Azure DevOps MultiRepo Builds with SonarQube

Hi Team,

We are using Azure DevOps YAML based builds which support MultiRepo Checkout Feature. That is a single build pipeline can have sources from Multiple Repo’s.

So here is my situation, where I have a Product A which comes from RepoA, and its supporting modules B,C,D from RepoB,RepoC,RepoD. Each module is developed by separate teams. B,C,D itself does not have any build pipelines, but gets built during CI Pipeline of A is being run.

Now I have separate different stages, for checking out B,C,D modules and building those. After which Product A is also cloned and built with B,C,D modules as supporting libraries.

YAML code for this entire pipeline is saved in RepoA.

Now when I use SonarAnalysis in each stage as part of build process, its detecting the branch of RepoA (where in which YAML code is placed) but not the correct branches of other repo, even when i have seperate build stages for each Module/repo. Let’s say

ProductA->RepoA | Branch->Release-v3.0
Module B->RepoB | Branch->Master
Module C-> RepoC | Branch->Release-v2.5
Module D-> Repo D | Branch->Release-v2.7

If I configure Sonar for branch analysis during build, its taking Release-v3.0 as the branch (Where in which YAML for pipeline is kept) for all components instead of detecting their respective branches.

I tried using sonar.branch.name in each stage pointing to different branches, but its not working. Am I missing something or is it something by Design.

I am using SonarQube version 7.9 LTS Enterprise Edition. And using latest sonarqube tasks which is published in Azure DevOps Market Place

Hi,

Welcome to the community!

My understanding is that you would like modules B, C, and D to show up as separate projects in SonarQube but all analyses overwrite A. It is the sonar.projectKey value that identifies to SonarQube which project to update. So just make sure to provide a unique value on the analysis command line for each module (-Dsonar.projectKey=moduleB).

 
HTH,
Ann

Hey Ann,

Thanks for your reply. Repositories are rather correctly identified by Azure DevOps Sonar Tasks.

However it is the branch which is not being identified correctly. It’s always defaulting to branch of Repo in which pipeline YAML code is kept.

Hi @Amal_Syed

Do you have separate SonarQube projects for each of your modules ?

Thanks.

Hi Mickael,

Yes we do have seperate projects created for each module. It works without any issue when we use seperate builds. This issue comes up only when we use Mult-Repo Checkout feature of ADO.

How many “Run Code analysis” task are you using then ? Do you commit each analysis on each separate build of your modules ?

Yes I do have multiple Sonar Analysis tasks configured in each Stage. Where in each stage, different modules are built.

Somewhat similar to below

pool:
  vmImage: 'PrivatePool'

stages:
  - stage: BuildModuleA
    jobs:
      - job: Job1  
        steps :
        - checkout: git://Project1/ModuleA
        - task: SonarQubeTaskPreAnalysis With project settings pointing to Module A
        - task: MavenBuild
        - task: SonarPostAnalysis

 - stage: BuildModuleB
    jobs:
      - job: Job1  
       steps :
       - checkout: git://Project1/ModuleB
       - task: SonarQubeTaskPreAnalysis With project settings pointing to Module B
       - task: MavenBuild
       - task: SonarPostAnalysis

PS:- Not at work now, hence sharing the approximate one.

Thanks

Thanks, i would be interested by your full config, i’ll send you a PM if you can share it privately.