Ambiguous override for "sources" property. about nx-sonarqube HOT 1 CLOSED

Hi @kiwi-33, thanks for the issue! See my responses for each issue you posted below:

It is not clear how users should override the SONAR_SOURCES / sonar.sources value, or even how this is set internally within nx-sonarqube.

Issue 1 The docs allow an "extra" property:

A key value pair for any extra sonar variable that is not included in the list above

that can be anything described in the sonar analysis scope. However, this is actually overwritten by custom logic in the plugin 😿. Request: Could you make it clear in the docs that this property can not be set via extras? Note: it can be overwritten by an env var, but I can not leverage this for my use-case because we run many nx targets together.

The plugin does not allow for overriding the sonar.sources and sonar.javascript.lcov.reportPaths from the extras property directly in this plugin, nor will it in the future. The main goal of this Nx plugin is to determine which project dependencies exist using the Nx graph capability for a given project (or affected). Using that graph, it gathers the list of sources and lcov paths to pass into the scanner for analysis. To me, overriding those two properties outside of the Nx graph scope would go against the main purpose of plugin. If you need to override those sources, then you would be better off wrapping the sonarqube-scanner npm package (the same scanner this plugin uses) with a custom script or passing an environment variable like you mentioned with some sequential ordering if you are running it for multiple projects. With that being said, you can override the sources and lcov paths to be included in the graph after it's been processed like skipping implicit dependencies (or certain projects or paths in a future PR) which is different that just overriding those properties in the scanner directly.

The extras property is for Sonar properties outside of that scope. I plan on writing documentation on this so that it is more clear. Apologies for that being convoluted; I agree the documentation could be better in that regard.

Issue 2 Additionally, my local scans never worked. When I tried to find out why, I see that this library depends on an optional property from the nx project.json. This assumes that all consumers set this value (which is not true). Request: Even if this approach using sourceRoot remains, it would be great to print an error to the console and fail the scan if this value is not set.

Thanks ❤️ (and awesome plugin 🎉 )

You are correct that the sourceRoot property is optional in configurations; I had no clue. I will change the logic here so that if ${projectRoot}/src exists, use that first, but it it doesn't to fallback to using projectRoot which is required. The rationale about defaulting to sourceRoot is because developers should only be scanning code which is being shipped to production and not the various configuration files which are typically not bundled. I will change this using this issue.

from nx-sonarqube.