Azure Devops Marketplace Task: SonarQubeAnalyze causing pipeline failure

SonarQube
1

Now that we have our database connectivity issue resolved we have another question with regard to sonar scanner and the sonarqube service.

I have set up a service endpoint for the sonarqube service, which is running on a VM that has the necessary version of Java (11) to support Sonarqube. These Azure Devops marketplace tasks below are attempting however, to the best of my knowledge, to run the sonar scanner on the .net code on the build server and then send in the results via the service endpoint for analysis by sonarqube.

  # Prepare for Sonar Scan and Analysis
  - task: SonarQubePrepare@4
    inputs:
      SonarQube: 'SONAR_CI_CD_PIPELINE_CONNECTION'
      scannerMode: 'MSBuild'
      projectKey: 'PSH_Production_CI'
      projectName: 'PSH_Production_CI'

  # Publish PSH
  - script: 'buildpsh.bat ci'
    workingDirectory: Source
    displayName: 'Publish PSH'

  # Perform Sonar Analysis
  - task: SonarQubeAnalyze@4

The first task, SonarQubePrepare@4, runs fine and produces the following output:

##[section]Starting: SonarQubePrepare
==============================================================================
Task         : Prepare Analysis Configuration
Description  : Prepare SonarQube analysis configuration
Version      : 4.7.2
Author       : sonarsource
Help         : [More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
==============================================================================
SYSTEMVSSCONNECTION exists true
[command]C:\Agent\_work\_tasks\SonarQubePrepare_15b84ca1-b62f-4a2a-a403-89b77a063157\4.7.2\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe begin /k:PSH_Production_CI
SonarScanner for MSBuild 4.6.2
Using the .NET Framework version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
12:58:20.116  Updating build integration targets...
12:58:20.335  Fetching analysis configuration settings...
12:58:21.229  Provisioning analyzer assemblies for cs...
12:58:21.229  Installing required Roslyn analyzers...
12:58:22.345  Provisioning analyzer assemblies for vbnet...
12:58:22.345  Installing required Roslyn analyzers...
12:58:22.439  Pre-processing succeeded.
##[section]Finishing: SonarQubePrepare

However when I add in the bottom task, SonarQubeAnalyze@4, to the pipeline yaml, it causes an immediate failure with the following message:

##[Error 1]
No agent found in pool SkyBuild which satisfies the specified demands:
     DotNetFramework
     java
     Agent.Version -gtVersion 2.153.1

Apparently the build server is not configured properly to run the sonar scan – but I have no visibility into what this task is attempting to do. Am I correct in thinking that this task is attempting to:

  1. Run sonar scanner on the build server
  2. Then send in the scan artifacts via the service endpoint to the sonarqube host for analysis?

Thanks,

Steve Satterfield

2

Almost - the sonar scanner is run on the build agent, does the analysis, and uploads the results to SonarQube/SonarCloud server. The server does some post-processing and aggregation.

The scanner run executed in the Run Code Analysis step is Java-based, hence the demand for Java in the Sonar Azure extensions.

3

Hello Mr. Pocklington,

Our architect tells me that we cannot put jdk/jre 11 on our build servers because Oracle has made those paid subscriptions for commercial use. We have earlier versions of Java on those servers. Are there possibly any sonar scanner implementations
that will work with the free versions of Java?

Thank you,

Steve Satterfield

(770) 815-8061 cell/text

4

The SonarQube/Cloud Azure extensions should work with non-Oracle JDKs such as OpenJDK or the Azul Zulu JDK (which is what is installed on MS-hosted build agents).

However, you might need to manually add the java capability to your self-hosted build agents due to a bug in the MS build agent. See this thread for more information.