Multi job SonarCloud analysis on Azure DevOps

We are configuring our Azure DevOps pipelines by activating SonarCloud check and having few issues because of this. It is quite a big C# based solution with windows services and web application. We could not split it to smaller ones right now, so it should be working as is.
The plan was:

  • get sources from git
  • restore packages
  • activate SonarCloud scanner
  • build
  • run test and collect coverage
  • apply SonarCloud Analysis
  • publish Quality Gates
  • etc

But we are facing 60 minutes build job timeout on DevOps, so total time should be decreased.
The second idea was to split it into sequential 2 jobs:

  • Test Job
    • get sources from git
    • restore packages
    • build
    • run test and collect coverage
    • publish test and coverage results into Artifacts
  • Build Job
    • get sources from git
    • restore packages
    • activate SonarCloud scanner
    • build
    • get test and coverage results from Artifacts
    • apply SonarCloud Analysis
    • publish Quality Gates
    • etc

It is working but build time is very big - more than an hour, which is not acceptable too.
So we are having the third idea - 2 parallel and 1 sequential job:

  • Test Job in parallel
    • get sources from git
    • restore packages
    • build without Sonar
    • run test and collect coverage
    • publish test and coverage results into Artifacts
  • Build Job in parallel
    • get sources from git
    • restore packages
    • activate SonarCloud scanner
    • build with Sonar
    • publish sonar data (.sonarqube folder) into Artifacts
  • Publish Job and Build and Test jobs
    • get sources from git
    • get test and coverage results from Artifacts
    • activate SonarCloud scanner
    • get sonar data (.sonarqube folder) from Artifacts
    • apply SonarCloud Analysis
    • publish Quality Gates

It is working near 30 minutes that is ok for us and sending all data to SonarCloud according to the SonarCloudAnalyze task log.
But we do not have any data on the SonarCloud project page: zero warnings and coverage but should be 2.8k warings + coverage data as we have it inside DevOps pipeline after analysis.
Could such solution exist according to SonarCloud architecture?
Should replacing of .sonarqube folder with sonar build results after activating Sonar scanner transfer all info needed for Analysis task?
Should I transfer something more from Build with sonar job to publish results job?
How can we check why we do not have this data on the SonarCloud project page even if they were uploaded without any error?
What should I check and reconfigure more to solve this issue?

1 Like

Hi @vgubar and welcome to the community,

Sorry for the late answer.

In theory, this might work. But we are also storing some Rosly issue file in the Debug folder of each project, so you might want to include that as well in the artifact folder.

They took the form of this kind of path :

d:\\code\\VS2019\\CsNetCoreConsoleApp1\\CsNetCoreConsoleApp1\\bin\\Debug\\netcoreapp3.0\\CsNetCoreConsoleApp1.dll.RoslynCA.json

HTH,
Mickaël

Thanks! We will try to add this files

@vgubar, did you ever get this working? I have a similar need where I’d like to parallelize jobs for BuildAndTest and OWASPDependencyCheck, that fan into a finalization job that runs the sonarqube analysis. However, the amount of artifacts I’d have to manage between BuildAndTest and sonarqube analysis seems daunting and fragile at best (.sonarqube directory, and RoslynCA.json files sprinkled throughout leaf build folders not found in the finalization job without completely re-building, etc.).

@Ross_Beehler, no I did not. After a few weeks of fighting with this - we decided to skip it and provision our own agents only for this build pipeline. There were too many files to be copied and restored to special places. I hope that sonar will create such feature out of the box.

2 Likes

Thanks @vgubar. For reference, I created a topic with more specific information for my needs here: Azure Pipelines with multiple jobs splitting up build/test and sonarqube analysis.