5

I am building a maven project of X amount of modules for the first time for SonarCloud. The sonar.projectKey value needs to be unique, so I set it to ${project.groupId}:{$project.artifactId}, so that it would be generated per module. Afterwards, run the CI and this is the response message:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project ${project.groupId}:${project.artifactId}: Could not find a default branch to fall back on. -> [Help 1]

I suspect this is because I had not created a project with that key on my "organization", but the issue is that I have more than one module. In fact, I have X of them. Should I still create a project per module that I want scanned? Shouldn't the sonarqube plugin handle that?

Dragas
  • 1,140
  • 13
  • 29
  • Could you share the repo? This happens to me when I pushed first time in the repo in a different branch (and then PR). Pushing directly to master solves my problem. You do not need to specify sonar.projectKey it directly picks from maven coordinates groupId and artifactId. Have a look at this [repo](https://github.com/AriHealth/spring-boot-template) – Carlos Cavero Jul 02 '20 at 13:31
  • 1
    Yeah, I solved my issue by creating a project in sonar cloud that matched my maven coordinates rather than gitlab name. Which was caused the confusion to me. For reference https://gitlab.com/Dragas/eternal-witness and https://sonarcloud.io/code?id=lt.saltyjuice.dragas%3Aeternal-witness-bom. Since my main POM has coordinates of "lt.saltyjuice.dragas:eternal-witness-bom" I needed a project with that name rather than gitlab's "Eternal Witness" – Dragas Jul 03 '20 at 09:05

3 Answers3

10

For those, who strugle to get sonarcloud.io working with github action for a java application managed through a maven multi-module project.

I have created a Spring Maven Multi-Module Project and wanted to be able to use sonar from sonarcloud.io during specific github action.

Github Project : https://github.com/MagicSoup/SpringJOOQ

Sonar Cloud Project : https://sonarcloud.io/dashboard?id=MagicSoup_SpringJOOQ

You can find my Github action here : https://github.com/MagicSoup/SpringJOOQ/blob/master/.github/workflows/maven-master.yml

sonar:
    name: Test - SonarCloud Scan
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: SonarCloud Scan
        run: mvn -B clean verify -Psonar -Dsonar.login=${{ secrets.SONAR_TOKEN }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

And inside my root pom.xml the sonar profile : https://github.com/MagicSoup/SpringJOOQ/blob/master/pom.xml

 <profile>
            <id>sonar</id>
            <properties>
                <sonar.host.url>https://sonarcloud.io</sonar.host.url>
                <sonar.organization>magicsoup</sonar.organization>
                <sonar.projectKey>MagicSoup_SpringJOOQ</sonar.projectKey>
                <sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
            </properties>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.sonarsource.scanner.maven</groupId>
                        <artifactId>sonar-maven-plugin</artifactId>
                        <version>${sonar.version}</version>
                        <executions>
                            <execution>
                                <phase>verify</phase>
                                <goals>
                                    <goal>sonar</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>

Here the important information are the following keys :

  • <sonar.projectKey>MagicSoup_SpringJOOQ</sonar.projectKey>
  • <sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>

Without le sonar.moduleKey definition, I had issues on more than one project with the same key.

During the creation of the project in sonarcloud.io https://sonarcloud.io/projects/create by using the analyze github repository a message will be displayed that you should use another way than the automated one because it's doesn't work for java application. Then you will choose the one proprosing "maven,gradle,..." and you will find all the mandatory properties needed to be added in your maven pom.xml. Including the sonar.login that you should export as a secret token in github).

You can create your secret token here : https://github.com/User/Project/settings/secrets You need to be authenticated and to change the User and Project accordingly.

A great article about the subject : https://medium.com/faun/continuous-integration-of-java-project-with-github-actions-7a8a0e8246ef

MagicSoup
  • 116
  • 2
  • Your answer is more complete than my explanation. In regards to project key, the sonar plugin has aggregate goals, which means that the goal is only run on the pom that you invoke it on and is not cascaded to child `modules`, but there's a limitation where project key has to be unique value per module. Do you mind linking sonar maven documentation mentioning the module key property? – Dragas Jul 07 '20 at 08:13
  • 1
    This is nowhere in the official documentation. I have found this in some topics on internet where people were strugling with maven multi module and sonar integration. Topic like this one : - https://groups.google.com/forum/#!topic/sonarqube/WR726lPeLXk - https://stackoverrun.com/fr/q/9884285#40217736 – MagicSoup Jul 08 '20 at 09:16
  • Following sonarcloud's documentation I fell into this issue. Your solution fixes my issue, thanks! – jaivalis Jun 20 '21 at 17:11
  • At the time of writing this, if you turn of Automatic Analysis on sounarcloud, you'll have a very detailed guide depending on your programming language so you can integrate the scan easily. – Catalin Pirvu May 27 '22 at 18:00
2

It seems that my issue was not related to that, but that the gitlab importer in sonar cloud creates a project with key that matches the project's name on gitlab. Instead you should create a project by hand and assign it the {groupId}:{artifactId} name in sonar cloud to prevent that confusion.

The error message is there because there was no project under that key and as a result sonar cloud had no defaults for it.

Dragas
  • 1,140
  • 13
  • 29
0

For me I had to go into the Administration settings for sonar cloud for my project, then Analysis Method and turn off SonarCloud Automatic Analysis, since I'm already running analysis through my CI.

mr nooby noob
  • 1,860
  • 5
  • 33
  • 56