为什么声纳:声纳之前需要 mvn 安装?
[英]why sonar:sonar needs mvn install before?
问题描述
official documentation http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven says that the proper way of invoking sonar is:
官方文档http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven说调用声纳的正确方法是:
mvn clean install -DskipTests=true
mvn sonar:sonar
but doesn't say why.但没有说为什么。 how does sonar work?声纳是如何工作的? does it need compiled classes?它需要编译类吗? so why not just mvn clean compile ?那么为什么不只是mvn clean compile呢? or does it need a jar file?还是需要jar文件? so why not just mvn clean package ?那么为什么不只是mvn clean package呢? what exactly does sonar plugin?声纳插件到底是什么?
3 个解决方案
解决方案1
1 2014-03-06 11:39:18
The SonarQube analyzer indeed needs compiled classes (eg for Findbugs rules, coverage). SonarQube 分析器确实需要编译类(例如 Findbugs 规则、覆盖率)。 And since by default it executes tests itself, the compile phase can skip tests.由于默认情况下它自己执行测试,因此编译阶段可以跳过测试。
解决方案2
1
You can run SonarQube as part of a single Maven command if you meet some requirements:如果您满足某些要求,您可以将 SonarQube 作为单个 Maven 命令的一部分运行:
- As Mithfindel mentions, some SonarQube plugins need to analyze .class files.正如 Mithfindel 提到的,一些 SonarQube 插件需要分析 .class 文件。 And if you run unit tests outside of SonarQube, then of course the testing plugins must read output from the
testphase.如果你在 SonarQube 之外运行单元测试,那么当然测试插件必须从test阶段读取输出。 - Got integration tests?有集成测试吗? Then you need to run after the
integration-testphase.然后您需要在integration-test阶段之后运行。 - If you want to run SonarQube as a true quality gate then you absolutely must run it before the
deployphase.如果您想将 SonarQube 作为真正的质量门来运行,那么您绝对必须在deploy阶段之前运行它。
One solution is to just attach SonarQube to run after the package phase.一种解决方案是仅附加 SonarQube 以在package阶段之后运行。 Then you can get a full build with a simple clean install or clean deploy .然后,您可以通过简单的全新clean install或全新clean deploy获得完整的构建。 Most people do not do this because SonarQube is time-consuming, but the incremental mode added in 4.0 and greatly improved in the upcoming 4.2 solves this.大多数人不会这样做,因为 SonarQube 很耗时,但是 4.0 中添加的增量模式并在即将到来的 4.2 中大大改进,解决了这个问题。
As far as the official documentation goes, it's a lot easier to say "build and then run sonar:sonar " then it is to say, "open your POM, add a build element for the sonar-maven-plugin, attach it to verify , etc".就官方文档而言,说“构建然后运行sonar:sonar ”要容易得多,然后说“打开你的POM,为sonar-maven-plugin添加一个build元素,附加它以verify , 等等”。
One caveat.一个警告。 SonarQube requires Java 6, so if you're building against JDK 1.5 (still common in large organizations), the analysis will have to happen in a separate Maven invocation with a newer JDK selected. SonarQube 需要 Java 6,因此如果您针对 JDK 1.5(在大型组织中仍然很常见)进行构建,则必须在选择较新 JDK 的单独 Maven 调用中进行分析。 We solved this issue with custom Maven build wrapper.我们使用自定义 Maven 构建包装器解决了这个问题。
解决方案3
1 2021-02-05 23:15:05
Explanation from a SonarSource team member :来自SonarSource 团队成员的解释:
In a multi-module build an aggregator plugin can't resolve dependencies from target folder.
mvn clean install&&mvn sonar:sonaras two separate processesmvn clean install&&mvn sonar:sonar作为两个独立的进程mvn clean package sonar:sonaras a single reactormvn clean package sonar:sonar作为单个反应器的mvn clean package sonar:sonar
I was surprised too, so I made a tweet an received the following answer from the official Maven account :我也很惊讶,所以我发了一条推文,收到了 来自 Maven 官方帐户的以下 答复:
If the plugin is not designed to use the target/classes folder as a substitute, then yes you would need to have installed to get the jar when running *in a different session*.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.