I am using SonarCloud with integrate msbuild sonar-scanner to analyse .net project.
We run sonar-scanner via AzureDevOps CI pipeline every time we do a Pull request.
We have 2 long-lived branches, master (we name it as main) and develop (we name it as dev), with a unlimited of short-lived branches that gets merged into dev periodically, and dev is planned to merge to main in future.
On SonarCloud, in the → Administation → Branches & Pull Requests section I have set the detection pattern for long-lived branches to: (main|dev)-.*
I only see the master branch main analysis. However when I run the same pipeline with dev/or any branch its not showing any analysis.
Tried out this way:
I followed SonarCloud documentation and setup this parameter sonar.branch.name=dev (This is a temporary solution I believe because SonarCloud should be able to auto detect the branches).
After using this property I see dev as short-lived branch.
Since dev is your default branch in the SCM, we believe it’s what’s being analyzed as your main branch. You should be able to simply delete the short-lived ‘dev’ branch and rename your main branch to dev..
dev and main both here are long-lived branches. why isn’t its able to detect the long lived pattern set here and create a dev branch as long-lived branch when we run analysis from dev branch?
Also I already tried the way you suggested renaming it as dev it didn’t work that way.
Yes! Initially we were facing this issue when we run the project
I tried different combinations and deleted the whole project and set it up from scratch to get it work. Its working now by running it from main branch and integrating with msbuild option
However when we rename it as dev and run from dev branch the project analysis is empty
Can you share some insights here why is it not able to take the long-lived pattern which was set at project level.
FYI we are not creating the project manually, Its setup using azuredevops ci pipeline so we had to run first analysis and later changed the default pattern to above pattern as per our project.
Thanks for the detailed explanations, I will try to help you fix this issues.
First remark, the regex you set for your long-lived branches is not correct, it should be (main|dev).
Then you should not set “sonar.branch.name=dev” when your run your dev branch analysis, if you want your dev branch to be analysed.
May I ask you to follow those steps and tell me if it fixes your issue?:
delete the short-branch analysis on SonarCloud
Modify the pattern for your long-lived branches and set it to (main|dev)
Run the analysis of your dev branch without setting sonar.branch.name property. Analysis should appear on the SonarCloud UI under long-lived branches with the flag “MAIN BRANCH”. The name will not be dev and you can rename the branch to dev.
Then you can trigger your main branch analysis, and set the property sonar.branch.name=main
Whenever you want to analyse short-lived branches (not in pull requests), you should set sonar.branch.name with your branch name
Let me know if this resolves your issue,
Thanks,
Nolwenn
Thanks for your response. I tried the following ways as specified:
delete the short-branch analysis on SonarCloud → Done
Modify the pattern for your long-lived branches and set it to (main|dev) → Done
Run the analysis of your dev branch without setting sonar.branch.name property. Analysis should appear on the SonarCloud UI under long-lived branches with the flag “MAIN BRANCH”. The name will not be dev and you can rename the branch to dev. → I did remove the property and ran from dev branch but the analysis is empty
Its not able to create multiple long lived branch’s depending on the pattern
(If I am not wrong once we set up the pattern as main|dev it must create main and dev as two separate long lived branch’s for the project and should pick up their respective analysis depending on the branch we run)
When I run from dev branch instead of main the analysis is empty as specified in above picture
Once you analyse your dev branch, and it appears as main branch on the SonarCloud UI, you should rename it before your run your main branch analysis, otherwise you get conflict with branch names and both dev and main branch analysis falls under the same branch analysis.
So renaming your MAIN BRANCH dev in SonarCloud should fix your branch’s issue.
About main branch analysis and short living branch analysis, I misslead you, you don’t need to pass sonar.branch.name property. SonarCloud extension resolves it.
About your empty analysis, is the analysis appearing on other pages (project overview and Main branch pages)? And on the Main branch → Code page, can you see your code?
“The main branch of this project is empty” message could appear because you did not set your New Code Policy (Administration → New Code). Could you please check that?
This above documentation states it creates multiple long-lived branches depending on the pattern we set at project level. I setup pattern as (main|dev) assuming that it would create a dev branch as long-lived branch whenever I run analysis from dev.
Any inputs on why it is not working here?
Renaming the main branch as dev running the analysis gives me only one possibility either I can have main or dev branch. We have 2 long lived branch’s i.e. main & dev
Let me clarify a few things about branch analysis:
The MAIN BRANCH analysis: this is the analysis of the default branch you have set up on Azure Devops side, here it is your dev branch. We don’t resolve the name of this branch, which is why it will be named “main” on SonarCloud and you should rename it to dev to match the default branch name on Azure Devops side.
The long-lived branches analysis: branches are detected based on the pattern you have defined. In your case, you can set it as “main” simply (because dev being your default branch on Azure Devops it will automatically be analysed as a long-lived branch, and be tagged as MAIN BRANCH on the SonarCloud side)
The short-lived branches analysis: all analysis of branches that are not your default branch on AzureDevops and for which the name is not following the long-lived branches pattern.
the MAIN BRANCH detected by SonarCloud is the default branch you have set up on Azure Devops side, here it is your dev branch. So whenever you run an analysis on your dev branch, the result will appear under your MAIN BRANCH analysis on sonarcloud.
So for your specific case, I recommend to delete all your branches analysis first. Then run the dev branch analysis. It will appear as the following on SonarCloud UI:
@nolwenn.cadic Thanks much for the information. It definitely made me understand how branch analysis works here.
I Performed all the above steps and was able to see multiple long lived branches however I found an issue here “The project is empty when we run from dev branch”
I see in the logs SonarScanner for .NET detected only TEST files and no MAIN files for C# in the current solution. Only TEST-code related results will be imported to your SonarQube/SonarCloud project. Many of our rules (e.g. vulnerabilities) are raised only on MAIN-code. Read more about how the SonarScanner for .NET detects test projects: https://github.com/SonarSource/sonar-scanner-msbuild/wiki/Analysis-of-product-projects-vs.-test-projects
It looks like Scanner is not able to detect your main code, it could explain why your analysis is empty. Could you please share with me your pipeline configuration file? Do you also have a sonar.properties file? If yes could you also please share it with me?
@kavya1 thanks for the pipeline config - it looks fine.
As @nolwenn.cadic suggested above, it appears that the code is being classified as test code. Unfortunately, there isn’t enough detail in the dotnet logs to confirm this.
Could you run the dotnet build step with argument -v:normal to increase the verbosity please?
The build logs should then contain additional information showing the projects are being classified by the SonarScanner for .NET. This wiki page explains how the scanner does the classification and what to look for in the logs.
I ran dotnet build step with argument “-v:normal”.
Please find attached logs here: logs_17861.zip (316.4 KB)
Please share your inputs here on what needs to be modified within the configuration for sonar to be able to pick up and scan actual code from dev branch
If you look in the logs, you’ll see that all three of your projects are being categorised as test code:
2022-11-17T19:45:49.4086585Z SonarCategoriseProject:
2022-11-17T19:45:49.4087985Z Sonar: (DataCore.csproj) Categorizing project as test or product code...
2022-11-17T19:45:49.4222287Z Sonar: (DataCore.csproj) project is evaluated as a test project based on the 'Moq' reference.
The wiki page I referred to above explains the impact this has on the analysis, and how to change how the projects are categorised.
