Trying to get Sonar CXX Plugin working - jenkins

Setup Jenkins (with sonar plugin) and sonar (with cxx-plugin). There is a build step to create the "......./gcovr-reports/gcovr-result-test.xml" file. Problem is coverage results to not show up ob Snar dashboard. But it appears that sonar.runner is excuting .... but transcript does not show that CxxGcovrSensor is being run.

what errormessages do you get?
try importing your project using maven for more details on errormessges.
I had similar issues because my pom.xml was broken. below is a working one.
be sure your folder structure looks like this:
(you need to cd to base)
base=/some/folder/myProject/ <-- put pom.xml here
src_folder=/some/folder/myProject/src
reports_folder=/some/folder/myProject/reports (with all the subdirs for reports)
also be sure your reports are named lik: xunit-result-.xml
cd to /some/folder/myProject and mvn sonar:sonar
(mvn -X sonar:sonar for debug mode)
(btw. if you get strange errors try removing all irrelevant plugins from sonar/external/plugins (just leave cxx there)
do not forget to set JAVA_PATH for sonar
goto basefolder
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>NETICOA</groupId>
<artifactId>MYPROJECT</artifactId>
<version>5.3.10-myversion</version>
<packaging>pom</packaging>
<name>myProject</name>
<description>php svn code</description>
<!-- pom.xml extract -->
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cxx-maven-plugin</artifactId>
<version>0.0.5-SNAPSHOT</version>
<configuration>
<sourceDirs>
<sourceDir>${basedir}/src</sourceDir>
</sourceDirs>
<!-- All of the sub configuration nodes following are needed by sonar-cxx plugin -->
<!-- This sample provided values are default values. -->
<!-- So you can simple remove all of it if you provide reports in the right places -->
<xunit>
<directory>${basedir}/reports/xunit-reports</directory>
<includes>
<include>**/xunit-result-*.xml</include>
</includes>
</xunit>
<gcovr>
<directory>${basedir}/reports/gcovr-reports</directory>
<includes>
<include>**/gcovr-reports-*.xml</include>
</includes>
</gcovr>
<cppcheck>
<directory>${basedir}/reports/cppcheck-reports</directory>
<includes>
<include>**/cppcheck-result-*.xml</include>
</includes>
<reportsIncludeSourcePath>
<include>..</include>
</reportsIncludeSourcePath>
</cppcheck>
<cppncss>
<directory>${basedir}/reports/cppncss-reports</directory>
<includes>
<include>**/cppncss-result-*.xml</include>
</includes>
<reportsIncludeSourcePath>
<include>..</include>
</reportsIncludeSourcePath>
</cppncss>
<veraxx>
<directory>${basedir}/reports/vera++-reports</directory>
<includes>
<include>**/vera++-result-*.xml</include>
</includes>
<reportsIncludeSourcePath>
<include>..</include>
</reportsIncludeSourcePath>
</veraxx>
<valgrind>
<directory>${basedir}/reports/valgrind-reports</directory>
<includes>
<include>**/valgrind-result-*.xml</include>
</includes>
<reportsIncludeSourcePath>
<include>..</include>
</reportsIncludeSourcePath>
</valgrind>
</configuration>
</plugin>
</plugins>
<!-- We have our own <configuration><sourceDirs> node inside cxx plugin configuration -->
<!-- <sourceDirectory>${basedir}/sources</sourceDirectory> -->
</build>
<properties>
<sonar.language>c++</sonar.language>
<sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
</properties>
</project>

Related

Maven Glassfish plugin - Handling redeploy/deploy/undeploy Failure

I need to build and deploy the war into glassfish using maven(Problem explained below).
Currently I managed to deploy the war using maven glassfish plugin and I've used the goal redploy as shown in the POM below:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>Myapp</groupId>
<artifactId>Myapp</artifactId>
<packaging>war</packaging>
<version>1.0</version>
<name>APP WEB APP</name>
<url>http://maven.apache.org</url>
<build>
<finalName>MyApp</finalName>
<plugins>
<plugin>
<groupId>org.glassfish.maven.plugin</groupId>
<artifactId>maven-glassfish-plugin</artifactId>
<configuration>
<terse>false</terse>
<echo>true</echo>
<debug>true</debug>
<glassfishDirectory>C:\glassfish3\glassfish</glassfishDirectory>
<user>admin</user>
<adminPassword>admin</adminPassword>
<domain>
<name>domain1</name>
<host>localhost</host>
<adminPort>4848</adminPort>
</domain>
<components>
<component>
<name>${project.artifactId}</name>
<artifact>${project.build.directory}/${project.build.finalName}.war</artifact>
</component>
</components>
</configuration>
<executions>
<execution>
<phase>install</phase>
<goals>
<goal>redeploy</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Problem: say there is already a war deployed and when I execute the command mvn clean install and something goes wrong during the deployment.Since I've used the goal as redeploy the war would 1st do a undeploy and then do a deploy.In my case this POM cannot be used for the next time because there is a failure and the war does not exist.
Help required
Please help me to achieve a check in POM whether the war is deployed or not and then based on the result I need to initiate goals deploy or undeploy which suites.
Say there is no war deployed i need to call glassfish:deploy in POM.
Thanks for your time in advance
Found my answer Here:
Redeploy remote glassfish with cargo fails
No matter there is or isn't a war deployed the cargo plugin takes care of the above mentioned problem.
Main Catch is adding
<cargo.runtime.args>force=true</cargo.runtime.args>

Fortify + maven exclude xsd files

I have an issue with running scan with excluding xsd files in fortify SCA.
I am using maven (with fortify plugin) + jenkins.
My POM.xml used by Jenkins:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>pl.bluecode</groupId>
<artifactId>bc</artifactId>
<version>1.0</version>
<packaging>pom</packaging>
<properties>
</properties>
<scm>
<connection>scm:svn:https://subversion......</connection>
<developerConnection>scm:svn:https://subversion.....</developerConnection>
<tag>HEAD</tag>
<url>https://subversion......</url>
</scm>
<profiles>
<profile>
<id>common</id>
<activation>
<activeByDefault>true</activeByDefault>
<property>
<name>!skipCommonProfile</name>
</property>
</activation>
<modules>
<module>Project1</module>
<module>Project2</module>
</modules>
</profile>
<profile>
<id>profile1</id>
<modules>
<module>Project3</module>
<module>Project4</module>
</modules>
</profile>
</profiles>
<build>
<sourceDirectory>${basedir}/src</sourceDirectory>
<finalName>${project.artifactId}</finalName>
<resources>
<resource>
<directory>${basedir}/src</directory>
<includes>
<include>**/*.properties</include>
</includes>
</resource>
<resource>
<directory>${basedir}/src</directory>
</resource>
</resources>
<pluginManagement>
<plugins>
<plugin>
<groupId>com.fortify.ps.maven.plugin</groupId>
<artifactId>maven-sca-plugin</artifactId>
<version>2.6</version>
<configuration>
<source>1.5</source>
<failOnSCAError>true</failOnSCAError>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
My Jenkins Maven goals looks like:
1st goal:
com.fortify.ps.maven.plugin:maven-sca-plugin:2.6:clean -Pprofile1
2nd goal:
com.fortify.ps.maven.plugin:maven-sca-plugin:2.6:translate -Pprofile1
3rd goal:
com.fortify.ps.maven.plugin:maven-sca-plugin:2.6:scan -Pprofile1
Unfortunately I can not attach image.
Above configuration is working as expected till now.
Now, I'd like to exclude all XSD files from scan.
How to do it?
I tried to add -exclude ".xsd" entry in maven goals:
com.fortify.ps.maven.plugin:maven-sca-plugin:2.6:scan -Pprofile -exclude ".xsd"
but it doesn't work.
If someone can help we I would be grateful.
Thanks.
in theory the Fortify Maven Plugin supports the exclusion of files, but it doesn't always work as expected.
Now, that being said, you are not invoking the exclusion correctly. Where you built the Fortify Maven Plugin, find the documentation for the translate goal, e.g. for me: /Samples/advanced/maven-plugin/target/site/translate-mojo.html#exclude.
There you can find the correct way to invoke exclusion. On the command line:
"-Dfortify.sca.exclude=*.xsd"
or in the POM (if you set up the fortify translate job there)
<exclude>
*.xsd
</exclude>
Now back to my first point. Sometimes exclusion is more difficult to effect than just by setting the value as *.extension. You may also need to specify the directory as well, so if the above doesn't work, try also the Fortify special glob parameter "**" which means any recursive subdirectory match. To wit:
"-Dfortify.sca.exclude=**/*.xsd"
or
<exclude>
**/*.xsd
</exclude>
If neither of the above work, then contact Fortify Technical Support.
Pro tip: you can also set this value in Core/config/fortify-sca.properties, where it will affect every invocation of sourceanalyzer on the system. That includes invocations via the maven plugin.

Maven to SVN repository

I am trying to connect maven to SVN repository using valid credentials. My pom.xml file is as follows,
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.maven.myfirstproject</groupId>
<artifactId>myfirstproject</artifactId>
<version>0.0.1-SNAPSHOT</version>
<build>
<scm>
<connection>scm:svn:http://d-113017553/svn/PRONTO/trunk/dev</connection>
<developerConnection>scm:svn:http://d-113017553/svn/PRONTO/trunk/dev</developerConnection>
</scm>
<servers>
<id>central</id>
<username>keerthana</username>
<password>keerthana</password>
<url>http://d-113017553/svn/PRONTO/trunk/dev</url>
</servers>
<plugin>
<groupid>org.apache.maven.plugins</groupid>
<artifactid>maven-scm-plugin</artifactid>
<version>1.8.1</version>
</plugin>
</build>
</project>
When i run it i get the following errors,
**1)coreException : could not calculate build plan: plugin org.apache.maven.plugins:maven-compiler:2.3.2 or one of its dependencies could not be resolved:Failed to read artifact descriptor for org.apache.maven.plugins:maven-compiler-plugin:jar:2.3.2
2)Plugin execution not covered by lifecycle configuration:org.apache.maven.plugins:maven-compiler-plugin:2.3.2:testCompile(execution:default-testCompile,phase:test-compile)**
Would anyone help me out to solve the above errors pls?????
First your pom.xml file can contain the information about VCS but you have to follow the schema for the pom.xml file which can get a good impression about here.
Furthermore it's good practice to indent XML file correctly like this:
<scm>
<connection>scm:svn:http://svn.server.com/svn/my-project/trunk</connection>
<developerConnection>scm:svn:https://svn.server.com/svn/my-project/trunk</developerConnection>
<url>http://svn.server.com/websvn/my-project</url>
</scm>
Apart from the above the things like this:
<servers>
<id>central</id>
<username>keerthana</username>
<password>keerthana</password>
<url>http://d-113017553/svn/PRONTO/trunk/dev</url>
</servers>
do not belong into the pom.xml. They should be put into the setting.xml file in your home folder (usually $HOME/.m2/settings.xml). And of course should you never put credentials into your pom file.

Sonar and MAVEN POM file with Dependencies

I have setup Maven and Sonar to analyze .NET projects and it works fine for winforms projects. However when I add an MVC project it gives a build Failure because it can't find the System.Web.MVC.dll file. I have an Fx-Cop plugin that runs as part of Sonar.
One way to get around this would be to package the dll, copy local= true with the project. However I dont want to do that(any thing wrong with packaging the MVC file along?)
How do I add a dependency to the MVC dll? I followed this example and added it like this:
<dependencies>
<dependency>
<groupId>artifact_group_id</groupId>
<artifactId>System.WEb.MVC</artifactId>
<version>4.0.30319</version>
<type>library</type>
<scope>system</scope>
<systemPath>C:\DOTNET\DLLS\System.Web.Mvc.dll</systemPath>
</dependency>
</dependencies>
Still I get a Build Failure caused by FX-Cop. Looking at the FX-Cop logs I get a message as below:
The following error was encountered while reading module 'MyTestMvcApp': Assembly reference cannot be resolved: System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35.
I'm using apache-maven-3.0.2 and sonar-3.2. Can anyone help with this?
This is the full POM.XML file
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>Test</groupId>
<artifactId>Sonar.For.NET.Test</artifactId>
<version>1.0</version>
<name>Testing </name>
<packaging>netpack</packaging>
<properties>
<visual.studio.solution>TestProjectsForSonarBuild.sln</visual.studio.solution>
<visual.test.project.pattern>*.Tests;*Test</visual.test.project.pattern>
<dotnet.tool.version>4.0</dotnet.tool.version>
<sonar.language>cs</sonar.language>
</properties>
<dependencies>
<dependency>
<groupId>artifact_group_id</groupId>
<artifactId>System.WEb.MVC</artifactId>
<version>4.0.30319</version>
<type>library</type>
<scope>system</scope>
<systemPath>C:\DOTNET\DLLS\System.Web.Mvc.dll</systemPath>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.sonar-plugins.dotnet</groupId>
<artifactId>maven-dotnet-plugin</artifactId>
<version>0.6</version>
<extensions>true</extensions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<configuration>
<toolVersion>3.5</toolVersion>
<buildConfigurations>Debug</buildConfigurations>
<rebuild>true</rebuild>
<language>cs</language>
</configuration>
</plugin>
</plugins>
</build>
</project>
Thanks for your time.
You can use the "sonar.fxcop.assemblyDependencyDirectories" property as described on the documentation page for the FxCop plugin.
So you have 2 solutions from there:
either your build process copies "System.Web.MVC.dll" in a temp folder, which you reference through the this property
or you directly reference an absolute path where this DLL can be found (but your property may then be not portable accros different environments/servers)

Create pom.xml file

Could anayone give me some sugestions on how to create a pom.xml file for a multimodules project, that is build with ant? I need to create this pom.xml file in order to analyze the project with Sonar.
I suggest to follow the instructions from the Sonar documentation. See Analyzing Java Projects:
Project with multiple sources directories
If your non-maven project contains
more than one sources directory, you
can specify which sources directories
to analyse by adding a new section
about the Build Helper Maven Plugin
into your pom.xml file :
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>[YOUR.ORGANIZATION]</groupId>
<artifactId>[YOUR.PROJECT]</artifactId>
<name>[YOUR PROJECT NAME]</name>
<version>[YOUR PROJECT VERSION]</version>
<build>
<sourceDirectory>[YOUR SOURCE DIRECTORY]</sourceDirectory>
<outputDirectory>[YOUR CLASSES/BIN DIRECTORY</outputDirectory>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
<excludes>
<exclude>**/*.*</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<version>1.1</version>
<executions>
<execution>
<id>add-source</id>
<phase>generate-sources</phase>
<goals>
<goal>add-source</goal>
</goals>
<configuration>
<sources>
<source>[YOUR SOURCE DIRECTORY 2]</source>
<source>[YOUR SOURCE DIRECTORY 3]</source>
</sources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<properties>
<sonar.dynamicAnalysis>false</sonar.dynamicAnalysis>
<sonar.phase>generate-sources</sonar.phase>
</properties>
</project>
Replace the parameters :
...
And execute the maven2 plugin as explained in the installation guide :
mvn sonar:sonar
There is now a Sonar Ant Task that you can use, or there is also the Sonar Runner
What you put in the pom.xml is going to depend what dependencies you need to use and what plugins you need to run. Check out the Intro to POM to see what it is made up of.
I think you can try to use the builder-helper-maven-plugin, currently, latest version is 1.5.
as documented http://docs.codehaus.org/display/SONAR/Analyzing+Java+Projects. However, just change the plugin version to 1.5 and use mvn sonar3:sonar. Most importantly, dont forget <sonar.phase>generate-sources</sonar.phase>, without this, it doesn't work.
as for the output directory, if using eclipse, you can specify the output directory for each module, and make them point to the same folder. Use this folder as the outputdirectory for pom.xml. remember to disable scrub, if using eclipse.

Resources