I've set up a jenkins-sonarqube-github integration workflow where a pull request in the git repository triggers a webhook which starts a jenkins job that starts SonarQube Scanner. The issue is that I can't get it to publish to the SonarQube front-end, instead of Github.
Github results only show up to 10 top issues, and my team needs to be able to see the whole analysis result. As far as I know, that is only possible through the front-end.
The problem : I've set up two separate analysis jobs. One triggers the github commenting behavior(Sonarqube Github plugin), but I can't get the other to simply publish to the server. I've deleted all github-related configs in the latter job, but it just ends with "Success" and doesn't report anywhere. Any help would be appreciated.
Fig1. Working SonarQube Scanner properties that publish to github instead of server
sonar.projectKey=${componentName}
sonar.projectVersion=0.1
sonar.sourceEncoding=UTF-8
sonar.analysis.mode=issues
sonar.profile=My_Analysis_Profile
sonar.github.repository=${repository}
sonar.github.endpoint=https://customossendpoint/api/v3
sonar.github.login=someusername
sonar.github.oauth=somehashkey123
sonar.login=id
sonar.password=pass
sonar.github.pullRequest=${pr}
sonar.host.url=http://sonarserver:19000
sonar.issuesReport.console.enable=true
sonar.github.disableInlineComments=false
sonar.sources=.
sonar.exclusions=
sonar.java.binaries=**/target/classes
Fig2. Not working config that I tried to tweak to stop sending result to github and instead publish(send) to sonarqube server(sonar.analysis.mode=publish doesn't exist at least in sonar 6.x)
sonar.projectKey=${componentName}
sonar.projectVersion=0.1
sonar.sourceEncoding=UTF-8
sonar.analysis.mode=issues
sonar.profile=My_Analysis_Profile
sonar.login=id
sonar.password=pass
sonar.host.url=http://sonarserver:19000
sonar.issuesReport.console.enable=false
sonar.sources=.
sonar.exclusions=
sonar.java.binaries=**/target/classes
Fig3. Logs : (sorry I can't just paste the whole log here because of... corporate issues. I'll add the whole thing after censoring it if it's needed.)
...
INFO: Issues mode
WARN: The use of the issues mode (sonar.analysis.mode=issues) is deprecated. This mode will be dropped in the future.
INFO: Load global settings
INFO: Load global settings (done) | time=68ms
INFO: Server id: asdfasdf
INFO: User cache: /home1/irteam/.sonar/cache
INFO: Exclude plugins: devcockpit, ldap, authgithub, authbitbucket, pdfreport, authaad, googleanalytics, governance
INFO: Load plugins index
INFO: Load plugins index (done) | time=59ms
INFO: SonarQube server 6.7.1
INFO: Default locale: "ko_KR", source code encoding: "UTF-8"
INFO: Process project properties
INFO: Load project repositories
WARN: Project doesn't exist on the server. All issues will be marked as 'new'.
...
INFO: Unit Test Coverage Sensor is started
INFO: 888/888 source files have been analyzed
INFO: Integration Test Coverage Sensor is started
INFO: Overall Coverage Sensor is started
INFO: Sensor JavaScript Squid Sensor [javascript] (done) | time=72434ms
INFO: Performing issue tracking
INFO: 19822/19822 components tracked
INFO: ANALYSIS SUCCESSFUL
INFO: Task total time: 4:31.750 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 4:33.207s
INFO: Final Memory: 72M/1513M
INFO: ------------------------------------------------------------------------
Finished: SUCCESS
As you can see, it says WARN: Project doesn't exist on the server. - it means it should create a new one and then publish it. However, it doesn't publish anything and just ends with "Success". No link or any report file to view, it just somehow analyzed it for itself and died without telling anyone about it. What am I doing wrong here?
I found out the reason : Sonarqube Github plugin installed on the server prevents the server from storing any analysis results, because it doesn't allow sonar.analysis.mode=publish. The plugin needs to be disabled if anyone wants to see the report from the sonar server.
I had a similar issue, and reason for it was that i had set sonar.analysis.mode=preview, and the goal is to run an analysis without publishing results. You can either remove if you using this mode or set to an appropriate one.
Removing this solved my issue.
Related
I'm trying to upload my project to a remote sonarqube server.
This is the command I run sonar scanner:
sonar-scanner -Dsonar.projectKey=my-project -Dsonar.host.url=https://xxxx:9000 -Dsonar.login=the-secret-key -Dsonar.java.binaries=**/target/classes
but it throws the error on java.binaries.
INFO: Configured Java source version (sonar.java.source):
none
INFO: JavaClasspath initialization
ERROR: Invalid value for sonar.java.binaries
INFO: ------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------
INFO: Total time: 20.276s
INFO: Final Memory: 10M/161M
INFO: ------------------------------------------------------
------------------
ERROR: Error during SonarQube Scanner execution
No files nor directories matching **/target/classes
I tried different values like ./target, /target/, /target/classes (where the jar is being stored). However, I am encountering this error of not found. (even though the directory exists)
By running sonar:sonar on my IDE and maven sonar:sonar on my terminal would send over the result to sonarqube, but my goal is to include this command in my jet-steps
Very old post but may help someone. I had similar issue and below configuration worked for me:
sonar.sources=src/main/java
sonar.java.binaries=target/classes
We also experienced a similar issue on our project (Maven multimodule), and for us the following configuration made things work:
sonar.java.binaries=.
sonar.java.source=8
sonar.sources=.
PS Java source is just for reference, it should not matter to fix the issue.
In my case, Im working with gradle, and we have subaplications, we are using sonarqube plugin from azure. I have to adapt to find binaries like this way:
sonar.java.binaries=./streamHubAndroidSDK/build/**,./nota/build/**,./app/build/**
But later I found that its better to define like this:
sonar.java.binaries=**/build/**
I can find this first building Android-Gradle project locally, and looking for all .class generated with bash:
find . -path '*/build/*.class' | xargs | tr ' ' ','
I checked almost all similar issues to my question and tried to test them for two days. So, I am asking here:
I am using: SonarQube server 5.6.6 and SonarQube Scanner 3.0.3.778.
the sonar.properties have been set based on this example project: combined-ut-it-sonar-runner-jacoco
For more clarification please check the analysis parameters that I have set for this project:
sonar.sources=src/main/java
sonar.tests=src/test/java
sonar.java.binaries=target/classes
sonar.java.test.binaries=target/test-classes
sonar.jacoco.reportPath=target/coverage-reports/jacoco-ut.exec
sonar.jacoco.itReportPath=target/coverage-reports/jacoco-it.exec
sonar.junit.reportsPath=target/surefire-reports
Log info that I receive:(I put related logs to my parameters here)
INFO: Source paths: src/main/java
INFO: Test paths: src/test/java
INFO: Sensor SurefireSensor
INFO: parsing /home/jenkins-slave/workspace/team/project/target/surefire-reports
INFO: Sensor SurefireSensor (done) | time=382ms
INFO: Sensor JaCoCoSensor
INFO: Analysing /home/jenkins-slave/workspace/team/project/target/coverage-reports/jacoco-ut.exec
INFO: No information about coverage per test.
INFO: Sensor JaCoCoSensor (done) | time=602ms
INFO: Sensor JaCoCoItSensor
INFO: Analysing /home/jenkins-slave/workspace/team/project/target/coverage-reports/jacoco-it.exec
INFO: No information about coverage per test.
INFO: Sensor JaCoCoItSensor (done) | time=326ms
INFO: Sensor JaCoCoOverallSensor
INFO: Analysing /home/jenkins-slave/workspace/team/project/target/coverage-reports/jacoco-ut.exec
INFO: Analysing /home/jenkins-slave/workspace/team/project/target/coverage-reports/jacoco-it.exec
INFO: Analysing /home/jenkins-slave/workspace/team/project/.scannerwork/jacoco-overall.exec
INFO: No information about coverage per test.
INFO: Sensor JaCoCoOverallSensor (done) | time=348ms
Now in the sonarQube, I can see separate results for integration coverage and unit test coverage:
But no details information such as coverage by which unit test. I would like ideally to have information like: https://docs.sonarqube.org/display/SONAR/Seeing+Tests
Now my questions are: since I already pointed surefire reports(a folder that contains surefire xml files reports) correctly as well as jacoco reports, how can I get information about coverage per test? Am I missing something here? I am a little bit confused because I do not know the exact difference between sonar.junit.reportsPath and sonar.surefire.reportsPath? I do not understand completely which one is responsible to provide information for coverage per test: surefire reports or jacoco reports? Based on the log files, it seems that jacoco is responsible for that. Then, what is the surefire reports role in this analysis?
I would appreciate any help.
I am currently using the sonarqube server 5.6 with scanner 2.6.1 and I keep getting errors during analysis for a java project.
It appears to complain about some java files not compiled in the binaries folder (there aren't any at all in the binaries folder).
Once I add the -X parameter I get more exceptions (flagged as ignored), see below.
any clues?
sonar-project.properties followed by logs
sonar.projectKey=myproj
sonar.projectName=myproj
sonar.projectVersion=1.1
sonar.branch=1.1
sonar.sources=./java
sonar.binaries=./deploy
sonar.log.level=DEBUG
sonar.verbose=false
sonar.sourceEncoding=UTF-8
INFO: Execute Checkstyle 6.12.1 done: 2365 ms
INFO: Sensor CheckstyleSensor (done) | time=2377ms
INFO: Sensor SCM Sensor (wrapped)
INFO: SCM provider for this project is: svn
INFO: 9 files to be analyzed
DEBUG: Working directory: D:\Apps\xxxx
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
DEBUG: Annotate file java/src/xxxx.java
INFO: 9/9 files analyzed
INFO: Sensor SCM Sensor (wrapped) (done) | time=3289ms
INFO: Sensor FindBugs Sensor (wrapped)
WARN: Findbugs needs sources to be compiled. Please build project before
executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your project.
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
execution without the -e param
WARN: Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbto analyse your project.
then
java.lang.IllegalStateException: Can not execute Findbugs
Caused by: java.lang.IllegalStateException: This project contains Java source files that are not compiled.
at org.sonar.plugins.findbugs.FindbugsConfiguration.getFindbugsProject(FindbugsConfiguration.java:120)
at org.sonar.plugins.findbugs.FindbugsExecutor.execute(FindbugsExecutor.
with the -X parameter
com.puppycrawl.tools.checkstyle.api.CheckstyleException: missing key 'severity' in SuppressionCommentFilter
then multiple exceptions
DEBUG: Keep looking, ignoring exception
com.puppycrawl.tools.checkstyle.api.CheckstyleException: Unable to find class for com.puppycrawl.tools.checkstyle.checks.sizes.WhitespaceAroundCheck
then
WARN: Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for
then
INFO: EXECUTION FAILURE
It works for me after defining :
sonar.java.binaries=[YOUR_BUILD_DIR] (target/classes)
seen in :
https://github.com/SonarQubeCommunity/sonar-findbugs/issues/49
We had the same issue for some projects (mainly Play Framework projects). I reverted the FindBugs plugin in SonarQube from version 3.4.3 to 3.3 (that I used on SonarQube 5.5) and then the analysis worked again.
My working configuration for SonarQube 6.2 with Maven-Multi-Module project
Parent
-- Module1
-- Module2
sonar.projectKey=projectKey
sonar.projectName=Project Name
sonar.projectVersion=1.0
sonar.modules=Module1,Module2
sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.language=java
Anyone knows how to figure this out?
C:\sonar-runner\bin\..
SonarQube Runner 2.3
Java 1.7.0_45 Oracle Corporation (64-bit)
Windows Server 2012 6.2 amd64
INFO: Error stacktraces are turned on.
INFO: Runner configuration file: C:\sonar-runner\bin\..\conf\sonar-runner.properties
INFO: Project configuration file: NONE
INFO: Default locale: "pt_BR", source code encoding: "windows-1252" (analysis is platform dependent)
INFO: Work directory: C:\sonar-runner\bin\.sonar
INFO: SonarQube Server 4.0
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
Total time: 7.425s
Final Memory: 6M/31M
INFO: -----
ERROR: Error during Sonar runner execution
ERROR: Unable to execute Sonar
ERROR: Caused by: You must define the following mandatory properties for 'Unknow
n': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources
For some reason the SonarQube can't find the configuration project path
its return NONE from the INFO.
I already have the file in the conf path of the sonar-runner.
If you read carefully the doc page "Analyzing with SonarQube Runner", you can read:
Run the following command from the project base directory to launch the analysis:
The most important part is "from the project base directory". This should answer your question.
Important: the name of the project configuration file must be:
"sonar-project.properties" (not sonar-scanner.properties)
And you have to launch the sonar-scaner command from the path of your project.
You need to add Project config file in the base directory.
That is C:\sonar-runner\bin
I am very new to Sonar and in the process of setting up my first server/project.
Environment:
OS: Windows Server 2008 R2 / amd64 / 6.1
App Server: Tomcat/7.0.40I, deployed the Sonar WAR file (3.5.1).
DB: MySQL 5.6.11
(relevant) Plugins:
Sonar C++ Community Plugin (0.2)
The plugin is visible under General Settings --> Sonar C++ Community Plugin
sonar-project.properties
# Required metadata
sonar.projectKey=test:pmc
sonar.projectName=PMC
sonar.projectVersion=1.0
sonar.language=c++
# Comma-separated paths to directories with sources (required)
sonar.sources=c:/SVN/Development/test/PMC/trunk/AppServer,c:/SVN/Development/test/PMC/trunk/PmcShared,c:/SVN/Development/test/PMC/trunk/WebServer,c:/SVN/Development/test/PMC/trunk/Tools
# Optional path to the CppCheck program required to activate some CppCheck rules
sonar.cpp.cppcheck.path=C:/Program Files (x86)/Cppcheck/cppcheck.exe
# Encoding of the source files
sonar.sourceEncoding=UTF-8
The thing I do not understand is that it cannot find a plugin that supports the 'cxx' language:
C:\Users\Administrator\Documents\sonar-projects\PMC>sonar-runner
C:\Users\Administrator\Documents\sonar-runner-2.2.1
Sonar Runner 2.2.1
Java 1.7.0_21 Oracle Corporation (64-bit)
Windows Server 2008 R2 6.1 amd64
INFO: Runner configuration file: C:\Users\Administrator\Documents\sonar-runner-2.2.1\conf\sonar-runner.properties
INFO: Project configuration file: C:\Users\Administrator\Documents\sonar-projects\PMC\sonar-project.properties
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Work directory: C:\Users\Administrator\Documents\sonar-projects\PMC\.sonar
INFO: Sonar Server 3.5.1
15:20:54.231 INFO - Load batch settings
15:20:54.794 INFO - User cache: C:\Users\Administrator\.sonar\cache
15:20:54.797 INFO - Install plugins
15:20:55.742 INFO - ------------- Executing Project Scan
15:20:56.482 INFO - Install JDBC driver
15:20:56.487 INFO - Apply project exclusions
15:20:56.493 INFO - Create JDBC datasource for jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
15:20:56.771 INFO - Initializing Hibernate
15:20:59.229 INFO - ------------- Inspecting PMC
15:20:59.229 INFO - Load module settings
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
Total time: 6.162s
Final Memory: 13M/221M
INFO: ------------------------------------------------------------------------
ERROR: Error during Sonar runner execution
ERROR: Unable to execute Sonar
ERROR: Caused by: You must install a plugin that supports the language 'cxx'
ERROR:
ERROR: To see the full stack trace of the errors, re-run Sonar Runner with the -e switch.
ERROR: Re-run Sonar Runner using the -X switch to enable full debug logging.
I do have the Sonar C++ Community Plugin installed so I guess I am missing the obvious...could someone please help me getting started?
It seems I made a mistake in the configuration file. I re-created it and now the job runs! This issue is closed and the configurations above will work.
I had a similar error with the C# plugin:
ERROR: Caused by: You must install a plugin that supports the language 'cs '
Please remark the 'cs '
After long time I spotted the extra ' ' after 'cs'. When removing the extra space in the configuration file it worked. It seems like sonar-runner don't use "trim".
For new users, if you still getting this error (SonarQube 4+) start the server, go to the 'Settings' ( top right ) then search for 'Update center' there you add missing modules , next restart Server. it should works
Source: Link from official project website
To find the string required to activate any given SonarQube language plugin, go to "Settings" -> "System" -> "Update Center". For each plugin, the short name will be in square brackets to the right of the human-readable name.
C / C++ / Objective-C [cpp]
In this example, "cpp" is the name to use in the sonar.language property in your sonar-project.properties.