SonarQube 5.6 / sonar-packaging-maven-plugin : Missing Guava dependency (ClassNotFoundException)

[philipp...@gmail.com]

The initial symptom is that I cannot start SonarQube 5.6 with the FindBugs plugin.

<<<

java.lang.IllegalStateException: Fail to load plugin Findbugs [findbugs]

at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:74) ~[sonar-server-5.6.jar:na]

[...]

at java.lang.Thread.run(Unknown Source) [na:1.8.0_91]

Caused by: java.lang.NoClassDefFoundError: com/google/common/collect/ImmutableList

at org.sonar.plugins.findbugs.FindbugsPlugin.getExtensions(FindbugsPlugin.java:34) ~[na:na]

at org.sonar.api.SonarPlugin.define(SonarPlugin.java:51) ~[sonar-plugin-api-5.6.jar:na]

at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:64) ~[sonar-server-5.6.jar:na]

... 15 common frames omitted

Caused by: java.lang.ClassNotFoundException: com.google.common.collect.ImmutableList

at org.sonar.classloader.SelfFirstStrategy.loadClass(SelfFirstStrategy.java:41) ~[sonar-classloader-1.0.jar:na]

at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87) ~[sonar-classloader-1.0.jar:na]

at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76) ~[sonar-classloader-1.0.jar:na]

... 18 common frames omitted

>>>

The ImmutableList type is part of Guava. It is inherited from : "org.sonarsource.sslr-squid-bridge:sslr-squid-bridge:jar:2.6.1:compile"

Attempt #1

Even if I explicitly specify it in my pom.xml, I see that it is ignored by the sonar-packaging-maven-plugin.

[WARNING] com.google.guava:guava:jar:10.0.1:compile is provided by SonarQube plugin API and will not be packaged in your plugin.

Attempt #2

If I exclude the transitive dependency, it avoid the check by the sonar-packaging-maven-plugin. Not very elegant so far :/ ..

I also see this warning regarding xstream dependency. It is also causing problems because it does not appear to be provided. I also don't see xstream in the transitive dependencies from sonar-plugin-api.

[WARNING] com.thoughtworks.xstream:xstream:jar:1.4.9:compile is provided by SonarQube plugin API and will not be packaged in your plugin.

Trying to understand the bigger problem..

I am suspecting either ...

 - I have used the wrong dependencies

 - SonarQube has problems related to bootstraping or handling the provided dependencies

 - The sonar-packaging-maven-plugin has unexpected behavior.

+++

For reference, here is the complete dependency tree.

$ mvn dependency:tree

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ sonar-findbugs-plugin ---

[INFO] org.sonarsource.sonar-findbugs-plugin:sonar-findbugs-plugin:sonar-plugin:3.4-SNAPSHOT

[INFO] +- com.google.code.findbugs:findbugs:jar:3.0.1:compile

[INFO] |  +- com.google.code.findbugs:jsr305:jar:2.0.1:compile

[INFO] |  +- com.google.code.findbugs:bcel-findbugs:jar:6.0:compile

[INFO] |  +- com.google.code.findbugs:jFormatString:jar:2.0.1:compile

[INFO] |  +- dom4j:dom4j:jar:1.6.1:compile

[INFO] |  +- org.ow2.asm:asm-debug-all:jar:5.0.2:compile

[INFO] |  +- org.ow2.asm:asm-commons:jar:5.0.2:compile

[INFO] |  |  \- org.ow2.asm:asm-tree:jar:5.0.2:compile

[INFO] |  |     \- org.ow2.asm:asm:jar:5.0.2:compile

[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile

[INFO] |  \- jaxen:jaxen:jar:1.1.6:compile

[INFO] +- org.sonarsource.sslr-squid-bridge:sslr-squid-bridge:jar:2.6.1:compile

[INFO] |  +- org.codehaus.sonar.sslr:sslr-core:jar:1.20:compile

[INFO] |  +- org.codehaus.sonar.sslr:sslr-xpath:jar:1.20:compile

[INFO] |  +- org.codehaus.sonar:sonar-plugin-api:jar:4.5.1:compile

[INFO] |  |  +- org.codehaus.sonar:sonar-check-api:jar:4.5.1:compile

[INFO] |  |  +- org.codehaus.sonar:sonar-colorizer:jar:4.5.1:compile

[INFO] |  |  |  \- org.codehaus.sonar:sonar-channel:jar:4.1:compile

[INFO] |  |  +- org.codehaus.sonar:sonar-duplications:jar:4.5.1:compile

[INFO] |  |  +- org.codehaus.sonar:sonar-graph:jar:4.5.1:compile

[INFO] |  |  +- org.hibernate:hibernate-annotations:jar:3.4.0.GA:compile

[INFO] |  |  |  +- org.hibernate:ejb3-persistence:jar:1.0.2.GA:compile

[INFO] |  |  |  \- org.hibernate:hibernate-commons-annotations:jar:3.1.0.GA:compile

[INFO] |  |  +- commons-configuration:commons-configuration:jar:1.6:compile

[INFO] |  |  |  \- commons-collections:commons-collections:jar:3.2.1:compile

[INFO] |  |  +- commons-codec:commons-codec:jar:1.8:compile

[INFO] |  |  \- xpp3:xpp3:jar:1.1.3.3:compile

[INFO] |  +- org.picocontainer:picocontainer:jar:2.14.1:compile

[INFO] |  \- org.slf4j:jcl-over-slf4j:jar:1.5.6:compile

[INFO] +- org.slf4j:slf4j-api:jar:1.7.21:provided

[INFO] +- com.google.guava:guava:jar:10.0.1:compile

[INFO] +- com.google.code.findbugs:annotations:jar:3.0.1:compile

[INFO] |  \- net.jcip:jcip-annotations:jar:1.0:compile

[INFO] +- com.mebigfatguy.fb-contrib:fb-contrib:jar:6.2.3:provided

[INFO] +- com.h3xstream.findsecbugs:findsecbugs-plugin:jar:1.4.4:provided

[INFO] +- com.thoughtworks.xstream:xstream:jar:1.4.9:compile

[INFO] |  +- xmlpull:xmlpull:jar:1.1.3.1:compile

[INFO] |  \- xpp3:xpp3_min:jar:1.1.4c:compile

[INFO] +- org.sonarsource.sonarqube:sonar-plugin-api:jar:5.6:provided

[INFO] |  +- org.codehaus.woodstox:woodstox-core-lgpl:jar:4.4.0:compile

[INFO] |  |  \- javax.xml.stream:stax-api:jar:1.0-2:compile

[INFO] |  +- org.codehaus.woodstox:stax2-api:jar:3.1.4:compile

[INFO] |  \- org.codehaus.staxmate:staxmate:jar:2.0.1:compile

[INFO] +- org.codehaus.sonar-plugins.java:sonar-java-plugin:jar:3.2:provided

[INFO] |  +- org.codehaus.sonar-plugins.java:java-surefire:jar:3.2:provided

[INFO] |  +- org.codehaus.sonar-plugins.java:java-jacoco:jar:3.2:provided

[INFO] |  |  \- org.jacoco:org.jacoco.core:jar:0.7.1.201405082137:provided

[INFO] |  +- org.codehaus.sonar-plugins.java:java-squid:jar:3.2:provided

[INFO] |  |  +- org.codehaus.sonar.sslr-squid-bridge:sslr-squid-bridge:jar:2.6:provided

[INFO] |  |  \- cglib:cglib-nodep:jar:3.1:provided

[INFO] |  \- org.codehaus.sonar-plugins.java:java-checks:jar:3.2:provided

[INFO] +- org.apache.maven:maven-project:jar:2.2.1:provided

[INFO] |  +- org.apache.maven:maven-settings:jar:2.2.1:provided

[INFO] |  +- org.apache.maven:maven-profile:jar:2.2.1:provided

[INFO] |  +- org.apache.maven:maven-model:jar:2.2.1:provided

[INFO] |  +- org.apache.maven:maven-artifact-manager:jar:2.2.1:provided

[INFO] |  |  +- org.apache.maven:maven-repository-metadata:jar:2.2.1:provided

[INFO] |  |  +- org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-6:provided

[INFO] |  |  \- backport-util-concurrent:backport-util-concurrent:jar:3.1:provided

[INFO] |  +- org.apache.maven:maven-plugin-registry:jar:2.2.1:provided

[INFO] |  +- org.codehaus.plexus:plexus-interpolation:jar:1.11:provided

[INFO] |  +- org.codehaus.plexus:plexus-utils:jar:1.5.15:provided

[INFO] |  +- org.apache.maven:maven-artifact:jar:2.2.1:provided

[INFO] |  \- org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:provided

[INFO] |     \- classworlds:classworlds:jar:1.1-alpha-2:provided

[INFO] +- junit:junit:jar:4.12:test

[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test

[INFO] +- org.mockito:mockito-all:jar:1.10.19:test

[INFO] +- org.easytesting:fest-assert:jar:1.4:test

[INFO] |  \- org.easytesting:fest-util:jar:1.1.6:test

[INFO] +- org.sonarsource.sonarqube:sonar-testing-harness:jar:5.6:test

[INFO] |  +- org.assertj:assertj-core:jar:3.4.1:test

[INFO] |  +- org.assertj:assertj-guava:jar:3.0.0:test

[INFO] |  +- com.googlecode.json-simple:json-simple:jar:1.1.1:test

[INFO] |  +- com.google.code.gson:gson:jar:2.3.1:test

[INFO] |  +- com.tngtech.java:junit-dataprovider:jar:1.9.2:test

[INFO] |  +- org.hamcrest:hamcrest-all:jar:1.3:test

[INFO] |  +- org.mockito:mockito-core:jar:1.10.19:test

[INFO] |  |  \- org.objenesis:objenesis:jar:2.1:test

[INFO] |  \- commons-io:commons-io:jar:2.4:compile

[INFO] +- xmlunit:xmlunit:jar:1.6:test

[INFO] \- org.sonarsource.sonarqube:sonar-plugin-api:test-jar:tests:5.6:test

[Simon Brandhof]

Which version of sonar-packaging-m-p do you use ?

On Wed, 8 Jun 2016 at 09:06 Victor Noël <victo...@gmail.com> wrote:

I've seen this problem in another maven plugin, it may be related to Maven itself stopping to provide that dependency when it was before…

Easier is to add it as an explicit compile dependency of the plugin (so it's a job for sonarqube :).

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/8ae673a2-4a77-4efb-8a64-c9222eb0c6fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Simon BRANDHOF | SonarSource
Tech Lead & Co-Founder
http://twitter.com/SimonBrandhof

[philipp...@gmail.com]

Version 1.16

[otar...@stratio.com]

I have the same problem (with the same version of sonar-packaging). Please, give some solution. 

[Simon Brandhof]

The problem comes from the change of groupId of API (due to shutdown of Codehaus). You should exclude the transitive dependency org.codehaus.sonar:sonar-plugin-api of org.sonarsource.sslr-squid-bridge:sslr-squid-bridge.

Note that I think that child-first classloader strategy can be disabled now. Just remove https://github.com/SonarQubeCommunity/sonar-findbugs/blob/master/pom.xml#L277.

Regards

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/b8f41722-0021-4a0b-9753-cc8337720762%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[philipp...@gmail.com]

Ok I am trying this (The exclusion on sonar-plugin-api) I need to do a more migrations due to API changes.

<dependency>
  <groupId>org.sonarsource.sslr-squid-bridge</groupId>
  <artifactId>sslr-squid-bridge</artifactId>
  <version>2.6.1</version>
  <exclusions>

    <exclusion>
      <groupId>org.codehaus.sonar</groupId>
      <artifactId>sonar-plugin-api</artifactId>
    </exclusion>

    [..]
  </exclusions>
</dependency>

[philipp...@gmail.com]

The packaging seems to be fixed with this.

Thanks a lot Simon.