So I have the following commands running in a bash script to scan our projects using a linux VM as we’re building containers and the way of doing it inside the image is size prohibitive due to using a mono repo.
I did read somewhere (can’t remember where) something about using /d:sonar.qualitygate.wait=true but I get the feeling I’m still missing something as just adding that throws an error on me?
We make use of a mono repo where more than half of ours services are linux containers.
Making use of the AzDO extension forces us to use 2 agents just to build our solution and a way around that was to perform the scan within the docker but that came with it’s own problems for instance, it would require the entire repo copied to scan and then it would just sit on waiting for report on the PR.
A way around was to use the above which works great but of course doesn’t report back to AzDO if the status passed or failed sadly.
I want to be able to scan our containers and have it report back without having to resort to using multiple agents to get it done
So why do you need to report back at this build stage ? Is there a deployment triggered just after so you need to have the Quality Gate status to greenlit it ?
Our teams want to be able to greenlight the quality before it goes into master as we work towards deploying from trunk rather than a release branch. This means all forms of tests pass before PRs get signed off unless an exception is granted.
We enforce to do that kind of thing from a proper Pull Request, with the corresponding Build. Quality Gate status will be reported to that PR to be able to merge it safely.
On a simple build, we don’t have built-in way of doing so, so i would suggest to create a small script that will get the status of the QG for the build you’re currently executing, and fail or not the build according to.
Thanks, that is what I was starting to suspect. Running it all as we want using your extension is great so long as you’re not trying to do so inside the container or want to avoid using 1 agent for the scan and another for the image build itself.
You couldn’t by chance point me in the direction of something that might outline what commands I should be looking to use to request a response from your system?