Menu
I am building a maven project of X amount of modules for the first time for SonarCloud. The sonar.projectKey value needs to be unique, so I set it to ${project.groupId}:{$project.artifactId}, so that it would be generated per module. Afterwards, run the CI and this is the response message:
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project ${project.groupId}:${project.artifactId}: Could not find a default branch to fall back on. -> [Help 1]
I suspect this is because I had not created a project with that key on my "organization", but the issue is that I have more than one module. In fact, I have X of them. Should I still create a project per module that I want scanned? Shouldn't the sonarqube plugin handle that?
850
A multi-module project is built from an aggregator POM that manages a group of submodules. In most cases, the aggregator is located in the project's root directory and must have packaging of type pom. The submodules are regular Maven projects, and they can be built separately or through the aggregator POM.
A multi-module Maven project is one that manages a group of submodules and is built from a parent POM. The submodules are normal Maven projects, and they can be built independently or from the parent POM. The parent POM is located in the root directory of the project.
Maven's Multi-Module Project A multi-module project is built from an aggregator POM that manages a group of submodules. In most cases, the aggregator is located in the project's root directory and must have packaging of type pom.
Now, the submodules are regular Maven projects, and they can be built separately or through the aggregator POM. By building the project through the aggregator POM, each project that has packaging type different than pom will result in a built archive file.
When selecting a parent (aggregator), Maven automatically selects the child modules as well. Similarly, Maven excludes child modules of an excluded parent (aggregator). To prevent this recursive behaviour, combine --projects with --non-recursive. Maven knows about the dependencies between modules inside the multi-module project.
Next, when running mvn package command in the parent project directory, Maven will build and test all three modules. Moreover, Maven Reactor will analyze our project and build it in proper order. So, if our webapp module depends on the service module, Maven will build first the service, then the webapp.
For those, who strugle to get sonarcloud.io working with github action for a java application managed through a maven multi-module project.
I have created a Spring Maven Multi-Module Project and wanted to be able to use sonar from sonarcloud.io during specific github action.
Github Project : https://github.com/MagicSoup/SpringJOOQ
Sonar Cloud Project : https://sonarcloud.io/dashboard?id=MagicSoup_SpringJOOQ
You can find my Github action here : https://github.com/MagicSoup/SpringJOOQ/blob/master/.github/workflows/maven-master.yml
sonar:
name: Test - SonarCloud Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: SonarCloud Scan
run: mvn -B clean verify -Psonar -Dsonar.login=${{ secrets.SONAR_TOKEN }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
And inside my root pom.xml the sonar profile : https://github.com/MagicSoup/SpringJOOQ/blob/master/pom.xml
<profile>
<id>sonar</id>
<properties>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<sonar.organization>magicsoup</sonar.organization>
<sonar.projectKey>MagicSoup_SpringJOOQ</sonar.projectKey>
<sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
</properties>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>${sonar.version}</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>sonar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
Here the important information are the following keys :
Without le sonar.moduleKey definition, I had issues on more than one project with the same key.
During the creation of the project in sonarcloud.io https://sonarcloud.io/projects/create by using the analyze github repository a message will be displayed that you should use another way than the automated one because it's doesn't work for java application. Then you will choose the one proprosing "maven,gradle,..." and you will find all the mandatory properties needed to be added in your maven pom.xml. Including the sonar.login that you should export as a secret token in github).
You can create your secret token here : https://github.com/User/Project/settings/secrets You need to be authenticated and to change the User and Project accordingly.
A great article about the subject : https://medium.com/faun/continuous-integration-of-java-project-with-github-actions-7a8a0e8246ef
126
It seems that my issue was not related to that, but that the gitlab importer in sonar cloud creates a project with key that matches the project's name on gitlab. Instead you should create a project by hand and assign it the {groupId}:{artifactId} name in sonar cloud to prevent that confusion.
The error message is there because there was no project under that key and as a result sonar cloud had no defaults for it.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
