Discussion:
[sonar-user] Is single command maven integration possible? Planned?
Baltrinic, Kenneth
2015-05-15 18:30:50 UTC
Permalink
The Analyzing with Maven <http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven> documentation clearly states that you have to do this. However I seem to recall reading somewhere that this was because of some irregularity in the results that occurred with multi module projects and I am pretty sure I have read that this may no longer be needed and the docs may be out of date. However I can’t find anything to corroborate that now that I am going back and looking for it.

The reason that this is important is that we would like to switch from using check style and findbugz in our maven builds and rather use sonarqube to perform the analysis. However we have the former directly integrated into our master pom file (used as a parent pom by all projects). In this way checkstyle and find-bugs always runs every time a mvn compile is performed, and we can fail the build if violations occur. Developers do this on their local box. Before we can use SonarQube in place of CS/FB combo, we need to be able to do this same level of integration. Not having it is a show-stopper for us. How do we set this up with SonarQube?

Again thank you for all the help.
—Regards,
Ken
Baltrinic, Kenneth
2015-05-15 18:33:07 UTC
Permalink
Sorry hit send by accident while editing. The “this” in the first sentence refers to needing to run mvn sonar:sonar in a separate maven reactor run form the mvn install goal.

I should also add that we are evaluating SQ 5.1 and all of our builds are multi-module.

From: <Baltrinic>, Kenneth Baltrinic <***@cvent.com<mailto:***@cvent.com>>
Date: Friday, May 15, 2015 at 2:30 PM
To: "***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>" <***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>>
Subject: Is single command maven integration possible? Planned?

The Analyzing with Maven <http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven> documentation clearly states that you have to do this. However I seem to recall reading somewhere that this was because of some irregularity in the results that occurred with multi module projects and I am pretty sure I have read that this may no longer be needed and the docs may be out of date. However I can’t find anything to corroborate that now that I am going back and looking for it.

The reason that this is important is that we would like to switch from using check style and findbugz in our maven builds and rather use sonarqube to perform the analysis. However we have the former directly integrated into our master pom file (used as a parent pom by all projects). In this way checkstyle and find-bugs always runs every time a mvn compile is performed, and we can fail the build if violations occur. Developers do this on their local box. Before we can use SonarQube in place of CS/FB combo, we need to be able to do this same level of integration. Not having it is a show-stopper for us. How do we set this up with SonarQube?

Again thank you for all the help.
—Regards,
Ken
Baltrinic, Kenneth
2015-05-20 12:02:15 UTC
Permalink
Just wanted wanted to ping on this question again as its fairly important to us. Any input is appreciated.

From: <Baltrinic>, Kenneth Baltrinic <***@cvent.com<mailto:***@cvent.com>>
Date: Friday, May 15, 2015 at 2:33 PM
To: "***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>" <***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>>
Subject: Re: Is single command maven integration possible? Planned?

Sorry hit send by accident while editing. The “this” in the first sentence refers to needing to run mvn sonar:sonar in a separate maven reactor run form the mvn install goal.

I should also add that we are evaluating SQ 5.1 and all of our builds are multi-module.

From: <Baltrinic>, Kenneth Baltrinic <***@cvent.com<mailto:***@cvent.com>>
Date: Friday, May 15, 2015 at 2:30 PM
To: "***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>" <***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>>
Subject: Is single command maven integration possible? Planned?

The Analyzing with Maven <http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven> documentation clearly states that you have to do this. However I seem to recall reading somewhere that this was because of some irregularity in the results that occurred with multi module projects and I am pretty sure I have read that this may no longer be needed and the docs may be out of date. However I can’t find anything to corroborate that now that I am going back and looking for it.

The reason that this is important is that we would like to switch from using check style and findbugz in our maven builds and rather use sonarqube to perform the analysis. However we have the former directly integrated into our master pom file (used as a parent pom by all projects). In this way checkstyle and find-bugs always runs every time a mvn compile is performed, and we can fail the build if violations occur. Developers do this on their local box. Before we can use SonarQube in place of CS/FB combo, we need to be able to do this same level of integration. Not having it is a show-stopper for us. How do we set this up with SonarQube?

Again thank you for all the help.
—Regards,
Ken
Julien HENRY
2015-05-22 15:13:11 UTC
Permalink
Hi Kenneth,

I'm not 100% sure but since SQ is no more trying to run any Maven goal by
itself it should now be ok to run: mvn clean package sonar:sonar

I'll try to do some experiments with multi-module projects but on your side
don't hesitate to try and report any issue.

++
Post by Baltrinic, Kenneth
Just wanted wanted to ping on this question again as its fairly
important to us. Any input is appreciated.
Date: Friday, May 15, 2015 at 2:33 PM
Subject: Re: Is single command maven integration possible? Planned?
Sorry hit send by accident while editing. The “this” in the first
sentence refers to needing to run mvn sonar:sonar in a separate maven
reactor run form the mvn install goal.
I should also add that we are evaluating SQ 5.1 and all of our builds are multi-module.
Date: Friday, May 15, 2015 at 2:30 PM
Subject: Is single command maven integration possible? Planned?
The Analyzing with Maven
<http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven>documentation
clearly states that you have to do this. However I seem to recall reading
somewhere that this was because of some irregularity in the results that
occurred with multi module projects and I am pretty sure I have read that
this may no longer be needed and the docs may be out of date. However I
can’t find anything to corroborate that now that I am going back and
looking for it.
The reason that this is important is that we would like to switch from
using check style and findbugz in our maven builds and rather use sonarqube
to perform the analysis. However we have the former directly integrated
into our master pom file (used as a parent pom by all projects). In this
way checkstyle and find-bugs always runs every time a mvn compile is
performed, and we can fail the build if violations occur. Developers do
this on their local box. Before we can use SonarQube in place of CS/FB
combo, we need to be able to do this same level of integration. Not having
it is a show-stopper for us. How do we set this up with SonarQube?
Again thank you for all the help.
—Regards,
Ken
David Racodon
2015-05-22 15:48:30 UTC
Permalink
Hi,

@Julien: Do you mean "mvn clean *install* sonar:sonar" or "mvn clean
*package* sonar:sonar"?
For multi-module projects, if you don't run "install" before "sonar:sonar",
your other module packages won't be available in your local Maven
repository and thus for SonarQube. Then, you'll get lots of "Resource not
found: com.xxx" during the analysis and you'll be missing some issues.
Correct?

Regards,

David RACODON
Freelance QA Consultant
LinkedIn <https://ch.linkedin.com/pub/david-racodon/11/62/283> | Twitter
<https://twitter.com/davidracodon>
Post by Julien HENRY
Hi Kenneth,
I'm not 100% sure but since SQ is no more trying to run any Maven goal by
itself it should now be ok to run: mvn clean package sonar:sonar
I'll try to do some experiments with multi-module projects but on your
side don't hesitate to try and report any issue.
++
Post by Baltrinic, Kenneth
Just wanted wanted to ping on this question again as its fairly
important to us. Any input is appreciated.
Date: Friday, May 15, 2015 at 2:33 PM
Subject: Re: Is single command maven integration possible? Planned?
Sorry hit send by accident while editing. The “this” in the first
sentence refers to needing to run mvn sonar:sonar in a separate maven
reactor run form the mvn install goal.
I should also add that we are evaluating SQ 5.1 and all of our builds are multi-module.
Date: Friday, May 15, 2015 at 2:30 PM
Subject: Is single command maven integration possible? Planned?
The Analyzing with Maven
<http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven>documentation
clearly states that you have to do this. However I seem to recall reading
somewhere that this was because of some irregularity in the results that
occurred with multi module projects and I am pretty sure I have read that
this may no longer be needed and the docs may be out of date. However I
can’t find anything to corroborate that now that I am going back and
looking for it.
The reason that this is important is that we would like to switch from
using check style and findbugz in our maven builds and rather use sonarqube
to perform the analysis. However we have the former directly integrated
into our master pom file (used as a parent pom by all projects). In this
way checkstyle and find-bugs always runs every time a mvn compile is
performed, and we can fail the build if violations occur. Developers do
this on their local box. Before we can use SonarQube in place of CS/FB
combo, we need to be able to do this same level of integration. Not having
it is a show-stopper for us. How do we set this up with SonarQube?
Again thank you for all the help.
—Regards,
Ken
Baltrinic, Kenneth
2015-05-22 16:31:19 UTC
Permalink
Julien, thank you for the update. I’ll give it a try soon as I have a chance. Focus has currently shifted to evaluating SonarQube’s .Net capabilities.

David,

Of course I know nothing, nothing! But if we run sonar:sonar in the same maven reactor run as the package goal, would it not have access to the internal cache of build artifacts that all other goals/plugins in the run have? I.e. Its not necessary for a jar to be installed before another jar the depends on it in the same multi-module project can be built. Would the same not hold for sonar? I was always under the impression that the install was needed because the convention is to run sonar is a second reactor run after the first, in which case it does not have access to the internal cache of the first. Again, I only have a general conceptual understanding of how maven works so I could be completely wrong when it come to the reality of the matter.

—Ken

From: David Racodon <***@gmail.com<mailto:***@gmail.com>>
Reply-To: "***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>" <***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>>
Date: Friday, May 22, 2015 at 11:48 AM
To: user <***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>>
Subject: Re: [sonar-user] Re: Is single command maven integration possible? Planned?

Hi,

@Julien: Do you mean "mvn clean install sonar:sonar" or "mvn clean package sonar:sonar"?
For multi-module projects, if you don't run "install" before "sonar:sonar", your other module packages won't be available in your local Maven repository and thus for SonarQube. Then, you'll get lots of "Resource not found: com.xxx" during the analysis and you'll be missing some issues. Correct?

Regards,

David RACODON
Freelance QA Consultant
LinkedIn<https://ch.linkedin.com/pub/david-racodon/11/62/283> | Twitter<https://twitter.com/davidracodon>

On Fri, May 22, 2015 at 5:13 PM, Julien HENRY <***@sonarsource.com<mailto:***@sonarsource.com>> wrote:
Hi Kenneth,

I'm not 100% sure but since SQ is no more trying to run any Maven goal by itself it should now be ok to run: mvn clean package sonar:sonar

I'll try to do some experiments with multi-module projects but on your side don't hesitate to try and report any issue.

++

2015-05-20 14:02 GMT+02:00 Baltrinic, Kenneth <***@cvent.com<mailto:***@cvent.com>>:
Just wanted wanted to ping on this question again as its fairly important to us. Any input is appreciated.

From: <Baltrinic>, Kenneth Baltrinic <***@cvent.com<mailto:***@cvent.com>>
Date: Friday, May 15, 2015 at 2:33 PM
To: "***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>" <***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>>
Subject: Re: Is single command maven integration possible? Planned?

Sorry hit send by accident while editing. The “this” in the first sentence refers to needing to run mvn sonar:sonar in a separate maven reactor run form the mvn install goal.

I should also add that we are evaluating SQ 5.1 and all of our builds are multi-module.

From: <Baltrinic>, Kenneth Baltrinic <***@cvent.com<mailto:***@cvent.com>>
Date: Friday, May 15, 2015 at 2:30 PM
To: "***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>" <***@sonar.codehaus.org<mailto:***@sonar.codehaus.org>>
Subject: Is single command maven integration possible? Planned?

The Analyzing with Maven <http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven> documentation clearly states that you have to do this. However I seem to recall reading somewhere that this was because of some irregularity in the results that occurred with multi module projects and I am pretty sure I have read that this may no longer be needed and the docs may be out of date. However I can’t find anything to corroborate that now that I am going back and looking for it.

The reason that this is important is that we would like to switch from using check style and findbugz in our maven builds and rather use sonarqube to perform the analysis. However we have the former directly integrated into our master pom file (used as a parent pom by all projects). In this way checkstyle and find-bugs always runs every time a mvn compile is performed, and we can fail the build if violations occur. Developers do this on their local box. Before we can use SonarQube in place of CS/FB combo, we need to be able to do this same level of integration. Not having it is a show-stopper for us. How do we set this up with SonarQube?

Again thank you for all the help.
—Regards,
Ken

Loading...