My projects are built with Maven 3.0 and use the plugin build-helper to set the following properties at the initialization phase :
parsedVersion.majorVersion, parsedVersion.minorVersion
It works well for the build, where I also set sonar.branch=parsedVersion.majorVersion.parsedVersion.minorVersion
In Jenkins, I add the Post Build Step "Sonar analysis" (from Sonar plugin for Jenkins), it ends up with the following error:
Can not execute SonarQube analysis: Illegal character in query at index 108:
http://<sonar url>/sonar/batch_bootstrap/properties?project=com.x.y.<ArtifactId>:${parsedVersion.majorVersion}.${parsedVersion.minorVersion}
So the properties values were not instanciated correctly.
Did anyone encounter the issue ? is there a solution or is it a bug in Jenkins or Jenkins sonar plugin ?
You need to explicitly run the initialization phase.
Include -Dsonar.phase=initialize in your additional properties.
Related
I am using SonarQube version 6.7 for running analysis of Maven projects using the command mvn clean verify sonar:sonar from the project directory using command prompt and get the results. The sonar configurations in settings.xml for maven (v3.5.3) are added respectively.
In Jenkins (version 2.161), I have installed SonarQube Scanner for Jenkins (v2.8.1) plugin. The SonarQube Server configuration is configured as below.
In the Jenkins maven project, I have configured the post steps as below.
I have checked the Prepare SonarQube Scanner environment in the Build Environment section and the Build goal is -e clean verify sonar:sonar.
My issue is, when the SonarQube analysis for a maven project is triggered through command prompt using the command mvn clean verify sonar:sonar, I am getting the results as expected. But when the Jenkins job is triggered with the configurations above for the same maven project, the results are different and incorrect. What am I missing?
P.S- In the Post-build Actions, I can see the SonarQube analysis with maven is deprecated.
Thanks in advance.
You use different scanners. First you used SonarScanner for Maven (mvn sonar:sonar). Next you used Basi SonarScanner, which requires manual configuration of all options.
The best option to sole it is always use the same scanner. You have Maven project, so you can enable Prepare SonarQube Scanner environment in Build Environment, and next execute Sonar goal $SONAR_MAVEN_GOAL in Build.
Situation:
I want to analyze my project with SonarQube (5.4) triggered by Jenkins (1.642.4). It is a java project build with maven.
I see two ways to trigger the analysis:
Post Build Action "SonarQube analysis with maven" but it's deprecated, so I don't want to use it
Post Build Step "Execute SonarQube Scanner", is the recommended way.
Problem:
If I use the deprecated Post Build Action, the properties for sonar project configuration are derived automatically from the project pom.
It I use the recommended Post Build Step, I receive the Exception
You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources
Undesired Solution:
The solution is to provide the required properties, via sonar-project.properties file in the java project or via parameters in Jenkins step.
IMHO: this is duplication. All relevant information is defined in the Maven pom: projectKey can be derived from artifactId, projectName and projectVerstion are same properties in maven. Especially the projectVersion is critical. I don't want to update the project version after each release (or write some code in release plugin to update it automatically).
What I want
I want to use the recommended Post Build Step in Jenkins, without redefine all project properties for all my project to make sonar happy. Instead sonar/jenkins/plugin/whatever should derive the properties from my maven pom file. Is there an additional plugin I can use? Can I reconfigure my Jenkins-Sonar-Plugin?
I don't want to provide any sonar specific information in my pom/project, because the project shouldn't care about sonar. It should contain only information required to build the project.
The documentation (although slightly confusing, see edit below) explains how to use a generic post-build step (leveraging environment variables), instead of the deprecated post-build action. in short:
install latest SonarQube Plugin (v2.4 as of now) in Jenkins
in System Config under SonarQube servers: check Enable injection of SonarQube server configuration as build environment variables
in the configuration of your Maven project:
check Prepare SonarQube Scanner environment
add a post-build step Invoke top-level Maven targets and leverage the injected environment variables in the Goals field e.g.:
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_AUTH_TOKEN
Edit: when the documentation says The Post-build Action for Maven analysis is deprecated. , it refers to the old post-build action which is not documented anymore. The paragraph after that warning (summarized in this answer) really is the recommended procedure. Illustration here if it's still not clear.
Using SonarQube Scanner as a post build step you can configure it with at least this properties in Analysis properties:
sonar.projectKey=${POM_ARTIFACTID}
sonar.projectName=${POM_DISPLAYNAME}
sonar.projectVersion=${POM_VERSION}
sonar.sources=src
sonar.java.binaries=target
sonar.language=java
sonar.sourceEncoding=UTF-8
POM_* variables are mapped by Jenkins from Maven GAV info, look here: https://github.com/jenkinsci/jenkins/pull/933/files
I have a mvn project. I want to run it against sonar.
e.g. the following command - mvn org.codehaus.mojo:sonar-maven-plugin:2.0:sonar
Without going in and modifying the application pom file to add sonar plugin, is there another way that I can call the mvn command and reference sonar plugin ?
I don't know how it works, but if you execute it from Jenkins with the Sonar plugin it will work without modifying your pom.xml.
I am attempting to get Jenkins to run Sonar as a post-build step.
Jenkins runs SonarRunner [1] but this fails with:
ERROR: Error during Sonar runner execution
ERROR: Unable to execute Sonar
ERROR: Caused by: You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources
If I run mvn sonar:sonar [2] instead it works fine. It almost sounds like SonarRunner is ignoring pom.xml. How do I get SonarRunner to pick up these properties from Maven?
[1] /Users/builds/.jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Default_Sonar_Runner/bin/sonar-runner -Dsonar.jdbc.url=jdbc:h2:tcp://myServer:1009/sonar -Dsonar.host.url=http://myServer/sonar/ -Dsonar.projectBaseDir=/Users/builds/.jenkins/workspace/myProject
[2] mvn sonar:sonar -Dsonar.jdbc.url=jdbc:h2:tcp://myServer:1009/sonar -Dsonar.host.url=http://myServer/sonar/ -Dsonar.projectBaseDir=/Users/builds/.jenkins/workspace/myProject
UPDATE: Per https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/ the desired functionality is now available.
What a nice way to waste an evening...
According to this Sonar Runner is not meant for Maven projects. It turns out you're supposed to look under "Post-Build Actions" (not "Post-Build Steps") and you will find "Sonar". See here for more information.
Method 1:
If you installed a scanner in Jenkins then just add the following
in this location on your job
Post Steps -> Execute SonarQube Scanner -> Analysis properties
sonar.projectKey=myProject1
sonar.sources=.
Method 2:
Another alternative is using the deprecated method which still works fine
Post-build Actions -> SonarQube analysis with Maven
Method 3:
Build -> Goals and options -> "enter the below script"
-Dmaven.test.skip=true install sonar:sonar -Dsonar.forceAnalysis=true -Dsonar.host.url=http://localhost:9000/ -Dsonar.branch=my-branch-1
There is some Maven GAV info data mapped into Jenkins variables, look at this thread: Automatically derive mandatory SonarQube properties from pom file in Jenkins
Try below configuration in sonar-scanner.properties:
sonar.host.url=http://localhost:9000
sonar.projectKey=<your project package>
sonar.projectName=<your project name with absolute path>
sonar.projectVersion=1.0
sonar.sources=src/main/java/
sonar.language=java
sonar.java.binaries=target/classes
I am running maven with sonar. Since I activated authentication on sonar for security purposes, since then I got the following error:
[ERROR] Can´t access to Sonar or project doesn't exist on Sonar instance. HTTP KO to http://localhost:9000/api/resources?resource=com.myproject.soft:soft&depth=0&format=xml
java.io.IOException: Can´t access to Sonar or project doesn't exist on Sonar instance.
at org.sonar.report.pdf.util.SonarAccess.getUrlAsDocument(SonarAccess.java:132)
at org.sonar.report.pdf.entity.Project.initializeProject(Project.java:98)
according to http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven I should use the following parameters:
-Dsonar.login=login -Dsonar.password=password
Those settings are not working for me.
The full command I am using is:
mvn install sonar:sonar -Dsonar.login=login -Dsonar.password=password
This is a limitation of the PDF Report Plugin that is developed by Klicap:
http://jira.codehaus.org/browse/SONARPLUGINS-1510
If you remove this plugin, then everything should be back to normal.
We have the same problem and resolved it by adding some credentials. Tested on Sonar 3.7 and Sonar PDF Plugin 1.3
In eclipse put this as your maven Goals:
org.codehaus.sonar-plugins.pdf-report:maven-pdfreport-plugin:1.3:generate -Dsonar.host.url=http://localhost:9000 -Dreport.type=executive -Dsonar.pdf.username=admin -Dsonar.pdf.password=admin