Azure Pipelines SonarCloudPrepare@3 sonar.exclusions not working

We are using SonarQubeCloud with Azure DevOps and have been running into some issues with excluding some of our folders. This used to work well and the only other thing that changedd is the OS (ubuntu-latest now).

Is there any obvious reason?

New pipeline that doesn’t work

- task: SonarCloudPrepare@3
    timeoutInMinutes: 5
    inputs:
      SonarCloud: Sonarcloud
      organization: ourOrg
      scannerMode: dotnet
      projectKey: ourKey
      projectName: ${{ parameters.projectName }}
      ${{ if parameters.useDotNetCoverage }}:
        extraProperties: |
          sonar.exclusions="**/Migrations/**,${{ join(',',parameters.sonarcloudExclusion) }}"
          sonar.cs.vscoveragexml.reportsPaths=$(Agent.TempDirectory)/coverage.xml
          sonar.scanner.scanAll=false
          sonar.verbose=true

Funny enough our old code for this worked:

variables:
   sonarcloudExclusionString: "**/Migrations/**,${{ join(',',parameters.sonarcloudExclusion) }}"

....

- task: SonarCloudPrepare@3
  timeoutInMinutes: 5
  inputs:
    SonarCloud: "Sonarcloud"
    organization: "myOrg"
    scannerMode: "dotnet"
    projectKey: "myKey"
    projectName: "$(SonarCloudProjectName)"
    extraProperties: |
      sonar.exclusions=${{variables.sonarcloudExclusionString}}

Edit: Add ifwhich is used in the new template

Hi,

I believe this is a question of where / whether interpolation takes place.

Is there a reason you can’t keep it as a separately declared variable?

 
Ann

Hi Ann,

Yes there is a reason as this is part of a template which manages our SonarCloud calls centrally and is only a task (not a job where you would be able to have variables). This is because we have quite a few services which have special need in the CIs, however the SonarCloud steps are the same. It basically wraps around the restore, build, test and a few extra steps depending on the service.

I technically could keep it as an external variable, however this would come with major drawbacks.

The thing is that it interpolates correctly in the logs:
Excluded sources: **/build-wrapper-dump.json, **/Migrations/**,

It just doesn’t do anything and I can’t understand why.

Hi,

I have to wonder if it’s interpolated at log output (i.e by Azure).

I’ll flag this for more expert eyes.

In the meantime, for i-dotting, can you provide the full analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Thx,
Ann

Hi Ann,

Here are the logs.

I think this should not be possible. Another thing is that **/Migrations/** should be excluded even if the interpolation doesn’t occur before. However it is still counted towards coverage and analysis. I am just really confused about this behavior.

Kind Regards,
Raphael

debug.txt (328.4 KB)

1 Like

Hi,

I have done some more research on this and it really is the adding of the parameter which breaks the entire exclusion. As soon as I remove it, it works. However I need it for some of our services to be extendable like this.

Kind Regards,
Raphael

Hi Raphael,

Here’s what I see in the log:

2025-02-04T08:30:19.0664785Z sonar.exclusions="**/Migrations/**,"

Are you sure this is available to the task?

 
Ann

Hi Ann,

yes I am, however it’s almost always empty as Sonar does quite a good job at detecting generated files. As soon as I add something in the parameter it shows in the log. However even if the string is just sonar.exclusions="**/Migrations/**,"the migrations folder should be excluded, however it is not! Only if I remove the call of the parameter it excludes it, however the logs about the exclusion is 1:1 the same.

I could theoretically force it into a variable with some Powershell, however this should not be necessary as every other Task I use doesn’t break this way.

Kind Regards,
Raphael

Hi Raphael,

Could you try updating that pattern to **/Migrations/**/*?

 
Thx,
Ann

Hi Ann,

nope, still the same issue. What I am starting to notice is that as soon as I add the comma it breaks. It’s actually not the parameter, but the comma. As soon as I have a trailing comma or two values seperated by a comma it breaks.

As the old one works fine which runs on windows-latest I can only imagine it is some issue with ubuntu-latest. I guess the Task itself isn’t open-source, right?

Kind Regards,
Raphael

Hi Raphael,

Is this what you’re looking for?

 
Ann

Hi Ann,

sadly there is no v3 in there as far as I can see. So sadly I cannot debug it myself as it seems…

Kind Regards,
Raphael

You can find the latest v3 release on the repository Ann indicated:

Denis

1 Like