PR Decorations not working from Docker in Azure DevOps pipeline

• ALM used Azure DevOps
• CI system used Azure DevOps
• Scanner command used: dotnet sonarscanner begin
• .NET, C#
• Error observed:
  Hi, we’ve been setting up Sonar Scan for multiple of our projects, and so far so good, except on the projects where we run the sonar scan from a docker container. I need help debugging this and to figure out why no PR decorations are made. I’ve intentionally added errors/warnings in the code, and they do show up in Sonar Cloud. I’ve made a PAT token that is successfully used in other projects, as well as bound the project to the repository in the Sonar Cloud UI.

      /o:"org" \
      /d:sonar.token="${DOCKER_SONAR_TOKEN}" \
      /d:sonar.cs.opencover.reportsPaths="coverage.opencover.xml" \
      /d:sonar.pullrequest.key="${PULLREQUEST_ID}" \
      /d:sonar.pullrequest.branch="${SOURCE_BRANCH_NAME}" \
      /d:sonar.pullrequest.base="${TARGET_BRANCH_NAME}" \
      /d:sonar.pullrequest.provider=vsts \
      /d:sonar.pullrequest.vsts.instanceUrl="azdo-url" \
      /d:sonar.pullrequest.vsts.project="azdo-projectname" \
      /d:sonar.pullrequest.vsts.repository="azdo-repo-name" \
      /d:sonar.log.level=DEBUG \
      /d:sonar.verbose=true \

I have a couple warnings during this scan:

• Could not find ref ‘azure-main’ in refs/heads, refs/remotes/upstream or refs/remotes/origin. You may see unexpected issues and changes. Please make sure to fetch this ref before pull request analysis.
• Multi-Language analysis is enabled. If this was not intended and you have issues such as hitting your LOC limit or analyzing unwanted files, please set “/d:sonar.scanner.scanAll=false” in the begin step.
• Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone.

Any help in getting to the bottom of this is apprecciated!

Hey @Stine

I can send you a a private message that shows you how your values are being interpreted on the SonarQube Cloud side, and what the failing API call looks like.

Additionally (but unrelatedly to PR decoration):

You can fix both of these by making sure your checkout fetch-depth is 0.

steps:
 # Checkout the repository
 - checkout: self
 
 # Disable shallow fetch
   fetchDepth: 0

Thank you for your prompt response! The issue is now solved! It really helped knowing what the failing call was, which you sent on DM’s. In my case it was an error in the URL, where I had written the name wrong for the “sonar.pullrequest.vsts.instanceUrl”.

Thanks @Stine!

There’s a broader issue here that setting these parameters shouldn’t be necessary, and SonarQube Cloud should use the Azure DevOps data from the project binding (like it does for GitHub, GitLab, and BitBucket). There’s an open ticket for this.

Thank you @Colin, I understand! In the meantime if would probably be an idea to put some information about running in docker in the documentation.

I am also having issues with the steps you provided to disable shallow clone. After setting the steps like you posted, my sonar scan now scans no files again, so I had to revert back for now and just have the warning, until I can figure out what’s wrong.

Feel free to raise a new thread on that last point, and please include your full Azure DevOps Pipeline YML!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.