.NET C# containerized build analysis

Get help SonarQube
, , ,
#1

The environment:
Our organization is using Azure DevOps for building .NET projects and so far we successfully used SonarScanner for Azure DevOps (now has version 4.15.0) for performing analysis running our personal SonarQube server.

Now we are trying to containerize our services and build them using multi-stage Docker files. We have the following steps in the first stage of our Docker files, similar to what is recommended by Microsoft:

  1. Copy service’s code
  2. Restore the dependencies
  3. Declare ENTRYPOINT [“dotnet”]

As soon as the docker file is built we run unit tests by issuing "docker run … " sequentially for multiple test projects in one solution, collect test results and coverage using Azure DevOps tasks, publish it, and check the coverage thresholds.

The the problem:
Since our current builds also include SonarQube scanning we would like to do the same it in our new containerized builds too.

What has been tried:
We tried to scan our C# projects without involving MSBuild as they were java ones and managed to upload code coverage and sources successfully, but the code analysis wasn’t performed.

We could potentially include ‘sonarqube dotnet’ global tool into our Docker files and wrap the execution of our test into “dotnet sonarscanner begin” and “dotnet sonarscanner end”. But because every ‘docker run’ creates a separated context for a pair of sonarscanner begin and sontarscanner end and we do several results publishing during one build, I’m not sure if the results will be accumulated in the SonarQube server.

1 Like
#2

Hi @sanis . Welcome to our community and please accept our apologies for the late answer.

You can read here about the integration with MSBuild and our analysis. Our Roslyn analyzers are being ran by MSBuild during the build. Then they store the results on disk, and during the end step, the SQ C# plugin reads those results and pushes them to :sonarqube:/:sonarcloud:.

If you use the same project key, they’ll be overwritten.

#3

Hello @sanis
in addition to @Andrei_Epure inputs, I may had that what you are trying to achieve (having multiple docker containers run for your tests of a single solution build, and getting their results aggregated by the scanner for the corresponding SonarQube project) is not impossible, it’s just rather complex :slight_smile:

As Andrei mentioned, the analysis is the results of three steps (begin, build and end), which therefore must sit within the same docker container (except if you are willing to make things even more difficult).
The end step is the one that gathers and compute the coverage files. After the build and before the end step, you can therefore run any number of docker containers for your solution tests and gather the coverage results together with those conditions:

  • each coverage file is in a format known to the analyzer and set for the analysis accordingly
  • the paths to source files in those reports are the same as the build ones or you’ll need to script some paths ‘translations’.

Docker volumes are probably the way to go for the sharing of report files between the different docker containers involved here. I have no idea about how to synchronize your build, tests and analysis steps across them though, sorry about that.

Best regards
Sylvain