Issue
I am building a maven project of X amount of modules for the first time for SonarCloud. The sonar.projectKey
value needs to be unique, so I set it to ${project.groupId}:{$project.artifactId}
, so that it would be generated per module. Afterwards, run the CI and this is the response message:
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project ${project.groupId}:${project.artifactId}: Could not find a default branch to fall back on. -> [Help 1]
I suspect this is because I had not created a project with that key on my "organization", but the issue is that I have more than one module. In fact, I have X of them. Should I still create a project per module that I want scanned? Shouldn't the sonarqube plugin handle that?
Solution
For those, who strugle to get sonarcloud.io working with github action for a java application managed through a maven multi-module project.
I have created a Spring Maven Multi-Module Project and wanted to be able to use sonar from sonarcloud.io during specific github action.
Github Project : https://github.com/MagicSoup/SpringJOOQ
Sonar Cloud Project : https://sonarcloud.io/dashboard?id=MagicSoup_SpringJOOQ
You can find my Github action here : https://github.com/MagicSoup/SpringJOOQ/blob/master/.github/workflows/maven-master.yml
sonar:
name: Test - SonarCloud Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: SonarCloud Scan
run: mvn -B clean verify -Psonar -Dsonar.login=${{ secrets.SONAR_TOKEN }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
And inside my root pom.xml the sonar profile : https://github.com/MagicSoup/SpringJOOQ/blob/master/pom.xml
<profile>
<id>sonar</id>
<properties>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<sonar.organization>magicsoup</sonar.organization>
<sonar.projectKey>MagicSoup_SpringJOOQ</sonar.projectKey>
<sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
</properties>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>${sonar.version}</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>sonar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
Here the important information are the following keys :
- <sonar.projectKey>MagicSoup_SpringJOOQ</sonar.projectKey>
- <sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
Without le sonar.moduleKey definition, I had issues on more than one project with the same key.
During the creation of the project in sonarcloud.io https://sonarcloud.io/projects/create by using the analyze github repository a message will be displayed that you should use another way than the automated one because it's doesn't work for java application. Then you will choose the one proprosing "maven,gradle,..." and you will find all the mandatory properties needed to be added in your maven pom.xml. Including the sonar.login that you should export as a secret token in github).
You can create your secret token here : https://github.com/User/Project/settings/secrets You need to be authenticated and to change the User and Project accordingly.
A great article about the subject : https://medium.com/faun/continuous-integration-of-java-project-with-github-actions-7a8a0e8246ef
Answered By - MagicSoup
Answer Checked By - Marilyn (JavaFixing Volunteer)