Details
-
Bug
-
Resolution: Done
-
Critical
-
1.5.0.Final
-
None
-
False
-
False
-
Undefined
-
2021 Week 13-15 (from Mar 29)
Description
SonarCloud reporting is covering just jbpm/jbpm-flow sub-module. The reason for this is an unexpected behavior of
<sonar.exclusions>**/*</sonar.exclusions>
in integration-tests module.
As it seems the property is not scoped to the module where it's defined, but rather globally. This results in applying this exclusions to all the modules, unless the module specifies a different value (like jbpm/jbpm-flow does).
Possible workaround for this particular case (full-exclude) is to replace this exclusions setting with
(Does not resolve the issue either)
<sonar.skip>true</sonar.skip>
which is scoped to the module according to documentation: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/
For modules that require more detailed exclusions, the approach should be as defensive as possible, appending to other exclusions rather than overriding like:
(This is not a valid Maven property definition)
<sonar.exclusions>${sonar.exclusions},${project.root.dir}/integration-tests/**/*</sonar.exclusions>
And great caution should be taken when defining this, so that it does not end up in excluding things by accident (e.g. don't use src/main/java/**/* as it possibly affects all projects, try sth like **/distinctive-module-name/src/main/java/**/*, cause apparently this property is considered from top-level location).
(This should not be necessary anymore, after the "fix" from above)
Resolution
The issue gets resolved by specifying a top-level property in kogito-build-parent/pom.xml in profile sonarcloud-analysis with empty exclusions:
<sonar.exclusions></sonar.exclusions>
Now even **/* wildcards are scoped to a module.