Dotnet scanner checking PR status via bash

  • ALM used Azure DevOps
  • CI system used Azure DevOps

So I have the following commands running in a bash script to scan our projects using a linux VM as we’re building containers and the way of doing it inside the image is size prohibitive due to using a mono repo.

sudo /root/.dotnet/tools/dotnet-sonarscanner begin /o:“organization”
/k:${{ parameters.projectKey }}
/d:sonar.login=$SONAR_LOGIN_TOKEN
/d:sonar.host.url=“https://sonarcloud.io
/d:sonar.exclusions="/Migrations/" /d:sonar.verbose=“false”
/d:sonar.pullrequest.provider=vsts
/d:sonar.pullrequest.key=$PR_KEY
/d:sonar.pullrequest.branch=${PR_BRANCH:11}
/d:sonar.pullrequest.base=${PR_BASE:11}
/d:sonar.cs.opencover.reportsPaths="/*.opencover.xml"
/d:sonar.coverage.exclusions="
/obj/,**/bin/"

I did read somewhere (can’t remember where) something about using /d:sonar.qualitygate.wait=true but I get the feeling I’m still missing something as just adding that throws an error on me?

Hi @chris_trl

This property is not supported on Azure DevOps.

What are you trying to achieve ? Can you clarify a bit please ?

Thanks !

We make use of a mono repo where more than half of ours services are linux containers.
Making use of the AzDO extension forces us to use 2 agents just to build our solution and a way around that was to perform the scan within the docker but that came with it’s own problems for instance, it would require the entire repo copied to scan and then it would just sit on waiting for report on the PR.

A way around was to use the above which works great but of course doesn’t report back to AzDO if the status passed or failed sadly.

I want to be able to scan our containers and have it report back without having to resort to using multiple agents to get it done

So why do you need to report back at this build stage ? Is there a deployment triggered just after so you need to have the Quality Gate status to greenlit it ?

Mickaël

Our teams want to be able to greenlight the quality before it goes into master as we work towards deploying from trunk rather than a release branch. This means all forms of tests pass before PRs get signed off unless an exception is granted.

We enforce to do that kind of thing from a proper Pull Request, with the corresponding Build. Quality Gate status will be reported to that PR to be able to merge it safely.

On a simple build, we don’t have built-in way of doing so, so i would suggest to create a small script that will get the status of the QG for the build you’re currently executing, and fail or not the build according to.

Mickaël

Thanks, that is what I was starting to suspect. Running it all as we want using your extension is great so long as you’re not trying to do so inside the container or want to avoid using 1 agent for the scan and another for the image build itself.

You couldn’t by chance point me in the direction of something that might outline what commands I should be looking to use to request a response from your system?

So there is multiple calls to do :

After the analysis is done, you should wait for our background task to be done, you can check that by issuing a GET api call to : GET api/ce/task

Then, get the status of the quality gate by issuing a GET api call to : GET api/qualitygates/project_status

Everything is documented in this page for parameters and so on : https://sonarcloud.io/web_api/

Mickaël

Many thanks

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.