AzureDevOps “SonarCloud/quality gate” status check is not being updated in the pull requests

SonarQube Cloud
, ,
1

We have a SonarQube enterprise plan, we have a policy in master branch that waits for the status check of “SonarCloud/quality gate” in AzureDevops with
SonarQube Cloud extension. The PR cannot be merged until this status has green state. We are using dotnet sonarscanner begin&end commands in our build scripts.

I can see the quality gate result in SonarCloud, but it is not reporting back to the PR in DevOps, thus the PR is stuck with the quality gate status check in “Waiting”.

Our organisational level PAT has Code (Read & Write) permissions. And there are no project level PATs.

2

Hi,

Welcome to the community!

I need to ask a dumb question: do you have the Publish Quality Gate Result task in your pipeline?

 
Thx,
Ann

3

Hi Ann,
Thank you.

It’s not a dumb question at all. We don’t use the tasks that come with the extension.
We run the dotnet sonarscanner begin and end commands before and after dotnet build and test. This setup has been working for us, but it recently stopped functioning as expected.

4

Hi,

What mechanism are you using to retrieve the Quality Gate status, and make the pipeline wait until it’s actually available?

We could be looking at latency if it used to work but stopped. Quality Gate status isn’t calculated synchronously. The CI submits the analysis report to the server, which queues it and processes it in turn. A small change in the turnaround time could be the difference you’re seeing.

 
Ann

5

At the Azure DevOps side, we have a status check policy on the master branch that requires the status genre SonarCloud and the status name quality gate. As I understand it, SonarCloud is supposed to set this status in Azure DevOps once the quality gate result is calculated on its side.
However, on the Azure DevOps side, the status is never updated and remains stuck in Waiting.

6

Hi,

Can you share either your pipeline code or a screenshot of this?

 
Thx,
Ann

7

Master branch policy’s status check

branch-policy
branch-policy1080×1089 73.7 KB

Stuck pipeline

pipenline-stuck
pipenline-stuck1709×590 47.6 KB

Build script’s sonar steps

echo "Starting SonarScanner..."

dotnet sonarscanner begin \
  /o:topkapi-as \
  /v:${version} \
  /d:sonar.exclusions="**/*.Repository/Migrations/**/*,**/docs/**" \
  ${sonarCmdAddition} \
  /k:${sonar_project} \
  /d:sonar.host.url=https://sonarcloud.io \
  /d:sonar.token=${sonar_pat} \
  /d:sonar.verbose=true

if [ $? -ne 0 ]; then
    echo "❌ Error"
    exit 1
fi

echo "Starting Build..."
dotnet build --no-restore

if [ $? -ne 0 ]; then
    echo "❌ Error"
    exit 1
fi

echo "Starting Tests..."
dotnet test --no-build --no-restore --results-directory testresults \
    --logger trx \
    --collect:"XPlat Code Coverage;Format=Cobertura,opencover" \
    -p:CollectCoverage=true \
    -p:CoverletOutputFormat=cobertura \
    -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Exclude=[*]*Migrations*

echo "Finishing SonarScanner analysis..."
dotnet sonarscanner end /d:sonar.token=${sonar_pat}

At build logs we see that sonarscanner end command is successfully sending results to Sonarcloud as well.

09:59:30.907  INFO: QUALITY GATE STATUS: PASSED - View details on https://sonarcloud.io/dashboard?id=topkapi-as_platform.order&pullRequest=119278
09:59:30.98  INFO: Analysis total time: 30.130 s
09:59:30.981  INFO: SonarScanner Engine completed successfully
09:59:31.344  The scanner engine has finished successfully
09:59:31.344  Post-processing succeeded.
Finishing v2 SonarScanner analysis...
✅ Tests and Quality Gate passed successfully
8

Hi,

Thanks for those details. I’m not sure where to go from here. I’m going to flag this for more expert eyes.

 
Ann

10

Thank you Ann.

I am assuming that Sonarcloud is responsible for setting the AzureDevops’s SonarCloud quality gate. Am I right?
Can we check the Sonarcloud logs about this process?

16

We checked our decoration service logs for your project and found the issue. The ADO binding has the configuration values stored with surrounding single-quote characters — the instance URL is stored as ‘Azure DevOps Services | Sign In’ (note the leading '), which our URL validator rejects, so the decoration step never runs.

"Invalid instance url to decorate the Azure DevOps pull request:
     AzureDevOpsSettings{
       instanceUrl=''https://dev.azure.com/topkapi-as/'',
       projectName=''platform.order'',
       repository=''platform.order'',
     }"

To fix it, go to your project re-save the ADO configuration. Make sure the values (instance URL, project name, repository) are entered without surrounding quotes — just the bare values, e.g. Azure DevOps Services | Sign In and platform.order.

The PAT itself is fine, so no changes needed there.

18

I’ve created SONAR-27353 on our side to validate the settings on create/update instead of scan time.

1 Like
20

Hi Costin,

Thank you for your reply. Do you want me to rebind the project from the Sonarcloud.io dashboard under Administration > General Settings > Repository binding?

It seems like the repository list is populated via the organization binding. Keep in mind that we have about a hundred projects, so I want to make sure this is the right approach.

project-binding
project-binding1614×697 86.7 KB

24

Hi @ibrahim,

Thanks for your patience while we investigated this.

Could you please check your pipeline configuration? It is very likely that these wrong values are provided to the scanner in your build scripts.

Please look for parameters like:
sonar.pullrequest.vsts.instanceUrl=
sonar.pullrequest.vsts.project=
sonar.pullrequest.vsts.repository=

If needed, you can also use the sonar.verbose property that will enable debug logging level for the scanner.

1 Like
25

Hi Costin,
Here is the sonarscanner line from the build script

dotnet sonarscanner begin \
  /o:topkapi-as \
  /v:${version} \
  /d:sonar.exclusions="**/*.Repository/Migrations/**/*,**/docs/**" \
  ${sonarCmdAddition} \
  /k:${sonar_project} \
  /d:sonar.host.url=https://sonarcloud.io \
  /d:sonar.token=${sonar_pat} \
  /d:sonar.verbose=true \
  /d:sonar.qualitygate.wait=true \
  /d:sonar.qualitygate.timeout=300

I added the following lines right after

echo "Sonarscanner sonar project key: ${sonar_project}"
echo "sonarCmdAddition: ${sonarCmdAddition}"

Sonarscanner sonar project key: topkapi-as_platform.order
sonarCmdAddition: /d:sonar.pullrequest.provider=vsts /d:sonar.pullrequest.vsts.instanceUrl='https://dev.azure.com/topkapi-as/' /d:sonar.pullrequest.vsts.project='platform.order' /d:sonar.pullrequest.vsts.repository='platform.order' and more keys

I removed the single quotes and quality gate passed.
Thank you for your patience and help with our issue.

2 Likes
27

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.