Our organization is using Azure DevOps for building .NET projects and so far we successfully used SonarScanner for Azure DevOps (now has version 4.15.0) for performing analysis running our personal SonarQube server.
Now we are trying to containerize our services and build them using multi-stage Docker files. We have the following steps in the first stage of our Docker files, similar to what is recommended by Microsoft:
- Copy service’s code
- Restore the dependencies
- Declare ENTRYPOINT [“dotnet”]
As soon as the docker file is built we run unit tests by issuing "docker run … " sequentially for multiple test projects in one solution, collect test results and coverage using Azure DevOps tasks, publish it, and check the coverage thresholds.
The the problem:
Since our current builds also include SonarQube scanning we would like to do the same it in our new containerized builds too.
What has been tried:
We tried to scan our C# projects without involving MSBuild as they were java ones and managed to upload code coverage and sources successfully, but the code analysis wasn’t performed.
We could potentially include ‘sonarqube dotnet’ global tool into our Docker files and wrap the execution of our test into “dotnet sonarscanner begin” and “dotnet sonarscanner end”. But because every ‘docker run’ creates a separated context for a pair of
sonarscanner begin and
sontarscanner end and we do several results publishing during one build, I’m not sure if the results will be accumulated in the SonarQube server.