How to solve maven provided scope issue

Question

I'm building a custom sonar plugin which is a maven project.

Sonar asks to mention it's required sonar-plugin-api dependency as scope provided. I think it's okay because it will run inside sonar container which will have this jar.

In my use case I want to add additional dependency of httpclient. If I add it under default scope, it refuses to build, throwing below error:

[ERROR] This dependency must be declared with scope <provided>: commons-logging:commons-logging:jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.364 s
[INFO] Finished at: 2019-03-05T13:52:22+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.sonar-packaging-maven-plugin:sonar-packaging-maven-plugin:1.18.0.372:check (default-check) on project myPlugin: Unsupported dependencies

If I change the scope of httpclient to provided, it will build but will not work in sonar as it does not have this jar in its env.

All the dependencies in httpclient, including commons-logging is mentioned as scope - compile.

This is what my current pom looks like:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

    <modelVersion>4.0.0</modelVersion>
    <groupId>com.plugin.sonar</groupId>
    <artifactId>myPlugin</artifactId>

    <!-- this is important for sonar-packaging-maven-plugin -->
    <packaging>sonar-plugin</packaging>

    <version>1.0</version>
    <name>myPlugin</name>

    <url>http://maven.apache.org</url>

    <dependencies>

        <dependency>
            <groupId>org.sonarsource.sonarqube</groupId>
            <artifactId>sonar-plugin-api</artifactId>
            <!-- minimal version of SonarQube to support. Note that the groupId was "org.codehaus.sonar" before version 5.2 -->
            <version>6.7</version>
            <!-- mandatory scope -->
            <scope>provided</scope>
        </dependency>

        <!-- facing problem after adding this dependency-->
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.3.6</version>
        </dependency>

    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
                <artifactId>sonar-packaging-maven-plugin</artifactId>
                <version>1.18.0.372</version>
                <extensions>true</extensions>
                <configuration>
                    <pluginKey>MyCustomPlugin</pluginKey>
                    <pluginClass>com.plugin.sonar.MyCustomPlugin</pluginClass>
                    <pluginDescription>Sonar plugin of Test</pluginDescription>
                </configuration>
            </plugin>

        </plugins>
    </build>
</project>

Any suggestions, how to solve it?

Thank You

Answer 1

The Sonar Maven plugin contains a check that disallows commons-logging and LOG4J because SonarQube supports only SLF4J.

So what you can do is switch to SLF4J and exclude commons-logging from the httpclient dependency:

    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.3.6</version>
        <exclusions>
            <exclusion>
                <groupId>commons-logging</groupId>
                <artifactId>commons-logging</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>jcl-over-slf4j</artifactId>
        <version>1.7.26</version>
    </dependency>