如何使用Sonar Maven插件 [英] How To Use The Sonar Maven Plug-in

问题描述

这里的问题很简单.我想添加在每个Maven构建中执行的声纳.我试过了:

Easy question here. I want to add sonar to be executed on every Maven build. I tried:

<plugin>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.1.1</version>
</plugin>

和

<plugin>
    <groupId>org.codehaus.sonar</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>5.1</version>
</plugin>

和

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>2.7.1</version>
</plugin>

因为a)我无法弄清楚这些插件的作用和/或b)哪个是当前插件.

because a) I couldn't figure out what the plug-ins do and/or b) which one is the current one.

如果仅将以上内容添加到<build>-> <plugins>，则不会执行(因此该插件没有默认执行).因此，我当然添加了<execution>指令，然后执行了Sonar，但出现以下错误消息:

If I only add the above to <build> -> <plugins> it's not executed ever (so the plug-in doesn't have a default execution). So of course I added a <execution> instruction, and after that Sonar gets executed, but with the following error message:

<executions>
    <execution>
        <phase>prepare-package</phase>
        <goals>
            <goal>sonar</goal>
        </goals>
    </execution>
</executions>

无法在项目org.acme.project.build上执行目标org.sonarsource.scanner.maven:sonar-maven-plugin:3.1.1:sonar(默认):无法执行Findbugs:此项目包含Java源文件没有被编译.

Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.1.1:sonar (default) on project org.acme.project.build: Can not execute Findbugs: This project contains Java source files that are not compiled.

使用哪个阶段似乎无关紧要(我尝试了 validate 和 compile 和 test 和 prepare-package 和 package ，尽管并非所有人都说得通).我确定在项目的任何地方都不会生成源代码.静态类的编译就很好了.

It does not seem to matter which phase I use (I tried validate and compile and test and prepare-package and package even though not all of them make sense). I am sure there is no source code generation anywhere in the project. And the static classes get compiled just fine.

我认为问题可能出在每个模块(包括父pom项目)都执行了该插件.这很奇怪，因为sonar:sonar会跳过该项目.

I think the problem might be that the plug-in gets executed for every module, including the parent pom project. Which is weird, because sonar:sonar skips that project.

但是项目结构很简单，我找不到任何异常之处

But the project structure is simple and I can't find anything unusual about it:

<groupId>group</groupId>
<artifactId>org.acme.project.build</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>pom</packaging>

<modules>
    <module>org.acme.project</module>
</modules>

<profiles>
    <profile>
        <id>sonar</id>
        <properties>
            <sonar.host.url>http://sonar.acme.org/</sonar.host.url>
        </properties>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
                    <version>3.1.1</version>
                    <executions>
                        <execution>
                            <phase>compile</phase>
                            <goals>
                                <goal>sonar</goal>
                            </goals>
                        </execution>
                    </executions>
                </plugin>
            </plugins>
        </build>
    </profile>
</profiles>

项目org.acme.project除了其自己的工件ID和父代之外，没有任何其他内容.命令行是:mvn clean deploy -Dsonar.login=Wile.Coyote -Dsonar.password=*********** -Psonar

The project org.acme.project has nothing besides its own artifact ID and the parent. The command line is: mvn clean deploy -Dsonar.login=Wile.Coyote -Dsonar.password=*********** -Psonar

日志显示声纳总是在安装阶段之前执行，这当然是提早实现的方式.

The log shows that sonar is always executed before the install phase, which of course is way to early.

那我该如何使用Sonar的Maven插件来分析我的代码?

So how do I use Sonar's Maven plug-in to analyze my code?

推荐答案

a)我不知道插件的作用

a) I couldn't figure out what the plug-ins do

该插件用于从代码覆盖率报告和存储库代码扫描中收集详细信息，以分析可能的错误，重复等.您可以搜索示例声纳报告来查找所有内容，并用于Maven的SonarQube扫描仪和 SonarQube-使用Maven分析

The plugin is used to gather the details from code coverage reports and the repository code scanning for getting to analyze possible bugs, duplications etc. You can search for a sample sonar report to find what all and how to get these details with maven using two methods like settings.xml and maven plugin is detailed at SonarQube Scanner for Maven and SonarQube - analyzing with Maven

b)哪一个是当前的.

b) which one is the current one.

maven中心建议使用 org上的当前插件. codehaus.mojo 用作

The maven central suggests that the current plugin from org.codehaus.mojo used as

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.2</version>
</plugin>

已移至

<plugin>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.2</version>
</plugin>

因此，理想情况下，您应该使用groupId-org.sonarsource.scanner.maven中的一个，如

So you should ideally be using the one from groupId - org.sonarsource.scanner.maven as also suggested by the SonarQube Docs

org.codehaus.sonar 中的工件版本5.1似乎已过时且未维护.

Also the artifact from org.codehaus.sonar version 5.1 seems to be outdated and not maintained.

这篇关于如何使用Sonar Maven插件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！