Hi everyone,

We have a CI pipeline set up to build our C# .net core 3.1 project in a docker container, which also runs the sonarcloud scanner. We have successfully analysed the master branch and the homepage for the project displays code smells, coverage, bugs and everything we would expect.

However, when we run the analysis for a branch specifying the pull request parameters, the analysis always reports as successful but doesn’t look like it’s actually analysed any code from the sonarcloud UI. I have introduced code that breaks the rules in the quality profile, but they are never picked up. The UI always displays this:

image1115×562 17.2 KB

Here’s the context for the analysis:

Project server settings:
  - sonar.pullrequest.provider=Azure DevOps Services
  - sonar.pullrequest.vsts.token.secured=******
Project scanner properties:
  - sonar.coverage.exclusions=**/Test[s]/**/*
  - sonar.cs.opencover.reportsPaths=/app/testresults/coverage/coverage.opencover.xml
  - sonar.host.url=https://sonarcloud.io/
  - sonar.login=******
  - sonar.organization=//my-organization
  - sonar.projectBaseDir=/app
  - sonar.projectKey=//my-projectKey
  - sonar.projectName=//my-projectName
  - sonar.pullrequest.base=master
  - sonar.pullrequest.branch=feature/MyBranch
  - sonar.pullrequest.key=10848
  - sonar.pullrequest.vsts.instanceUrl=//Azure Devops url
  - sonar.pullrequest.vsts.project=//AzDo project
  - sonar.pullrequest.vsts.respository=//AzDo repo
  - sonar.scanAllFiles=true
  - sonar.scanner.app=ScannerCli
  - sonar.scanner.appVersion=4.2.0.1873
  - sonar.sourceEncoding=US-ASCII
  - sonar.visualstudio.enable=false
  - sonar.working.directory=/app/.sonarqube/out/.sonar

I am using version 4.8.0 of the dotnet-sonarscanner tool which seems to use version 4.2.0.1873 of the scanner

Hi @jack.ohara and welcome to the community !

sonar.pullrequest.provider should be ‘vsts’ instead of Azure DevOps Services. Could you please try with that and let us know ?

Thanks.
Mickaël

Hi Mickaël,

Thanks for the welcome and thanks for the response!

Originally we did have the provider set to ‘vsts’, but I changed this because I found the dropdown menu in the UI:

image855×156 3.83 KB

This menu doesn’t have ‘vsts’ as an option, so that’s where the ‘Azure DevOps Services’ value came from.

I changed it back and here is the context:

Project server settings:
  - sonar.pullrequest.vsts.token.secured=******
Project scanner properties:
  - sonar.coverage.exclusions=**/Test[s]/**/*
  - sonar.cs.opencover.reportsPaths=/app/testresults/coverage/coverage.opencover.xml
  - sonar.host.url=https://sonarcloud.io/
  - sonar.log.level=DEBUG
  - sonar.login=******
  - sonar.modules=7149EA6C-AAEE-4D1F-8409-8E883F513CE0,2E73708A-96BF-46D2-B49D-BA3481A8A7A6,0A1B1AD6-7965-44E1-A2F0-8420DE510065,04E0F4DC-FB02-4418-B429-B1E9DA68B541,8EA0DC03-9B67-44C8-89A4-4421CD987EE3,481A955C-65BA-4D6B-8D3A-0AB6FC92B929,B627E014-5120-4D71-B77A-C768099627A7,6CE19357-DC0C-4894-BB9D-6488FB1CC9F2,51E8C1AA-DC45-418B-8ED7-CCB6FB74F98E,70F1C25D-811B-457B-8105-D46B7B7D452C,448F635C-0879-44DA-B526-F894DCAA0193,1C0090A7-D07A-4ED0-9575-B29EFD7CBE4A
  - sonar.organization=//my-organization
  - sonar.projectBaseDir=/app
  - sonar.projectKey=//my-projectKey
  - sonar.projectName=//my-projectName
  - sonar.pullrequest.base=master
  - sonar.pullrequest.branch=feature/MyBranch
  - sonar.pullrequest.key=10848
  - sonar.pullrequest.provider=vsts
  - sonar.pullrequest.vsts.instanceUrl=//AzDo Url
  - sonar.pullrequest.vsts.project=//AzDo project
  - sonar.pullrequest.vsts.respository=//AzDo repo
  - sonar.scanAllFiles=true
  - sonar.scanner.app=ScannerCli
  - sonar.scanner.appVersion=4.2.0.1873
  - sonar.sourceEncoding=US-ASCII
  - sonar.verbose=true
  - sonar.visualstudio.enable=false
  - sonar.working.directory=/app/.sonarqube/out/.sonar

This gave the same result as the original screenshot I posted

Thanks,
Jack

Hi,

thanks for your answer. Can you please go to “Administration” then “Background Tasks” of your project, and give me a task id of your “failing” pull request ? (with the subsequent date/time)

So i can have a look at our internal logs.

Thank you.

ID: AXFTv5l-1OpHG0jR0Ln7
That was today, April 7th 2020. Submitted at 9:26:37 AM(GMT+1), started at 9:26:38 AM and finished 9:26:39 AM

I cannot see anything special here.

Do you include the whole .git directory inside the docker image before building/analyzing ?

We certainly need it to get scm / blame information.

Yes, we copy over the .git directory

Hi Mickael,

I work with Jack and I’ve managed to get a step further with this analysis. It now recognises that there’s some code in the PR and flags the issues. To fix it I copied the entire folder into the docker build image instead of just copying the source and test folders (although Jack was correct, we were already copying the .git folder).

I don’t know why the PR decoration isn’t working though. I’ve created a new PAT to double check that is valid and has the right permissions.

This is the same across more than one of our projects.

Task ID: AXFVaTWEbQ5Zeg8ke7vX or AXFVXxQEavOoMrtIGnhh should be similar.

It’d be great to get quality gates working from within the docker file too.

Any thoughts on PR decoration?

Hi @Ben_Criniion and thanks for the further insight.

The PAT is needed only for SonarCloud to post comment inside the pull request thread, so it’s not needed at this point in time (as there are currently no issues reported, no comment will be posted).

Can you please send me the log of the Run Code Analysis task, with debug enabled, so i can check indexing of files, etc… I can send to one of you a PM to send me the logs if you need so.

Thank you.

Hi @mickaelcaro

The PR comments are what we’re trying to get working. I did have some issues in that branch but removed them again. We didn’t get any PR comments when there were issues.

I’ve re-introduced some issues and built again. Task ID is AXFY7JfobQ5Zeg8ke9fC

I believe this should add a PR comment about the incorrect implementation of ISerializable on BadException in the file AllocateShipmentController.cs.

I don’t think there should be any secrets in our build script so I’ve put it in a gist. If you download it, let me know and I’ll remove it just incase.

This is the start of the scan https://gist.github.com/B3nCr/c37c9a8a2ba26a3d03bee1636148a9bc#file-gistfile1-txt-L163

End starts on line 472 https://gist.github.com/B3nCr/c37c9a8a2ba26a3d03bee1636148a9bc#file-gistfile1-txt-L472

Hi @mickaelcaro, is that log any use? Is there anything else that would be helpful? Perhaps I should start a new thread specifically about PR comments?

Hi @Ben_Criniion

Sorry for the delay.

I don’t see any error on our internal logs so that’s a bit weird that comments are not posted on your AzDo Pull request.

Do you see the issues you mention in the SonarCloud dashboard at first ? Can you try adding //TODO simple markup to see if this is reported on SC, and then try to see on your AzDo PR if that pops out.

Hi @mickaelcaro

Yeah they are showing up as code smells in Sonar

image1322×460 47.4 KB

Could this be to do with our vsts.instanceUrl being set to the old style URLs instead of using the dev.azure.com URL?

This is from the scanner context…

• sonar.pullrequest.vsts.instanceUrl=https://sortedproapp.visualstudio.com/

Thanks
Ben

Did you set it manually somewhere ? This is normally provided by Azure itself to SonarCloud.

Yeah it’s set automatically but there’s a setting in azure that you can force the whole organisation to use the new URL.

As long as the API is available, we do not mind about the URL (old and new should work).

Do you have the link “See this PR” in the top right corner of the screen ? Does it redirect you to the correct PR ?

No, there is no link.

It is there on some of our other services that don’t build in docker.

I saw one typo on the scanner log context that you gave :

sonar.pullrequest.vsts.respository=//AzDo repo

Do you set this one manually ? If yes, can you try with sonar.pullrequest.vsts.repository ?

Yes that does seem like it’d be a better way to spell repository.

Thank you, that’s fixed it!

Cool !