.NET GitLab Setup

Are there any examples of how to setup the scanner in gitlab CI/CD? I found the following ressource but it does not share the whole picture: GitLab Integration | SonarQube Docs

Without building the image in between the scanner has nothing to analyze. So how is the best practice for it?

I guess it could look something like this:

  • init scanner
  • build dotnet
  • publish dotnet
  • analyse (build cache)

Does anyone has a working example? In my case I’m building a docker image in my pipeline defined via Dockerfile. That makes it a little bit more complicated but that I can figure out if I have an example of a simple setup.

Hi Jens,

We have a in-app tutorial on setting .NET.
The yml example look like:

  image: mcr.microsoft.com/dotnet/core/sdk:latest
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script: 
      - "apt-get update"
      - "apt-get install --yes openjdk-11-jre"
      - "dotnet tool install --global dotnet-sonarscanner"
      - "export PATH=\"$PATH:$HOME/.dotnet/tools\""
      - "dotnet sonarscanner begin /k:\"gl\" /d:sonar.login=\"$SONAR_TOKEN\" /d:\"sonar.host.url=$SONAR_HOST_URL\" "
      - "dotnet build"
      - "dotnet sonarscanner end /d:sonar.login=\"$SONAR_TOKEN\""
  allow_failure: true
  only:
    - master # or the name of your main branch

You would need to setup the SONAR_TOKEN and SONAR_HOST_URL variable in gitlab.

Let me know if that help.

I’ve tried the above example but with the image mcr.microsoft.com/dotnet/sdk:5.0 and the line to install OpenJDK 11 JRE is failing. Why does this fail for sdk:5.0 but not for latest .NET Core which is 3.1.410 and doesn’t fit my particular needs? Are there any suggestions for .NET 5 SDK projects?

update-alternatives: error: error creating symbolic link '/usr/share/man/man1/java.1.gz.dpkg-tmp': No such file or directory
dpkg: error processing package openjdk-11-jre-headless:amd64 (--configure):
 installed openjdk-11-jre-headless:amd64 package post-installation script subprocess returned error exit status 2
dpkg: dependency problems prevent configuration of openjdk-11-jre:amd64:
 openjdk-11-jre:amd64 depends on openjdk-11-jre-headless (= 11.0.11+9-1~deb10u1); however:
  Package openjdk-11-jre-headless:amd64 is not configured yet.
dpkg: error processing package openjdk-11-jre:amd64 (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of ca-certificates-java:
 ca-certificates-java depends on default-jre-headless | java8-runtime-headless; however:
  Package default-jre-headless is not installed.
  Package java8-runtime-headless is not installed.
  Package openjdk-11-jre-headless:amd64 which provides java8-runtime-headless is not configured yet.
dpkg: error processing package ca-certificates-java (--configure):
 dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for systemd (241-7~deb10u7) ...
Processing triggers for ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Processing triggers for libgdk-pixbuf2.0-0:amd64 (2.38.1+dfsg-1) ...
Errors were encountered while processing:
 openjdk-11-jre-headless:amd64
 openjdk-11-jre:amd64
 ca-certificates-java
E: Sub-process /usr/bin/dpkg returned an error code (1)