sonar-findbugs icon indicating copy to clipboard operation
sonar-findbugs copied to clipboard

Published 20 hours ago verified publisher icon spotbugs

Cannot find pre compiled JSP with Branch Community Plugin

Open gtoison opened this issue 3 years ago • 5 comments

Only fails when Findbugs is ran with the next vars declarated: -Dsonar.pullrequest.key=$CI_MERGE_REQUEST_IID -Dsonar.pullrequest.branch=$CI_COMMIT_REF_NAME -Dsonar.pullrequest.base=develop

If these vars are not declared, it doesn't fail.

These vars are related to Branch Community Plugin.

My logs:

96036 [INFO] Findbugs plugin version: 4.2.1
96042 [WARNING] JSP files were found in the current (sub)project (/builds/[...]-web) but FindBugs requires their precompiled form. For more information on how to configure JSP precompilation : https://github.com/find-sec-bugs/find-sec-bugs/wiki/JSP-precompilation
96053 [WARNING] Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your (sub)project (/builds/[...]-web).
96058 [WARNING] Access to the multi-values/property set property 'sonar.java.binaries' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
96104 [INFO] ------------------------------------------------------------------------
96104 [INFO] Reactor Summary for [...] develop-SNAPSHOT:
96104 [INFO] 
96104 [INFO] [...] ................................ FAILURE [ 34.266 s]
96105 [INFO] ------------------------------------------------------------------------
96105 [INFO] BUILD FAILURE
96105 [INFO] ------------------------------------------------------------------------
96105 [INFO] Total time:  01:31 min
96105 [INFO] Finished at: 2022-09-20T08:09:33Z
96105 [INFO] ------------------------------------------------------------------------
96106 [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project comerzzia-bricoking: Can not execute Findbugs: One (sub)project contains Java source files that are not compiled (/builds/[...]-web).
96106 [ERROR] sonar.java.binaries was set to /builds/[...]/target/classes
96106 [ERROR] Sonar JavaResourceLocator.classFilesToAnalyze was empty

Originally posted by @eirisdg in https://github.com/spotbugs/sonar-findbugs/issues/661#issuecomment-1252040855

gtoison avatar Sep 20 '22 14:09 gtoison

Hello @eirisdg are the JSP sources compiled into .class files and are they in folder /builds/[...]/target/classes ? I'm asking because I see that in your logs:

96106 [ERROR] sonar.java.binaries was set to /builds/[...]/target/classes

SpotBugs needs the .class files because it analyses the compiled bytecode, not the source files. So when it finds sources files but not class files it throws that error.

I don't know or use the Branch Community Plugin, any idea what might be causing the problem?

gtoison avatar Sep 20 '22 14:09 gtoison

Hello @gtoison.

Yes, the classes are in the folder.

It's strange, because if I don't set the vars related to branch plugin, the SpotBugs scanner works well. In the same way that if I disable the spotbug plugin, the scanner works well.

I don't know why, but definitely is related to some incompatibility with this plugin: https://github.com/mc1arke/sonarqube-community-branch-plugin I can't try with payment version sonar that supports branches by default if the error is present there to.

eirisdg avatar Sep 20 '22 17:09 eirisdg

I looked into it and I have no idea what might be causing the problem: the plugin uses Sonar's built-in JavaResourceLocator to get the .class files: https://github.com/spotbugs/sonar-findbugs/blob/80706d2cb99872f35ce26e581cfc26474aa7da42/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java#L295

So my best guess would be that during Pull Request analysis sonar's JavaResourceLocator behaves differently and maybe only returns the class files corresponding to modified sources?

It will be hard for me to investigate this if I'm not able to reproduce the problem; would you be able to debug it on your end? I'd like to know what's happening inside https://github.com/spotbugs/sonar-findbugs/blob/80706d2cb99872f35ce26e581cfc26474aa7da42/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java#L273

You can debug the maven build using mvnDebug instead of mvn and then attach a remote debugger to it

gtoison avatar Sep 21 '22 07:09 gtoison

I looked into it and I have no idea what might be causing the problem: the plugin uses Sonar's built-in JavaResourceLocator to get the .class files:

https://github.com/spotbugs/sonar-findbugs/blob/80706d2cb99872f35ce26e581cfc26474aa7da42/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java#L295

So my best guess would be that during Pull Request analysis sonar's JavaResourceLocator behaves differently and maybe only returns the class files corresponding to modified sources?

It will be hard for me to investigate this if I'm not able to reproduce the problem; would you be able to debug it on your end? I'd like to know what's happening inside

https://github.com/spotbugs/sonar-findbugs/blob/80706d2cb99872f35ce26e581cfc26474aa7da42/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java#L273

You can debug the maven build using mvnDebug instead of mvn and then attach a remote debugger to it

I would like to know how to debug it, but I'm not developer, only SRE. :/

eirisdg avatar Sep 21 '22 07:09 eirisdg

I tried reproducing the problem but could not so far I think you need to give me more information here and ideally a small project (plus setup instructions) so I can reproduce What version or sonarqube are you using?

gtoison avatar Sep 23 '22 20:09 gtoison

This should be fixed in version 4.2.3 (just released) Note that the fix needs the SonarQube version to be >= 9.8

gtoison avatar Feb 12 '23 11:02 gtoison