18

I am using sonar-maven-plugin 3.2 and maven 3.3.9. In the parent POM, I have the sonar.projectKey maven property defined. The value is in effect, I can see it from the printout of sonar. But the mvn sonar:sonar step fails, because the maven modules use the same project key value, because the maven property has the same value in all modules. Sonar gives the error:

Project '...' can't have 2 modules with the following key: ...

Is there really no way to have a single sonar project that contains all maven modules? Are all modules must be really different sonar projects?

I am aware that I could use the branch property asa hack, but I would like to avoid doing that. If there is a way to have a maven multi module project in sonar with a single project key, containing all maven modules, that would be the best...

McH
  • 203
  • 1
  • 2
  • 4

3 Answers3

27

Since SonarQube 7.6

Modules have been removed in a recent release. I couldn't yet validate if the below, modules-based solution works on SonarQube 8.x, but assume a different solution has to be used. When I contacted SonarQube support they suggested to manage permissions on project key prefixes, and use prefix-scoped project creation permissions to dynamically create project keys sharing that prefix.

In this case your pom.xml would look like this:

<properties>
    <sonar.projectKey>
        YourKey-${project.groupId}:${project.artifactId}
    </sonar.projectKey>
</properties>

where YourKey is the project-prefix. This requires your SonarQube admin to apply the suggested permission scheme.

Pre SonarQube 7.6

SonarQube prior to 7.6 is/was module-aware. To define modules in your parent.pom, you declare the following properties:

<properties>
    <sonar.projectKey>
        YourKey
    </sonar.projectKey>
    <sonar.moduleKey>
        ${project.groupId}:${project.artifactId}
    </sonar.moduleKey>
</properties>

Both properties will be inherited by your modules. This will then compile the result into a single Sonar report, tracking the sub-modules under the common projectKey. Interestingly the result is:

[INFO] Reactor Summary:
[INFO] 
[INFO] parent ................................. SUCCESS [01:14 min]
[INFO] module1................................. SKIPPED
[INFO] module2 ................................ SKIPPED
[INFO] module3 ................................ SKIPPED

I'm therefore not sure, how the exact module resolution was done, but in the end all modules showed up in the report.

Rick Moritz
  • 1,449
  • 12
  • 25
  • 1
    The pre-7.6 solution helped to solve my problem. Also worth mentioning: The `projectKey` must not match any `moduleKey` of an already existing report and no `moduleKey` must already exist in a report with a different `projectKey` (unless there's also a (different) `branch.name` appended to the `moduleKey`, so they are unique again). – msa Jun 23 '21 at 20:38
16

According to SonarQube Analysis Parameters:

sonar.projectKey

The project key that is unique for each project. Allowed characters are: letters, numbers, '-', '_', '.' and ':', with at least one non-digit.
When using Maven, it is automatically set to <groupId>:<artifactId>.

Therefore, remove your sonar.projectKey configuration and it should work.

(I have been through the same loop).

Community
  • 1
  • 1
Steve C
  • 18,876
  • 5
  • 34
  • 37
  • Is there a way to override this key to use our own? – 3AK Apr 22 '18 at 06:32
  • 6
    This doesn't answer the question. Overriding the key is sometimes necessary (if unable to create projects with arbitrary names in SonarQube, for example). In that case, how would you manage the sub-modules? – Rick Moritz Jan 15 '19 at 14:18
1

There must be a way to uniquely identify each component. As Steve C said, you can't have two projects with the same project key. And within a project, modules must also have unique identifiers. Otherwise, analysis of the second "module b" would overwrite the first "module b".

G. Ann - SonarSource Team
  • 22,346
  • 4
  • 40
  • 76