Sonar maven plugin: same project key for all modules does not work?

16
votes

I am using sonar-maven-plugin 3.2 and maven 3.3.9. In the parent POM, I have the sonar.projectKey maven property defined. The value is in effect, I can see it from the printout of sonar. But the mvn sonar:sonar step fails, because the maven modules use the same project key value, because the maven property has the same value in all modules. Sonar gives the error:

Project '...' can't have 2 modules with the following key: ...

Is there really no way to have a single sonar project that contains all maven modules? Are all modules must be really different sonar projects?

I am aware that I could use the branch property asa hack, but I would like to avoid doing that. If there is a way to have a maven multi module project in sonar with a single project key, containing all maven modules, that would be the best...

3
mavensonarqubesonar-maven-plugin

3 Answers

14
votes

According to SonarQube Analysis Parameters:

sonar.projectKey

The project key that is unique for each project. Allowed characters are: letters, numbers, '-', '_', '.' and ':', with at least one non-digit.
When using Maven, it is automatically set to <groupId>:<artifactId>.

Therefore, remove your sonar.projectKey configuration and it should work.

(I have been through the same loop).

25
votes

Since SonarQube 7.6

Modules have been removed in a recent release. I couldn't yet validate if the below, modules-based solution works on SonarQube 8.x, but assume a different solution has to be used. When I contacted SonarQube support they suggested to manage permissions on project key prefixes, and use prefix-scoped project creation permissions to dynamically create project keys sharing that prefix.

In this case your pom.xml would look like this:

<properties>
    <sonar.projectKey>
        YourKey-${project.groupId}:${project.artifactId}
    </sonar.projectKey>
</properties>

where YourKey is the project-prefix. This requires your SonarQube admin to apply the suggested permission scheme.

Pre SonarQube 7.6

SonarQube prior to 7.6 is/was module-aware. To define modules in your parent.pom, you declare the following properties:

<properties>
    <sonar.projectKey>
        YourKey
    </sonar.projectKey>
    <sonar.moduleKey>
        ${project.groupId}:${project.artifactId}
    </sonar.moduleKey>
</properties>

Both properties will be inherited by your modules. This will then compile the result into a single Sonar report, tracking the sub-modules under the common projectKey. Interestingly the result is:

[INFO] Reactor Summary:
[INFO] 
[INFO] parent ................................. SUCCESS [01:14 min]
[INFO] module1................................. SKIPPED
[INFO] module2 ................................ SKIPPED
[INFO] module3 ................................ SKIPPED

I'm therefore not sure, how the exact module resolution was done, but in the end all modules showed up in the report.

1
votes

There must be a way to uniquely identify each component. As Steve C said, you can't have two projects with the same project key. And within a project, modules must also have unique identifiers. Otherwise, analysis of the second "module b" would overwrite the first "module b".