I'm building a custom sonar plugin which is a maven project.
Sonar asks to mention it's required sonar-plugin-api
dependency as scope provided
. I think it's okay because it will run inside sonar container which will have this jar.
In my use case I want to add additional dependency of httpclient
. If I add it under default scope, it refuses to build, throwing below error:
[ERROR] This dependency must be declared with scope <provided>: commons-logging:commons-logging:jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.364 s
[INFO] Finished at: 2019-03-05T13:52:22+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.sonar-packaging-maven-plugin:sonar-packaging-maven-plugin:1.18.0.372:check (default-check) on project myPlugin: Unsupported dependencies
If I change the scope of httpclient
to provided
, it will build but will not work in sonar as it does not have this jar in its env.
All the dependencies in httpclient
, including commons-logging
is mentioned as scope - compile
.
This is what my current pom looks like:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.plugin.sonar</groupId>
<artifactId>myPlugin</artifactId>
<!-- this is important for sonar-packaging-maven-plugin -->
<packaging>sonar-plugin</packaging>
<version>1.0</version>
<name>myPlugin</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>org.sonarsource.sonarqube</groupId>
<artifactId>sonar-plugin-api</artifactId>
<!-- minimal version of SonarQube to support. Note that the groupId was "org.codehaus.sonar" before version 5.2 -->
<version>6.7</version>
<!-- mandatory scope -->
<scope>provided</scope>
</dependency>
<!-- facing problem after adding this dependency-->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.3.6</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
<artifactId>sonar-packaging-maven-plugin</artifactId>
<version>1.18.0.372</version>
<extensions>true</extensions>
<configuration>
<pluginKey>MyCustomPlugin</pluginKey>
<pluginClass>com.plugin.sonar.MyCustomPlugin</pluginClass>
<pluginDescription>Sonar plugin of Test</pluginDescription>
</configuration>
</plugin>
</plugins>
</build>
</project>
Any suggestions, how to solve it?
Thank You
The Sonar Maven plugin contains a check that disallows commons-logging and LOG4J because SonarQube supports only SLF4J.
So what you can do is switch to SLF4J and exclude commons-logging
from the httpclient
dependency:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.3.6</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.26</version>
</dependency>