Exclusions ignored in csproj file in c# .net frameworks application.
ALM used Azure DevOps
CI system used Azure DevOps
C#
There is a requirement whereby we need to define inclusions for sonar.inclusions and sonar.test.inclusions from the Sonarcloud web console and the exclusions sonar.exclusions and sonar.test.exclusions from the csproj file.
This is a request from our developers so that can add exclusions within source control so we can track the changes. We are using a template in our yaml files so it calls multiple projects so we cannot put any information in the yaml file. This simply cannot be done not from a point of view sonarcloud won’t support it but our project won’t support it; we don’t want developers touching the yaml files.
Whats working
I have defined my inclusions in the web console as shown in the screenshot (some information is redacted):
This will exclude the other projects that scan and this works great.
Issues with exclusions
I have put this in my CSproj file of the project and these entries are not excluded from the scan. If what I’m implementing even possible? Do the csproj settings get ignored if there is something set in the gui?
Can you try a run with /d:sonar.scanner.dumpToFile=[path-to-file] on the command line to see exactly what inclusion and exclusion settings analysis is getting?
To give a bit more insight I tried switching to a local run using a self hosted agent rather than the Microsoft agents and I was watching the SonarQubeAnalysisConfig.xml file in VS. Despite trying to set sonar.exclusions doing a search in the sonarqubeanalysisconfig.xml file the property could not be found. The inclusion was included however this is from the web gui.
I’ve not been able to get a debug file to write to disk. Can you advise if this is a compatible parameter with Sonarcloud and at what stage of the DevOps pipeline it should be added? Should this be put on the Sonarcloud prepare task?
Did you add that to the begin step? Did you supply an absolute or a relative path? If the latter, can you browse through your workspace to see if the file was generated in a non-obvious location?
Its an absolute path. I’ve switched to a selfhosted run rather than a Microsoft hosted run to help diagnostics. Found the issue with the debugger not being able to write to disk and giving it another run. It was an absolute path however didn’t realise the MS build Agent didn’t have write permissions to c:\temp.
I’ll report back once I have some diagnostics. I’ll need to redact some of the log data so might take some time before posting back.
Unfortunately the debug file is too big. I won’t be able to redact it without removing the context. I can’t publicly post this either in its current state as it would breach the confidentiality agreement I signed.
To recap on the original problem, I’ve specified sonar.inclusions in the web console and attempted to put sonar.test.exclusions in the csproj file. It needs to be done this way as we want to vet what gets added into the exclusions via PR. Doing it in the yaml file isn’t feasible; we don’t want devs messing with the yaml file which may break the pipeline and the pipeline files are templated.
Original query, is it possible to have some keys declared in the web browser console and others in the csproj file. Are there any examples of exclusions being defined in a csproj file that Sonarcloud could share?
In Sonarqubeanalysis.xml it the sonar.inclusions appears in there when running my pipeline however Sonar.test.exclusions doesn’t get listed.
I have been unable to find either “key” in the debug file.
I have managed to get back onto my Sonarcloud analysis ticket full time and made some progress in my investigations. As you have informed me to put things in the “begin command” in the example below, I have managed to get keys to be read from the extra properties in the yaml file and this got things working how I wanted.
I’m back to working to see if my code coverage exclusions can be read from my CSproj file.
For information the SonarQubeAnalysisConfig.xml file this file that runs in my local AzureDevOps build agent. This gets generated by the Sonarcloud yaml tasks. (Please ignore that this is zero bytes, this is an aborted run). This seemed to pull the settings from the online console but ignore the parameters set at the “Begin” command (which I think is the SonarCloudPrepare@1 task equivalent). .
I’m not worrying about this file, its not relevant; just thought it might be useful.
I have had recent success getting some exclusions to be listed in the debug file. I’m in the process of working on the correct syntax. I’m happy for now however I’ll come back if I still have issues. Thanks for now and hope you have a good weekend.
.