Scanner command used when applicable (private details masked): SonarCloudPublish@1
Languages of the repository: C+, CSS, JS
Error observed: I’m trying to setup Sonar Cloud/Lint and just a little lost. From what I understand, a PR quality gate should be looking at “new issues” as the Delta between our feature branch and the main/dev branch we’re merging into. But every PR reports back a huge number of “new issues”. It doesn’t seem to be looking at what was introduced in this PR, every time it’s scanning the entire project. Is this intended?
Our pipelines are conditionally triggering a SonarCloud Scan on PR only and I’d like the Dev’s to be able to commit a 2nd, 3rd, etc change to their PR and have it re-run under the “same PR”.
Is our only option to go through and fix all of the previous issues and then work from there or am I misunderstanding how this works somehow?
Steps to reproduce
Potential workaround - Marking all current issues for old repositories as not a problem or resolved
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
Hey Colin, Sorry about the delay, I think I just missed your reply
Here’s the yaml and I zipped a copy of it incase that’s easier to work with.
#Automatic Builds will Trigger on the creation of a PR, or a commit to a branch that already has an open PR.
#All other builds will need to be triggered manually
trigger:
branches:
exclude:
- '*'
paths:
exclude:
- '*'
pr:
branches:
include:
- dev
- release*
- master
variables:
#SonarCloud Variables
- name: sonarcloudserviceconnectionname
value: OIC-2023-SonarCloudServiceConnection
- name: sonarcloudprojectkey
value: bluemodus_Client-mvc-rebuild-2021
- name: sonarcloudprojectname
value: Client-mvc-rebuild-2021
#Repo Specific Variables
- name: projectName
value: Client
- name: projectfoldername
value: Client.Web
pool:
vmImage: windows-2022
#name: VM-LTS
demands:
- msbuild
- java
stages:
#this stage runs if the build is triggered not because of a PR, this will prevent SonarCloud from running
- stage: BuildFromNotPR
displayName: "Build From Non-PR"
#condition: ne(variables['Build.SourceBranch'], 'refs/heads/feature/sonarcloud')
condition: ne(variables['Build.Reason'], 'PullRequest')
jobs:
- job: CIBuild
displayName: "Build Project No SonarCloud"
steps:
#writes out the Build Reason to the console, used for troubleshooting
- script: |
echo Build.BuildId: $(Build.BuildId)
echo Build.BuildNumber: $(Build.BuildNumber)
echo Build.DefinitionName: $(Build.DefinitionName)
echo Build.SourceBranch: $(Build.SourceBranch)
echo Build.SourceBranchName: $(Build.SourceBranchName)
echo Build.SourceVersion: $(Build.SourceVersion)
echo Build.Repository.Name: $(Build.Repository.Name)
echo Build.Repository.Provider: $(Build.Repository.Provider)
echo Build.Repository.Uri: $(Build.Repository.Uri)
echo Build.Reason: $(Build.Reason)
echo Build.QueuedBy: $(Build.QueuedBy)
echo Build.QueuedById: $(Build.QueuedById)
displayName: 'Print All Build Variables'
#npm install will all the Packages defined in the package.json file - This is needed for BlueTasks
- task: PowerShell@2
displayName: "NPM Install"
inputs:
targetType: "inline"
script: |
npm install
#this is the build script that will run the build process for the project
- task: PowerShell@2
displayName: CIBuild. (Clean, Nuget, Build, UnitTests, Publish).
inputs:
targetType: "filePath"
filePath: '.\build.ps1'
arguments: -Target CIBuildWeb -Configuration Release -SlackHookUrl https://hooks.slack.com/services/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
errorActionPreference: "stop"
#this task will publish the test results to the build
- task: PublishTestResults@2
displayName: "Publish Test Results"
inputs:
testResultsFormat: XUnit
testResultsFiles: '$(System.DefaultWorkingDirectory)\Artifacts\UnitTestResults\*.xml'
#this task will archive the build artifacts
- task: ArchiveFiles@2
displayName: "ZIP Artifacts"
inputs:
rootFolderOrFile: '.\Artifacts\PrecompiledWeb'
includeRootFolder: false
archiveType: "zip"
archiveFile: "$(Build.ArtifactStagingDirectory)/Web.$(Build.BuildId).zip"
replaceExistingArchive: true
#this task will publish the build artifacts to DevOps, so they can be used in the Release Pipeline
- task: PublishBuildArtifacts@1
displayName: "Publish Artifacts"
inputs:
PathtoPublish: "$(Build.ArtifactStagingDirectory)/Web.$(Build.BuildId).zip"
ArtifactName: "$(projectname)-Web"
##------Start of a new Stage------##
#this stage runs if the build is triggered because of a PR, this will run SonarCloud and is subject to the quality gates
- stage: BuildFromPR
displayName: "Build From PR"
#condition: eq(variables['Build.SourceBranch'], 'refs/heads/feature/sonar-cloud')
condition: eq(variables['Build.Reason'], 'PullRequest')
jobs:
- job: BuildWithSonarCloud
displayName: "Build Project Analysis with SonarCloud"
steps:
#writes out the Build Reason to the console, used for troubleshooting
- script: |
echo Build.BuildId: $(Build.BuildId)
echo Build.BuildNumber: $(Build.BuildNumber)
echo Build.DefinitionName: $(Build.DefinitionName)
echo Build.SourceBranch: $(Build.SourceBranch)
echo Build.SourceBranchName: $(Build.SourceBranchName)
echo Build.SourceVersion: $(Build.SourceVersion)
echo Build.Repository.Name: $(Build.Repository.Name)
echo Build.Repository.Provider: $(Build.Repository.Provider)
echo Build.Repository.Uri: $(Build.Repository.Uri)
echo Build.Reason: $(Build.Reason)
echo Build.QueuedBy: $(Build.QueuedBy)
echo Build.QueuedById: $(Build.QueuedById)
displayName: 'Print All Build Variables'
#this task will prepare the analysis for SonarCloud
- task: SonarSource.sonarcloud.14d9cde6-c1da-4d55-aa01-2965cd301255.SonarCloudPrepare@1
displayName: "Prepare analysis on SonarCloud"
inputs:
SonarCloud: $(sonarcloudserviceconnectionname)
organization: "bluemodus-inc"
projectKey: $(sonarcloudprojectkey)
projectName: $(sonarcloudprojectname)
extraProperties: |
- sonar.exclusions=src/$(projectfoldername).Web/Components/FormComponents/BlueModus/**/*
- sonar.exclusions=src/cms/**/*
- sonar.exclusions=src/SendGridWebHook/**/*
- sonar.exclusions=src/AnnualReporting.Web/**/*
#npm install will all the Packages defined in the package.json file - This is needed for BlueTasks
- task: PowerShell@2
displayName: "NPM Install"
inputs:
targetType: "inline"
script: |
npm install
#this is the build script that will run the build process for the project
- task: PowerShell@2
displayName: CIBuild. (Clean, Nuget, Build, UnitTests, Publish).
inputs:
targetType: "filePath"
filePath: '.\build.ps1'
arguments: -Target CIBuildWeb -Configuration Release -SlackHookUrl https://hooks.slack.com/services/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
errorActionPreference: "stop"
#this task will run the SonarCloud analysis on the project
- task: SonarCloudAnalyze@1
displayName: "Run Code Analysis"
#this task will publish the quality gate results to the build
- task: SonarCloudPublish@1
displayName: "Publish Quality Gate Result"
#this task will publish the unit test results to the build, if there are Unit Tests
- task: PublishTestResults@2
displayName: "Publish Test Results"
inputs:
testResultsFormat: XUnit
testResultsFiles: '$(System.DefaultWorkingDirectory)\Artifacts\UnitTestResults\*.xml'
#this task will archive the build artifacts into a zip file
- task: ArchiveFiles@2
displayName: "ZIP Artifacts"
inputs:
rootFolderOrFile: '.\Artifacts\PrecompiledWeb'
includeRootFolder: false
archiveType: "zip"
archiveFile: "$(Build.ArtifactStagingDirectory)/Web.$(Build.BuildId).zip"
replaceExistingArchive: true
#this task will publish the build artifacts to DevOps, so they can be used in the Release Pipeline
- task: PublishBuildArtifacts@1
displayName: "Publish Artifacts"
inputs:
PathtoPublish: "$(Build.ArtifactStagingDirectory)/Web.$(Build.BuildId).zip"
ArtifactName: "$(projectname)-Web"