Bitbucket Pipe + SonarCloud + C#/.net core

sonarcloud
bitbucket
(Ansarada) #1

Hi,

I’m trying to use Bitbucket Pipe with SonarCloud pipe. The configuration from guide looks simple but it doesn’t seem to analyze my code though source codes are detected

Here is the code snippet for my pipeline

      step: &sonarcloud-scan
        name: SonarCloud Scan
        script:
          - pipe: sonarsource/sonarcloud-scan:0.1.5
            variables:
              SONAR_TOKEN: ${MY_SONARCLOUD_KEY}
              DEBUG: "true"
              EXTRA_ARGS: -Dsonar.verbose="true" -Dsonar.projectVersion=1.0.0

From SonarCloud.io, my project overview says “This project is empty”
Please let me know what info I should provide cos I’m on company’s source code so I’m trying to avoid sending sensitive log for security reason

Thanks,
Hoang

(Michal Duda) #2

Hello,
Based on the error I suggest to:

  • make sure that you build the project before you run the SonarCloud Scan pipe in bitbucket-pipelines.yml
  • if build execution and SonarCloud Scan execution are not done in the same Pipelines step, you have to explicitly define the artifacts that are produced by the build step in bitbucket-pipelines.yml so that all the subsequent Pipeline steps can even see the results of the build. You can do that by using artifacts property of a Pipelines step (here is the link to Bitbucket docs: https://confluence.atlassian.com/bitbucket/using-artifacts-in-steps-935389074.html)

Please let me know if that fixes the issue and if not I’ll investigate.

(Ansarada) #3

Hi Michal,

By “build the project before you run the SonarCloud Scan pipe”, do you mean build script to be at the same level as -pipe ?

Can you please give a sample bitbucket pipeline snippet for it? Thanks

(Michal Duda) #4

Hi Hoang,
Apologies, I missed the important part where you mention it’s C#/.net core. Unfortunately the pipe doesn’t yet work for these since they require a dedicated scanner (https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+MSBuild).

(Ansarada) #6

Hi @Michal_Duda, that’s good to know.

Is there a plan to support it? It looks to me like SonarSource can provide some sonarsource/sonarcloud-scan-msbuild docker

(Michal Duda) #8

We don’t have plans to add MSBuild support in the Pipe at the moment but I opened a ticket to create an example MSBuild project that uses Bitbucket Pipelines to trigger SonarCloud analysis since we are missing that in our Bitbucket Pipelines examples.

1 Like
(Ansarada) #9

awesome. I look forward to seeing that example code. Thanks, @Michal_Duda

2 Likes
(Dibbdob) #10

It would really help to get this example. Any idea of the timeframe for including it in your examples?

(Dibbdob) #11

I managed to get our particular pipeline working. The requirements were for the pipeline just to run and publish analysis of a C# .NET Core 2.2 app - the rest of the work was being done on Azure pipelines.

One issue we had was that java was not installed as we were using the microsoft/dotnet:sdk image. So I added a few additional command lines to download it - it would really have been nice to use an image that included dotnet and java so we don’t have to do this every time. We might create a custom image, but for now it’s not that big a deal.

The analysis works on all merge requests into dev in additional to all PRs
First thing I created the project manually from our designated MAIN BRANCH by running the following commands from the root of a local copy of the repo (replace the necessary properties):

dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /d:"sonar.host.url=https://sonarcloud.io"
dotnet build App.sln
dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"           

If you are building a project as opposed to a solution, then I think the project file needs to include a ProjectGuid.

Here is the bitbucket-pipelines.yaml file:

NOTE: If you want to analyse multiple branches use the format {dev, master, qa} - you get the idea

image: microsoft/dotnet:sdk

pipelines:
  branches:
    "{dev}":
      - step:
          name: Running SonarCloud Analysis
          services:
            - docker
          script:
            - apt-get update
            - apt-get install --yes --force-yes openjdk-8-jre
            - export PATH="$PATH:/root/.dotnet/tools"
            - dotnet tool install --global dotnet-sonarscanner
            - dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /v:"${BITBUCKET_COMMIT}" /d:"sonar.host.url=https://sonarcloud.io"
            - dotnet build App.sln
            - dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"
  pull-requests:
      '**': #this runs as default for any branch not elsewhere defined in this script
      - step:
          name: Running SonarCloud Analysis
          services:
            - docker
          script:
            - apt-get update
            - apt-get install --yes --force-yes openjdk-8-jre
            - export PATH="$PATH:/root/.dotnet/tools"
            - dotnet tool install --global dotnet-sonarscanner
            - dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /v:"${BITBUCKET_COMMIT}" /d:"sonar.host.url=https://sonarcloud.io"
            - dotnet build App.sln
            - dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"
definitions:
  services:
    docker:
      memory: 3072 # increase memory for docker-in-docker from 1GB to 3GB
1 Like
(Fabrice Bellingard) #12

Thanks a lot for contributing this! :slight_smile:
Bookmarked!