AzureDevOps PR file path issue

SonarQube Cloud
1
  • ALM: Azure DevOps
  • CI: Azure DevOps
  • Scanner command used: dotnet
  • Languages: c#, TypeScript, JavaScript

Hello,

I have a repository with multiple dotnet solutions and want to build them individually. These services also contains some typescript and javascript.

Structure of the git repository:

/src/Pipelines/
/src/services/ScExampleService
/src/services/ScExample1Service
/src/services/ScExample2Service
/src/Pipelines/Pipeline.yml

Each solution is mapped to a project in sonar qube cloud and I only like to see the code for each solution in the project it belongs to, so for the SonarQube Prepare step I use the “sonar.projectBaseDir” property

I have added a PAT token for AzureDevOps to the project in SC

- task: SonarCloudPrepare@3
  displayName: "SonarQube Cloud Prepare"
  inputs:
    SonarCloud: SonarCloud
    organization: XXX
    scannerMode: 'dotnet'
    projectKey: some_key
    projectName: SonarCloudTest
    projectVersion: "$(Build.BuildNumber)"
    extraProperties: |
      sonar.projectBaseDir=$(Pipeline.Workspace)/s/src/Services/ScExampleService
      sonar.verbose=true

When I then create a Pull Request and have an issue in that which is found by the scanner, then the PR is decorated with an issue that is relative to the project folder and therefore not mapped correctly in AzureDevOps, example from the PR:

[MyClass.cs]
/ScExampleService/MyClass.cs

This file no longer exists in the latest pull request changes. It may have been moved or deleted.

How can I make sure that the dotnet scanner only scans the project which is build and still be able to have PR comments that points correctly to the file?

I feel I am missing something basic here, can you advise?

Full pipeline steps:

- task: UseDotNet@2
  displayName: 'Install .NET Core SDK'
  inputs:
    version: 8.x

- task: SonarCloudPrepare@3
  displayName: "SonarQube Cloud Prepare"
  inputs:
    SonarCloud: SonarCloud
    organization: XXX
    scannerMode: 'dotnet'
    projectKey: some_key
    projectName: SonarCloudTest
    projectVersion: "$(Build.BuildNumber)"
    extraProperties: |
      sonar.projectBaseDir=$(Pipeline.Workspace)/s/src/Services/ScExampleService
      sonar.verbose=true

- task: DotNetCoreCLI@2
  inputs:
    command: 'restore'
    projects: '$(Pipeline.Workspace)/s/src/Services/ScExampleService/**/*.csproj'

- task: DotNetCoreCLI@2
  displayName: Build
  inputs:
    command: build
    projects: '$(Pipeline.Workspace)/s/src/Services/ScExampleService/**/*.csproj'
    arguments: '--configuration $(buildConfiguration)'

- task: SonarCloudAnalyze@3
  displayName: "SonarQube Cloud Analyze"
  inputs:
    jdkversion: 'JAVA_HOME_17_X64'

- task: SonarCloudPublish@3
  displayName: "SonarQube Cloud Publish"
  inputs:
    pollingTimeoutSec: '30'

Thanks
Mikkel

1 Like
2

Hi @Mikkel

Did the setup use to work with a previous version of the extension?

Denis

3

Hi @denis.troller

Yes working like this on “@2” but only for windows build agents, I learned today.

This pipeline:

pool:
  vmImage: windows-latest

variables:
  buildConfiguration: 'Release'

trigger: none

steps:
- checkout: self
  fetchDepth: 0

- task: UseDotNet@2
  displayName: 'Install .NET Core SDK'
  inputs:
    version: 8.x

- task: SonarCloudPrepare@2
  displayName: "SonarCloud Prepare"
  inputs:
    SonarCloud: SonarCloud
    organization: XXX
    scannerMode: 'MSBuild'
    projectKey: some_key
    projectName: SonarCloudTest
    projectVersion: "$(Build.BuildNumber)"
    extraProperties: |
      sonar.verbose=true

- task: DotNetCoreCLI@2
  inputs:
    command: 'restore'
    projects: 'src/Services/ScExampleService/ScExampleService.sln'

- task: DotNetCoreCLI@2
  displayName: Build
  inputs:
    command: build
    projects: 'src/Services/ScExampleService/ScExampleService.sln'
    arguments: '--configuration $(buildConfiguration)'

- task: SonarCloudAnalyze@2
  displayName: "SonarQube Cloud Analyze"
  inputs:
    jdkversion: 'JAVA_HOME_17_X64'

- task: SonarCloudPublish@2
  displayName: "SonarQube Cloud Publish"
  inputs:
    pollingTimeoutSec: '30'

That one results in a PR decoration with the correct path, so ADO can show the code snippet where the issues is.

I think I have reached a version that does the same in version 3

I drop the use of ProjectBaseDir and use scanAll=false instead.

- task: SonarCloudPrepare@3
  displayName: "SonarQube Cloud Prepare"
  inputs:
    SonarCloud: SonarCloud
    organization: XXX
    scannerMode: 'dotnet'
    projectKey: some_key
    projectName: SonarCloudTest
    projectVersion: "$(Build.BuildNumber)"
    extraProperties: |
      sonar.verbose=true
      sonar.scanner.scanAll=false

As I understand the documentation then it will also scan JS/TS files as long as they are below my csproj file in the file system and not explicite excluded in the csproj file.

Is this the intented way to use the scanner in version 3?

Thank you
Mikkel

4

OK, there’s quite a bit here that seems strange.

Could we get the (redacted) verbose logs of both a successful and unsuccessful analysis? That would help us understand what is going on…

Denis