Building multi-module maven project for SonarCloud

Question

I am building a maven project of X amount of modules for the first time for SonarCloud. The sonar.projectKey value needs to be unique, so I set it to ${project.groupId}:{$project.artifactId}, so that it would be generated per module. Afterwards, run the CI and this is the response message:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project ${project.groupId}:${project.artifactId}: Could not find a default branch to fall back on. -> [Help 1]

I suspect this is because I had not created a project with that key on my "organization", but the issue is that I have more than one module. In fact, I have X of them. Should I still create a project per module that I want scanned? Shouldn't the sonarqube plugin handle that?

Answer 1

For those, who strugle to get sonarcloud.io working with github action for a java application managed through a maven multi-module project.

I have created a Spring Maven Multi-Module Project and wanted to be able to use sonar from sonarcloud.io during specific github action.

Github Project : https://github.com/MagicSoup/SpringJOOQ

Sonar Cloud Project : https://sonarcloud.io/dashboard?id=MagicSoup_SpringJOOQ

You can find my Github action here : https://github.com/MagicSoup/SpringJOOQ/blob/master/.github/workflows/maven-master.yml

sonar:
    name: Test - SonarCloud Scan
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: SonarCloud Scan
        run: mvn -B clean verify -Psonar -Dsonar.login=${{ secrets.SONAR_TOKEN }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

And inside my root pom.xml the sonar profile : https://github.com/MagicSoup/SpringJOOQ/blob/master/pom.xml

 <profile>
            <id>sonar</id>
            <properties>
                <sonar.host.url>https://sonarcloud.io</sonar.host.url>
                <sonar.organization>magicsoup</sonar.organization>
                <sonar.projectKey>MagicSoup_SpringJOOQ</sonar.projectKey>
                <sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
            </properties>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.sonarsource.scanner.maven</groupId>
                        <artifactId>sonar-maven-plugin</artifactId>
                        <version>${sonar.version}</version>
                        <executions>
                            <execution>
                                <phase>verify</phase>
                                <goals>
                                    <goal>sonar</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>

Here the important information are the following keys :

• <sonar.projectKey>MagicSoup_SpringJOOQ</sonar.projectKey>
• <sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>

Without le sonar.moduleKey definition, I had issues on more than one project with the same key.

During the creation of the project in sonarcloud.io https://sonarcloud.io/projects/create by using the analyze github repository a message will be displayed that you should use another way than the automated one because it's doesn't work for java application. Then you will choose the one proprosing "maven,gradle,..." and you will find all the mandatory properties needed to be added in your maven pom.xml. Including the sonar.login that you should export as a secret token in github).

You can create your secret token here : https://github.com/User/Project/settings/secrets You need to be authenticated and to change the User and Project accordingly.

A great article about the subject : https://medium.com/faun/continuous-integration-of-java-project-with-github-actions-7a8a0e8246ef

Answer 2

It seems that my issue was not related to that, but that the gitlab importer in sonar cloud creates a project with key that matches the project's name on gitlab. Instead you should create a project by hand and assign it the {groupId}:{artifactId} name in sonar cloud to prevent that confusion.

The error message is there because there was no project under that key and as a result sonar cloud had no defaults for it.

Answer 3

For me I had to go into the Administration settings for sonar cloud for my project, then Analysis Method and turn off SonarCloud Automatic Analysis, since I'm already running analysis through my CI.