I’m trying to use Bitbucket Pipe with SonarCloud pipe. The configuration from guide looks simple but it doesn’t seem to analyze my code though source codes are detected
From SonarCloud.io, my project overview says “This project is empty”
Please let me know what info I should provide cos I’m on company’s source code so I’m trying to avoid sending sensitive log for security reason
make sure that you build the project before you run the SonarCloud Scan pipe in bitbucket-pipelines.yml
if build execution and SonarCloud Scan execution are not done in the same Pipelines step, you have to explicitly define the artifacts that are produced by the build step in bitbucket-pipelines.yml so that all the subsequent Pipeline steps can even see the results of the build. You can do that by using artifacts property of a Pipelines step (here is the link to Bitbucket docs: https://confluence.atlassian.com/bitbucket/using-artifacts-in-steps-935389074.html)
Please let me know if that fixes the issue and if not I’ll investigate.
We don’t have plans to add MSBuild support in the Pipe at the moment but I opened a ticket to create an example MSBuild project that uses Bitbucket Pipelines to trigger SonarCloud analysis since we are missing that in our Bitbucket Pipelines examples.
I managed to get our particular pipeline working. The requirements were for the pipeline just to run and publish analysis of a C# .NET Core 2.2 app - the rest of the work was being done on Azure pipelines.
One issue we had was that java was not installed as we were using the microsoft/dotnet:sdk image. So I added a few additional command lines to download it - it would really have been nice to use an image that included dotnet and java so we don’t have to do this every time. We might create a custom image, but for now it’s not that big a deal.
The analysis works on all merge requests into dev in additional to all PRs
First thing I created the project manually from our designated MAIN BRANCH by running the following commands from the root of a local copy of the repo (replace the necessary properties):
dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /d:"sonar.host.url=https://sonarcloud.io"
dotnet build App.sln
dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"
If you are building a project as opposed to a solution, then I think the project file needs to include a ProjectGuid.
Here is the bitbucket-pipelines.yaml file:
NOTE: If you want to analyse multiple branches use the format {dev, master, qa} - you get the idea
image: microsoft/dotnet:sdk
pipelines:
branches:
"{dev}":
- step:
name: Running SonarCloud Analysis
services:
- docker
script:
- apt-get update
- apt-get install --yes --force-yes openjdk-8-jre
- export PATH="$PATH:/root/.dotnet/tools"
- dotnet tool install --global dotnet-sonarscanner
- dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /v:"${BITBUCKET_COMMIT}" /d:"sonar.host.url=https://sonarcloud.io"
- dotnet build App.sln
- dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"
pull-requests:
'**': #this runs as default for any branch not elsewhere defined in this script
- step:
name: Running SonarCloud Analysis
services:
- docker
script:
- apt-get update
- apt-get install --yes --force-yes openjdk-8-jre
- export PATH="$PATH:/root/.dotnet/tools"
- dotnet tool install --global dotnet-sonarscanner
- dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /v:"${BITBUCKET_COMMIT}" /d:"sonar.host.url=https://sonarcloud.io"
- dotnet build App.sln
- dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"
definitions:
services:
docker:
memory: 3072 # increase memory for docker-in-docker from 1GB to 3GB
If you get a chance to speed up the build with a custom image that includes the scanner (instead of downloading it every time I’d be very interested to use that instead. Perhaps some cache definitions in the pipeline might work just as well.
I might get around to creating a new image as, but probably not in the near future. Fingers crossed someone beats me to it - always too much to do and never enough time!
You’ve got something slightly different to my configuration - perhaps that’s the reason. I’m just guessing here as my experience in this area is somewhat limited.
Just a couple of points:
Are you running apt-get update beforehand?
Can you use what I originally posted up for the install:
apt-get install --yes --force-yes openjdk-8-jre
or have you had to modify it?
By the way, if you do get this working and can get back with some suggested improvements then I’d really appreciate it.
When I have tried using the above yml to do the code analysis for . Net in bitbucket, I’m landing with the following error:
Nothing to do. None of the projects specified contain packages to restore.
/usr/share/dotnet /sdk/2.2.207/Microsoft.common.currentversion.targets(1183,5):error MSV3644: The reference assemblies for framework “. NETFRAMEWORK, Version=4. 5” were not found. To resolve this, install the SDK or targeting pack for this framework version or retsrget your application to a version of the framework for which you have the SDK or targeting pack installed. Note that assemblies will be resolved from the global assembly cache and wi be used in place of reference assemblies.
There seems to be a version dependencies while running the. Net framework of 4.5 version.
Can you suggest how to get rid of this error… Do we have any alternative solution to run the Pipeline for 4.5 version?
Hi @dibbdob,
I’ve followed the same process by taking the above yml file,
But the build is failing with the following error:
Task “MSBUILD” execution - - FAILED
Warnings : /opt/atlasssian/agent /build/B. Sln warning : opt/atlasssian/agent /build/A/A.csproj : DATA at the root level is invalid. Line 1 position 1
opt/atlasssian/agent /build/B.sln warning: Don’t know how to handle globalsection extensibility globals, ignoring.
Would you mind share what the cmd you use for openjdk-11-jre works for you? We have tried following no luck
script:
- apt-get update
- apt-get install --yes --force-yes openjdk-11-jre
Getting this errors on bitbucket pipeline console + apt-get install --yes --force-yes openjdk-11-jre
