SonarQube/SonarCloud Maven Report Plugin
Description
Add a report link to the Maven site that redirects to the project dashboard in SonarQube/SonarCloud.
Repository
Version 0.1 was hosted at codehaus.org that was terminated around May 17th 2015.
In was decided to switch to Sonatype Open Source Software Repository Hosting (OSSRH).
Releases
The code itself is released in the master
branch as maven-report-x.y.z
. The changes are then merged to the ossrh-releases
branch and released as sonarqube-maven-report-x.y.z
under the groupId nl.demon.shadowland.maven.plugins
, which was already configured for OSSRH access.
The gory details
The OSSRH release and deployment stuff is activated with the openSource
profile:
<profile>
<id>openSource</id>
<distributionManagement>
<repository>
<id>ossrh</id>
<name>Open Source Releases</name>
<url>${ossrhHost}/content/repositories/releases</url>
</repository>
<snapshotRepository>
<id>ossrh</id>
<name>Open Source Snapshots</name>
<url>${ossrhHost}/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
<properties>
<tagNameFormat>@{project.artifactId}-@{project.version}</tagNameFormat>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<keyname>${gpg.keyname}</keyname>
<passphraseServerId>${gpg.keyname}</passphraseServerId>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
For OSSRH deployment the artifacts must be signed with a PGP Signature, which is stored in the settings.xml
and referenced by gpg.keyname
:
<servers>
<server>
<id>DD605CC8A9582C0D</id>
<passphrase>{…}</passphrase>
</server>
</servers>
…
<profiles>
<profile>
<id>gnupg</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>…/gpg</gpg.executable>
<gpg.keyname>DD605CC8A9582C0D</gpg.keyname>
<gpg.skip>false</gpg.skip>
</properties>
</profile>
</profiles>
The OSSRH account is also stored in the settings.xml
and is referenced by the id
from the distributionManagement
:
<servers>
<server>
<id>ossrh</id>
<username>username</username>
<password>{…}</password>
</server>
</servers>
In case of Java code the Sources and the Javadoc must also be included:
<profiles>
<profile>
<id>documents</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
</profiles>
Note: When sources and javadoc are generated in the same phase verify
as the PGP Signing make sure the documents
profile is placed before the openSource
profile, otherwise they won't get signed and thus the deployment will fail.
Usage version 0.2.x
Add the plugin to the reporting section in the POM:
<project>
…
<reporting>
<plugins>
<plugin>
<groupId>nl.demon.shadowland.maven.plugins</groupId>
<artifactId>sonarqube-maven-report</artifactId>
<version>0.2.2</version>
</plugin>
</plugins>
</reporting>
</project>
Usage version 0.1
Add the plugin to the reporting section in the POM:
<project>
…
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.sonar-plugins</groupId>
<artifactId>maven-report</artifactId>
<version>0.1</version>
</plugin>
</plugins>
</reporting>
</project>
Usage properties
Optionally, you can add the following properties to override default values:
<project>
…
<properties>
<!-- default value is http://localhost:9000 -->
<sonar.host.url>https://sonarcloud.io/</sonar.host.url>
<!-- no branch by default -->
<branch>osssrh-releases</branch>
</properties>
…
<reporting>
…
</reporting>
</project>
Note: The Maven report uses as default SonarQube
for title, header and html filename. But in case of host sonarcloude.io
the report switches to SonarCloud
.
To see the Maven report in action this project is mirrored on GitLab, where the branch ossrh-releases is used to generate the site with a .gitlab-ci.yml.
Usage Maven
Generate the Maven site with: mvn site
.
Generate only the report with mvn nl.demon.shadowland.maven.plugins:sonarqube-maven-report:0.2.2:report [-Dsonar.host.url=https://sonarcloud.io/]
.
Note: To make sure both commands result in the same content, take a look under the hood of Maven to understand the alternative pluginManagement
usage shown below.
Maven under the hood
First consider the way the SonarReportMojo
defined the url parameter:
@Parameter( property = "sonar.host.url", defaultValue = "http://localhost:9000", alias = "sonar.host.url", required = true )
private String sonarHostURL;
Thus there are 3 ways to set this parameter in the POM, which are of course all overruled by the command line option -Dsonar.host.url
:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<properties>
<sonar.host.url>https://sonar.property.com/</sonar.host.url>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>nl.demon.shadowland.maven.plugins</groupId>
<artifactId>sonarqube-maven-report</artifactId>
<version>0.2.2</version>
<configuration>
<sonarHostURL>https://sonar.plugin.management.com/</sonarHostURL>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<reporting>
<plugin>
<groupId>nl.demon.shadowland.maven.plugins</groupId>
<artifactId>sonarqube-maven-report</artifactId>
<version>0.2.2</version>
<configuration>
<sonarHostURL>https://sonar.reporting.com/</sonarHostURL>
</configuration>
</plugin>
</plugins>
</reporting>
</project>
Testing these three possibilities with the above mentioned two Maven Usage commands will not result in the same content for the last reporting configuration.
Usage alternative pluginManagement
Alternatively, you can add the following plugin management to override default values:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>nl.demon.shadowland.maven.plugins</groupId>
<artifactId>sonarqube-maven-report</artifactId>
<version>0.2.2</version>
<configuration>
<!-- default value is http://localhost:9000 -->
<sonarHostURL>https://sonarcloud.io/</sonarHostURL>
<!-- no branch by default -->
<branch>osssrh-releases</branch>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<reporting>
<plugin>
<groupId>nl.demon.shadowland.maven.plugins</groupId>
<artifactId>sonarqube-maven-report</artifactId>
<version>0.2.2</version>
</plugin>
</plugins>
</reporting>
</project>