AzureDevops pipeline reports invalid project guid for temp generated workerextensions.csproj

chaoticnadirs · May 22, 2023, 10:59am

I have a .NET solution which contains an azure function app project. When I run this AzureDevops pipeline task, I get the following error message. I have tried setting the sonar.projectBaseDir so that the temporary generated solution will be excluded, but it seems to have no effect.

  - task: SonarCloudPrepare@1
    inputs:
      SonarCloud: "SonarCloud_POC"
      organization: redacted
      scannerMode: "MSBuild"
      projectKey: ${{ parameters.sonarProjectKey }}
      projectName: ${{ parameters.projectName }}
      extraProperties: |
        sonar.projectBaseDir=$(build.SourcesDirectory)
        sonar.cs.opencover.reportsPaths=$(build.SourcesDirectory)/coverage/**/coverage.opencover.xml
        sonar.exclusions=**/packages/**,**/bin/**,**/obj/**,**/*.dll

  WorkerExtensions -> C:\Users\VssAdministrator\AppData\Local\Temp\sjcko3ut.bvd\buildout\Microsoft.Azure.Functions.Worker.Extensions.dll
##[warning]D:\a\1\.sonarqube\bin\targets\SonarQube.Integration.targets(369,5): Warning : The project does not have a valid ProjectGuid. Analysis results for this project will not be uploaded. Project file: C:\Users\VssAdministrator\AppData\Local\Temp\sjcko3ut.bvd\WorkerExtensions.csproj
D:\a\1\.sonarqube\bin\targets\SonarQube.Integration.targets(369,5): warning : The project does not have a valid ProjectGuid. Analysis results for this project will not be uploaded. Project file: C:\Users\VssAdministrator\AppData\Local\Temp\sjcko3ut.bvd\WorkerExtensions.csproj [C:\Users\VssAdministrator\AppData\Local\Temp\sjcko3ut.bvd\WorkerExtensions.csproj]

Colin · May 22, 2023, 4:19pm

Hey there.

Does this actually fail your analysis, or are you only trying to get rid of the warning?

chaoticnadirs · May 23, 2023, 8:39am

I’m trying to get rid of the warning. The analysis appears to run successfully.

Colin · May 24, 2023, 7:54am

I’ve flagged this for some attention.

Caba_Sagi · May 25, 2023, 1:52pm

Hello @chaoticnadirs

Could you please share the msbuild detailed logs ?

MsBuild.exe /t:Rebuild /v:d

or

dotnet build -v:d

Does this project have a project guid set and if yes, could you share it with us?

chaoticnadirs · June 1, 2023, 10:04am

The build logs are attached. The project that throws the warning is an auto-generated project. I don’t have the option to assign a project guid.

build-log.txt (3.1 MB)

Caba_Sagi · June 14, 2023, 12:28pm

Hello @chaoticnadirs

What I saw from the logs is that it is not us generating the invalid GUID.
It should be that the generated WorkerExtensions.csproj project for whatever reason has an invalid ProjectGuid.

Could you please provide us with the binary diagnostic level logs of the build? This should let us see the project GUID and understand what is the problem with its format.

To create the binary logs you have to use the -bl switch. For more information take a look at the documentation.

HenrikSommer-eng · February 15, 2024, 12:34pm

We have the same problem.
You can reproduce it by creating a azure functions app that run in isolated mode.

Since this have been a problem for 8 month we fixed local.
by creating a powershell script that update file: .sonarqube\bin\targets\SonarQube.Integration.targets

Like this:

$xml = [xml](Get-Content $sonarQubeIntegrationTargetsPath)
$SonarWriteProjectData = ($xml.Project.Target | Where-Object {$_.Name -eq "SonarWriteProjectData" }).PropertyGroup

$node = $xml.CreateElement("ProjectGuid", $SonarWriteProjectData.SchemaInfo.NamespaceURI)
$attribute = $xml.CreateAttribute("Condition")
$attribute.Value = @'
$(ProjectGuid) == '' AND $([System.String]::new('$(MSBuildProjectFullPath)').EndsWith('WorkerExtensions.csproj'))
'@
$node.InnerText = '{$([System.Guid]::NewGuid())}'
$node.Attributes.Append($attribute) | Out-Null

$SonarWriteProjectData.AppendChild($node) | Out-Null

$xml.Save($sonarQubeIntegrationTargetsPath)

Paul_Meems · March 6, 2024, 1:31pm

We have the same issue with a brand new .NET8 isolated function app.
SonarQube is only handling this as a warning, but we also use Fortify which sees it as an error.

I’m not sure where the origin of this error is.

Paul_Meems · March 7, 2024, 8:09am

I also asked this question at the dotnet repo and they replied very swift and explained this is really an issue with SonarQube: The project does not have a valid ProjectGuid. WorkerExtensions.csproj · Issue #99352 · dotnet/runtime · GitHub

When can we expect a solution from SonarQube?

Andrei_Epure · March 15, 2024, 11:29am

Thanks @HenrikSommer-eng and @Paul_Meems for putting this back on our plate.

We have noticed having problems with the WorkerExtensions project in sonar-scanner-msbuild/issues/1309, in the context of Azure Functions.

@Paul_Meems @HenrikSommer-eng do I understand well that in your case, the analysis is failing?

We use ProjectGuids as identifiers for the projects. As you see here, we use this in our validation process.

But for source-generated projects, anyway we should not import results at all as the files are not on disk.

We may want to transform this from a WARN to an INFO-level message for source-generated projects.

HenrikSommer-eng · March 15, 2024, 12:30pm

I can’t remember 100% but I dont think the analysis failed.
But the pipeline have warning and we only want to see warning we can do something about.

Change it to INFO-level message for source generated projects sound like a fix.

Andrei_Epure · April 3, 2024, 12:19pm

Sorry for being late.

I’ve created Log INFO level when source generated projects don't have valid GUIDs · Issue #1899 · SonarSource/sonar-scanner-msbuild · GitHub