contains Java source files that are not compiled.

It does not seem to matter which phase I use (I tried validate and compile and test and prepare-package and package even though not all of them make sense). I am sure there is no source code generation anywhere in the project. And the static classes get compiled just fine.

I think the problem might be that the plug-in gets executed for every module, including the parent pom project. Which is weird, because sonar:sonar skips that project.

But the project structure is simple and I can't find anything unusual about it:

<groupId>group</groupId>
<artifactId>org.acme.project.build</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>pom</packaging>

<modules>
    <module>org.acme.project</module>
</modules>

<profiles>
    <profile>
        <id>sonar</id>
        <properties>
            <sonar.host.url>http://sonar.acme.org/</sonar.host.url>
        </properties>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
                    <version>3.1.1</version>
                    <executions>
                        <execution>
                            <phase>compile</phase>
                            <goals>
                                <goal>sonar</goal>
                            </goals>
                        </execution>
                    </executions>
                </plugin>
            </plugins>
        </build>
    </profile>
</profiles>

The project org.acme.project has nothing besides its own artifact ID and the parent. The command line is: mvn clean deploy -Dsonar.login=Wile.Coyote -Dsonar.password=*********** -Psonar

The log shows that sonar is always executed before the install phase, which of course is way to early.

So how do I use Sonar's Maven plug-in to analyze my code?

I mean using the sonar-maven-plugin from which groupId? Are you using all three of them together? — Naman, Dec 27 '16 at 09:26
@nullpointer Sorry, from `org.sonarsource.scanner.maven`. I added at to the question as well. — Stefan S., Dec 27 '16 at 09:28
# In some situation you may want to run sonar:sonar goal as a dedicated step. Be sure to use install as first step for multi-module projects `mvn clean install mvn sonar:sonar` — Naman, Dec 27 '16 at 09:49
Also would expect you to solve the module structure and the pom where you have specifed the plugin as stated in the question if you are still not able to solve this. — Naman, Dec 27 '16 at 09:50
@nullpointer "Fix the module structure"? I'm not aware that it's broken. It's a standard Maven parent pom with some children. Now I want to have a profile that executes some code analyses (so `sonar:sonar` is out of the question). Nothing of that strikes me as broken or even odd. — Stefan S., Dec 27 '16 at 09:59
@nullpointer I added that information, even thought it's so trivial I can't see anything wrong with it. — Stefan S., Dec 27 '16 at 10:37
Did you solve this? You mentioned you had an issue with this running at the wrong time. — hawkeye, Aug 02 '17 at 13:34
@hawkeye No, we had to use "sonar:sonar" to trigger Sonar manually for each build. — Stefan S., Aug 03 '17 at 05:33

score 2 · Answer 1 · answered Dec 27 '16 at 09:32

a) I couldn't figure out what the plug-ins do

The plugin is used to gather the details from code coverage reports and the repository code scanning for getting to analyze possible bugs, duplications etc. You can search for a sample sonar report to find what all and how to get these details with maven using two methods like settings.xml and maven plugin is detailed at SonarQube Scanner for Maven and SonarQube - analyzing with Maven

b) which one is the current one.

The maven central suggests that the current plugin from org.codehaus.mojo used as

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.2</version>
</plugin>

has been moved to

<plugin>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.2</version>
</plugin>

So you should ideally be using the one from groupId - org.sonarsource.scanner.maven as also suggested by the SonarQube Docs

Also the artifact from org.codehaus.sonar version 5.1 seems to be outdated and not maintained.

Lucky guess, but that plug-in is what I did the majority of my tests with. Still there's the above error message. I now assume it's the parent pom that's the problem. Or maybe the problem lies with whatever forces me to manually add the `` tag, because it does not work without it. — Stefan S., Dec 27 '16 at 09:46

How To Use The Sonar Maven Plug-in

1 Answers1

Linked