Doubt about pull request and sonar integration with azuredevops

moisesgomes · September 26, 2023, 4:19pm

Dears,

I integrated sonar cloud with azuredevops pipeline.

Our organization pass the steps about create a project, pat token configuration, the build pipe works, the quality gate was created at the sonar side. When the pipe run mannualy the quality gate status is ok.
We implemented a poc project test, with some cases without code coverage, the project is presenting 50% about coverage. Just to view the failed occurs.

In the quality side we configure to less than 80% the gate fail,so, when the pipe run manual, this work. In the other hand, when the pipe went by the pull request, the sonar gate integration in the azure devops always presenting the “passed” status.

I was trying so many thins up to now. Quering in the web and in this forum, but unfortanetely without success.

Folow Below how is the pipe, and the conf into sonarcloud and azuredevops

Sonarqube quality gate:
Conditions on New Code

Coverage is less than 80.0%
Duplicated Lines (%) is greater than 3.0%
Security Hotspots Reviewed is less than 100%

Conditions on Overall Code

Coverage is less than 80.0%
Unit Tests is less than 70

I also try changing this quality gate to the default

Azure devops pipeline

# ex azuredevops pipeline
pool:
  vmImage: 'ubuntu-latest'

variables:
- name: 'BROWSERSLIST_IGNORE_OLD_DATA'
  value: true
- name: 'IsPR'
  value: $[eq(variables['Build.Reason'], 'PullRequest')]
- name: 'IsScheduled'
  value: $[eq(variables['Build.Reason'], 'Schedule')]
- name: 'PRBaseBranch'

steps:
  - checkout: self
    fetchDepth: 0

  - task: SonarCloudPrepare@1
    condition: and(succeeded(), eq(variables.IsPR, 'true'))
    inputs:
      SonarCloud: XXXX
      organization: XXXX
      scannerMode: 'CLI'
      configMode: 'manual'
      cliProjectKey: XXXXX
      projectName: '$(Build.DefinitionName)'
      projectVersion: '$(Build.BuildNumber)'      
      cliSources: './php'
      extraProperties: |
        sonar.language=php
        sonar.sources=./php/src/
        sonar.tests=./php/tests/
        sonar.projectKey=XXXX
        sonar.projectName=XXXX
        sonar.organization=XXXX
        sonar.verbose=true
        sonar.log.level=DEBUG
        sonar.projectKey=XXXX
        sonar.php.tests.reportPath=./php/tests/reports/phpunit.junit.xml
        sonar.php.coverage.reportPaths=$(System.DefaultWorkingDirectory)/php/tests/reports/coverage-report.clover
        sonar.exclusions=./php/tests/**,./php/src/index.php
        sonar.pullrequest.key=$(System.PullRequest.PullRequestId)
        sonar.pullrequest.base=$(PRBaseBranch)
        sonar.pullrequest.branch=$(System.PullRequest.SourceBranch)

cmd to genererate the php testes: XDEBUG_MODE=coverage ./php/vendor/bin/phpunit -c ./php/phpunit.xml --testsuite "badtests"  --coverage-html=./php/tests/reports/clover/ --coverage-clover=./php/tests/reports/coverage-report.clover --coverage-cobertura=./php/tests/reports/COVERAGE-phpunit-cobertura.xml --log-junit=./php/tests/reports/phpunit.junit.xml || true; chmod -R 0777 ./php/tests/reports/;


  - task: PublishTestResults@2
    inputs:
      testRunner: 'JUnit' # Options: JUnit, NUnit, VSTest, xUnit
      testResultsFiles: '**/phpunit.junit.xml'
      searchFolder: '$(System.DefaultWorkingDirectory)/php/tests/reports'
      mergeTestResults: false # Optional


  - task: PublishCodeCoverageResults@1
    inputs:
      codeCoverageTool: 'Cobertura'
      summaryFileLocation: '$(System.DefaultWorkingDirectory)/php/tests/reports/COVERAGE-phpunit-cobertura.xml'
      reportDirectory: '$(System.DefaultWorkingDirectory)/_temp/cchtml'

- task: SonarCloudPrepare@1
    condition: and(succeeded(), eq(variables.IsPR, 'false'))
    inputs:
      SonarCloud: XXXX
      organization: XXXX
      scannerMode: 'CLI'
      configMode: 'manual'
      projectKey: '$(Build.DefinitionName)'
      projectName: '$(Build.DefinitionName)'
      projectVersion: '$(Build.BuildNumber)'      
      cliProjectKey: XXXX
      cliSources: './php'
      extraProperties: |
        sonar.language=php
        sonar.sources=./php/src/
        sonar.tests=./php/tests/
        sonar.projectKey=XXXX
        sonar.projectName=XXXX
        sonar.organization=XXXX
        sonar.verbose=true
        sonar.log.level=DEBUG
        sonar.projectKey=XXXX
        sonar.php.tests.reportPath=./php/tests/reports/phpunit.junit.xml
        sonar.php.coverage.reportPaths=$(System.DefaultWorkingDirectory)/php/tests/reports/coverage-report.clover
        sonar.exclusions=./php/tests/**,./php/src/index.php
        sonar.branch.name=$(Build.SourceBranchName)




  - task: SonarCloudAnalyze@1

  - task: SonarCloudPublish@1
    inputs:
      pollingTimeoutSec: '300'

The branch policy is configured with required, with the sonar pipeline and the status check to quality gate.
This runs, no problem about runs.
But when the trigger is the pull request, the quality always pass and is not blocked.

If I run mannualy the sonar shows for example:

status Failed

45.8%Coverage
80.0% required
2Unit Tests
70 required

When goes by the pull request the quality gate just pass.

Can anyone help?

Colin · September 27, 2023, 7:44am

Hey there.

In the pull request, the branch appears to be named update-azure-pipelines and 0 new lines have been detected as changed.

Is there any actual code changed in this branch, or just your azure-pipelines.yml file? What happens if you change a source code file?

moisesgomes · October 1, 2023, 10:01pm

Hello sonar team.

First of all, sorry, I have not seen the answer here.

Yes, the source branch was a test only with the pipeline file.

We test, for example, commenting a line in the code, the changed now is about one line, but the quality gate still pass.

The test is showing 45.8% estimated of coverage, but no lines to cover in the PR. The metric in the gate is apply only for new lines to cover in the specific commit and not to all inside the project each time that the pull request running?

Each pull request need a minimum number of changes ou something different?

Colin · October 2, 2023, 12:03pm

Hey there.

If you only comment out a line of code – what conditions do you expect to fail? You can’t cover a commented out line of code, so it makes sense that this code isn’t taken into account as “lines to cover”/

Yes.

moisesgomes · October 2, 2023, 1:35pm

Hello.

Ok. We was thinking that all the project was be reviewd in the pull request to identify if any new line could broke something.
If possible retains this topic open. I will test with some changes in the code and return. Thank you for the attention up to now.

moisesgomes · October 2, 2023, 3:29pm

Hey There.

Everything is ok.

It was just a matter of understanding the tool in the pull requests that we got it wrong.

Topic		Replies	Views
Azure Pull Request with SonarCloud SonarQube Cloud pull-request , azure , sonarqube-cloud	1	694	October 20, 2021
Azure DevOps Pull Request status check fails despite passed quality gate SonarQube Cloud coverage , azuredevops , sonarqube-cloud	11	3423	April 10, 2023
Azure DevOps > Branch Policies > Status Check > "SonarQube/Quality Gate" SonarQube Server / Community Build sonarqube	4	79	October 8, 2024
SonarCloud Guality Gate in pull request in Azure Devops SonarQube Cloud pull-request , dotnet , azure-devops	6	53	September 16, 2024
SonarCloud/Quality Gate Stuck in Waiting SonarQube Cloud azuredevops-services , dotnet , quality-gate	21	1034	March 3, 2025

Doubt about pull request and sonar integration with azuredevops

Related topics