Background
I am running SonarQube (Dev Edition * Version 8.1 (build 31237)) from within an Azure DevOps Pipelines. This has been working well, but I have suddenly started to see the following error when doing an analysis of the master branch of an existing project:
Error
‘##[error][SQ] Task failed with status FAILED, Error message: The last analysis failed because it would have caused your server-wide lines of code total to exceed your 1000000 limit.’
SonarQube analysis on master branch is failing
However, SonarQube analysis on PR branches is working for the same code base
Why I don’t expect to see this error message
We have a 1M SonarQube Dev license and are using 711K lines (so 290K free)
The project being analysed, when last analysed on master contained 78K lines - and has not grown, so there should be plenty of space within the license
SonarQube analysis on PR branches is working for the same code base
I know the obvious answer is that I have run out of license LoC and need a larger licenses, but it seems very strange I am getting this error given the free LoC I have.
Aside from a bug in the licensing (option that I’ll keep aside until we have explored the others), the main reason for this behaviour is that the project analysis context has changed in the last scan causing the project to account for more than 290K LOC.
There can be various situations, but the most common one, is that someone changed the pipeline scan parameters, causing the SonarQube scanner to grab a lot of code that it should not (3rd party library (node modules for instance), files produced by the build process (eg XML files, minified code, generated code, etc…)
To investigate, can you share a screenshot of your project “Code” tab and the logs of your last analysis (rejected because of license overrun).
I started to get the information you requested and when checking the ‘Run Code Analysis’ log in the Azure DevOps Pipeline I can see that the last working analysis showed
INFO: 2322 files indexed
whereas the newer, failing ones, show
INFO: 5237 files indexed
I guess this is the root cause, I need to check why this has jumped as there have been no major codee changes.
I can see no obvious different is SonarQube parameters.
Both runs are using the same SonarQube version 8.1.0.
I did see that the Azure DevOps task version has jumped from 4.15.0 to 4.17.0
The only obvious log difference is that the successful run show a number of warnings in the form
WARNING: Duplicate ProjectGuid: "00000000-0000-0000-0000-000000000000". The project will not be analyzed by SonarQube. Project file: "e:\agent\_work\21\s\src\xxxx.yyy.ux\mapper.netstandard\mapper.netstandard.csproj"
I know that this would cause the project to be skipped.
My guess is that these projects are now being included, but I am not sure why as we have not added GUIDs to the project. Which I thought was the only way to fix this issue.
Has there been a change in the Azure DevOps task between 4.15.0 and 4.17.0 that could explain the inclusion of these files?
I will continue to dig into the log, but I suspect the answer is a larger LoC license or explicitly exclude the projects that have started to be included
The problem is not much that code that should not be analyzed is now analyzed, it’s the reverse: Code that was missed before (because of null ProjectGuid) is now analyzed (because of a fix in AzureDevOps extension 4.17, see PR #887 fixing Scanner for .NET issue #659.
So indeed, the real volume of code is above your license.
Since there is, to my knowledge, no way to downgrade an Azure DevOps extension, I suggest to temporarily use the SonarQube file exclusion system (sonar.exclusions property) to avoid scanning the code (C# .csproj projects) that you did not scan before, time for you to upgrade your LoC license.
But this should only be temporary. It seems to me that ultimately those projects should be analyzed.