Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Proper configuration for "sonar.libraries" in a modern Gradle Android project

What I want to achieve:

In sonar it is possible to track third party dependencies used throughout Projects by setting the property "sonar.libraries" and perhaps there are more benefits (such as detecting which violations are caused by external libraries?)

What I tried to do:

I set the value to build/intermediates/pre-dexed/debug/*.jar but this seems to have little effect.

Question:

Since it is no longer needed to use the "libs" folder for third party dependencies, what is the recommendation for the property called "sonar.libraries"?

like image 565
Alix Avatar asked Sep 01 '15 10:09

Alix


2 Answers

We need to implement special processing when an Android project is detected. Correctly setting sonar.java.libraries is one of the requirements. A ticket already exists, feel free to vote or provide a pull request. https://jira.sonarsource.com/browse/SONARGRADL-6

Update: we have released version 2.1 of the plugin (currently RC2) that natively supports Android projects. Properties sonar.java.[test.]binaries and sonar.java.[test.]libraries will be automatically populated.

like image 198
Julien H. - SonarSource Team Avatar answered Nov 20 '22 23:11

Julien H. - SonarSource Team


The pre-dex folder also seemed to me to be the perfect candidate. Unfortunately, if you look into the jars in this folder, you'll see they contain no compiled class, but dex files. A dex file being a "dalvik executable", it's Android material, and Sonar can't do anything of it.

I managed to reference some of my dependencies, by declaring build/intermediates/exploded-aar/**/*.jar in the sonar.libraries property.

With this line you'll see all the "android librairies" (aar) that your project depends on. I've not yet managed to track all the other plain java libraires (jar)

like image 24
ldavin Avatar answered Nov 20 '22 22:11

ldavin