We’ve successfully integrated Sonarcloud analysis into our Azure DevOps build pipeline using the SonarCloudPrepare, SonarCloudAnalyze and SonarCloudPublish tasks.
We want to make the pipeline fail when the Sonarcloud Quality gate checks fail. We found the SonarCloudQualityGateCheck task which sounds like just what we need. However, when adding this task to the pipeline and running it, it fails with the following error message:
“Job Build: Step references task ‘SonarCloudQualityGateCheck’ at version ‘1.0.0’ which is not valid for the given job target.”
In the yaml file defining our pipeline, this task is set up as “- task: SonarCloudQualityGateCheck@1”. This is what the pipeline editor gui produced when adding the “SonarCloud Quality Gate status check” task. We’ve experimented with several varations of the yaml pipeline definitin script without luck. This is the yaml definition for our Build stage:
- stage: Build
jobs:
- job: Build
pool:
vmImage: 'ubuntu-latest'
variables:
buildConfiguration: 'Release'
steps:
- task: SonarCloudPrepare@1
inputs:
SonarCloud: 'sonarcloud'
organization: '<our org>'
scannerMode: 'MSBuild'
projectKey: 'orbit-portal-api'
projectName: 'orbit-portal-api'
- script: dotnet build --configuration $(buildConfiguration)
displayName: 'dotnet build $(buildConfiguration)'
- task: DotNetCoreCLI@2
inputs:
command: test
projects: '**/*Tests/*.csproj !**/*IntegrationTests/*.csproj'
arguments: '--configuration $(buildConfiguration)'
- task: SonarCloudAnalyze@1
- task: SonarCloudPublish@1
inputs:
pollingTimeoutSec: '300'
- task: SonarCloudQualityGateCheck@1
- task: Docker@2
inputs:
containerRegistry: '<our registry>'
repository: 'orbit-portal-api'
command: 'buildAndPush'
Dockerfile: '**/Dockerfile'
tags: 'dev.$(Build.BuildNumber)'
We’ve found the definition for the extension at https://github.com/SonarSource/sonar-scanner-vsts/blob/master/extensions/sonarcloud/tasks/qgstatus/new/task.json. We notice that SonarCloudQualityGateCheck has
"category": "Deploy",
"visibility": ["Release"],
whereas the three other tasks have
"category": "Build",
"visibility": ["Build"],
Inspired by this difference, we’ve tried to use the quality gate check task in a “deployment” rather than a regular “job” in our pipeline, but without any luck. Is the step intended to be a part of a Release pipeline rather than a normal/Build pipeline? Our pipeline includes both building av deployment, so we’re not using Release pipelines. And anyway, we would like to make the build fail, also in cases when there is no deployment (e.g. when building feature branches).
PS: We’ve successfully installed the Sonarcloud application in GitHub, and the status of the sonarcloud analysis shows up as a part of the pull request checks. But we’d also like to fail the build when the quality requirements are not met.
PPS: the SonarCloudPublish task adds “SonarCloud Analysis Report” to the “Extensions” tab on our pipeline status page, and it works fine. But the analysis report shows up twice on the page, like this:
SonarCloud Analysis Report
orbit-portal-api Quality Gate Passed
Detailed SonarCloud report >
SonarCloud Analysis Report
orbit-portal-api Quality Gate Passed
Detailed SonarCloud report >
The double analysis report is not a big deal, just wanted to let the Sonarcloud team know about it.
