Question: Pull Requests and adding a new solution/project automatic

Hi,

I am running into an issues when I try to automate the process of analyzing newly created solutions (c#) in the following setup:
Git repository in AzureDevOps
Yaml pipeline in AzureDevOps, which uses the SonarCloud tasks to analyze/publish to SonarCloud
SonarCloud license that allows us to use branching
ScannerMode: MSBuild

The Git repository is structured with:
A master branch (which is marked as default),
A feature branch where a team work together on.
Each person creates a pull request branch do their changes and send a PR into the feature branch.

Lets say a new solution needs to be created, then I would do that as a PR. However the standard SonarCloud tasks in AzureDevOps will not allow the pipeline to automatic create a project in SonarCloud, it gives the error that it cannot find the default branch.

As a work-a-round to this I have created a powershell script which is part of the pipeline that ensures the project is created using the RestApi, then I can analyze the PR before pushing to the feature branch.
The problem here is that I need access to the token which the ServiceConnection from AzureDevOps to SonarCloud uses. So I have to have that token in 2 locations, in the service connection and in the pipeline.

Is the process not meant to be automated or am I missing something?

If the new solution is created on the ‘default’ branch, then it works out-of-the box, the project is created in SonarCloud.

Thank you
Mikkel

Hi @Mikkel,

I’m not sure I fully understand your usecase. What exactly do you mean by a newly created solution? Is it a new repository, a new Azure DevOps project, a new feature branch or something else?

Hi @TomVanBraband,

By solution i mean a new c-sharp solution file in the Git repository.
One c-sharp solution corresponds to one SonarCloud Project.

My use case is:
I have a git repository with X number of c# solutions => X projects in SonarCloud
We require PullRequest to be approved before anyone can push to the main branch.

Lets say we want to add a new c# solution to our git repository.

  1. Create a pull request branch
  2. Create the c#-solution (sln file) and add the code and csproj files
  3. Push the code to the pr branch
  4. Create a Pull request in Azure DevOps
    Now the SonarCloud analyze task will fail on creating the project in SonarCloud

I feel this is a very normal case but I cannot get this to work without having to either manual create the SonarCloud project or have powershell code that create the project in SonarCloud.

Thanks,
Mikkel

Hi @Mikkel,
Do you really need this to be a different SonarCloud project? I mean : what is your goal behind that : Having several SonarCloud project that analyze different .NET Solutions (in order to have different Quality Gate, one per C# solution for example) or is it to evaluate the code quality for added solutions in your repo? To me it’s two different use cases.

Also, what you described I think is what we used to call “project auto-provisionning” and we abandoned that a while ago because of the many side-effects it caused.

Thanks.
Regards,
Christophe

Hi @Christophe_Havard

I am not 100% sure what you mean. We have around 10 different c# solutions (sln files) in the same Git repository. Each have their own build pipeline.

Do you tell me that we can reuse the same SonarCloud project across multiple build pipelines? We triede that but have no success in that.

Reading this article: https://blog.sonarsource.com/mono-repository-support-for-github-and-azure-devops
It say:
“For each project contained in your monorepo, add a corresponding SonarCloud project by clicking “Add new project”. You have to choose a unique project key for each SonarCloud project”

I read that as each c# solutions needs it’s own SonarCloud Project, but I could be mixing things up.

We can use the same Quality Gate across all projects
We can use the same Quality Profiles across all projects

So what should the process be when adding a new c# solution to the Git repository when Pull Requests is enforced?

Thank you
Mikkel

Hi Mikkel,

Yes, you read that right. If you want different analysis for each of your solutions, then you will have to create one SonarCloud project per solution.

Keep in mind that SonarCloud doesn’t understand the concept of “C# solution”. It only reads all of your .cs files and analyse its code. So if you already have a SonarCloud project configured to analyse your repo, adding a new C# solution will be understood by SonarCloud as “new code has been added on a repo I watch, I analyse it” (if PR analysis is configured).

Is it clearer ?
Regards,
Christophe