CODEWITHSUNDEEP
javamavensonarqube
piotrek
piotrek

Reputation: 14520

why sonar:sonar needs mvn install before?

official documentation http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven says that the proper way of invoking sonar is:

mvn clean install -DskipTests=true
mvn sonar:sonar

but doesn't say why. how does sonar work? does it need compiled classes? so why not just mvn clean compile? or does it need a jar file? so why not just mvn clean package? what exactly does sonar plugin?

Upvotes: 7

Views: 5463

Answers (3)

beatngu13
beatngu13

Reputation: 9333

Explanation from a SonarSource team member:

In a multi-module build an aggregator plugin can't resolve dependencies from target folder. So you have two options:

  • mvn clean install && mvn sonar:sonar as two separate processes
  • mvn clean package sonar:sonar as a single reactor [meanwhile, the SonarQube documentation says verify]

I was surprised too, so I made a tweet an received the following answer from the official Maven account:

If the plugin is not designed to use the target/classes folder as a substitute, then yes you would need to have installed to get the jar when running *in a different session*. Complain to the plugin author if they force you to use install without foo reason [ed - @connolly_s]

Upvotes: 3

user847316
user847316

Reputation:

You can run SonarQube as part of a single Maven command if you meet some requirements:

  • As Mithfindel mentions, some SonarQube plugins need to analyze .class files. And if you run unit tests outside of SonarQube, then of course the testing plugins must read output from the test phase.
  • Got integration tests? Then you need to run after the integration-test phase.
  • If you want to run SonarQube as a true quality gate then you absolutely must run it before the deploy phase.

One solution is to just attach SonarQube to run after the package phase. Then you can get a full build with a simple clean install or clean deploy. Most people do not do this because SonarQube is time-consuming, but the incremental mode added in 4.0 and greatly improved in the upcoming 4.2 solves this.

As far as the official documentation goes, it's a lot easier to say "build and then run sonar:sonar" then it is to say, "open your POM, add a build element for the sonar-maven-plugin, attach it to verify, etc".

One caveat. SonarQube requires Java 6, so if you're building against JDK 1.5 (still common in large organizations), the analysis will have to happen in a separate Maven invocation with a newer JDK selected. We solved this issue with custom Maven build wrapper.

Upvotes: 1

Mithfindel
Mithfindel

Reputation: 4708

The SonarQube analyzer indeed needs compiled classes (e.g for Findbugs rules, coverage). And since by default it executes tests itself, the compile phase can skip tests.

Upvotes: 1

Related Questions