Question: Pull Requests and adding a new solution/project automatic

Hi,

I am running into an issues when I try to automate the process of analyzing newly created solutions (c#) in the following setup:
Git repository in AzureDevOps
Yaml pipeline in AzureDevOps, which uses the SonarCloud tasks to analyze/publish to SonarCloud
SonarCloud license that allows us to use branching
ScannerMode: MSBuild

The Git repository is structured with:
A master branch (which is marked as default),
A feature branch where a team work together on.
Each person creates a pull request branch do their changes and send a PR into the feature branch.

Lets say a new solution needs to be created, then I would do that as a PR. However the standard SonarCloud tasks in AzureDevOps will not allow the pipeline to automatic create a project in SonarCloud, it gives the error that it cannot find the default branch.

As a work-a-round to this I have created a powershell script which is part of the pipeline that ensures the project is created using the RestApi, then I can analyze the PR before pushing to the feature branch.
The problem here is that I need access to the token which the ServiceConnection from AzureDevOps to SonarCloud uses. So I have to have that token in 2 locations, in the service connection and in the pipeline.

Is the process not meant to be automated or am I missing something?

If the new solution is created on the ‘default’ branch, then it works out-of-the box, the project is created in SonarCloud.

Thank you
Mikkel

Hi @Mikkel,

I’m not sure I fully understand your usecase. What exactly do you mean by a newly created solution? Is it a new repository, a new Azure DevOps project, a new feature branch or something else?

Hi @TomVanBraband,

By solution i mean a new c-sharp solution file in the Git repository.
One c-sharp solution corresponds to one SonarCloud Project.

My use case is:
I have a git repository with X number of c# solutions => X projects in SonarCloud
We require PullRequest to be approved before anyone can push to the main branch.

Lets say we want to add a new c# solution to our git repository.

  1. Create a pull request branch
  2. Create the c#-solution (sln file) and add the code and csproj files
  3. Push the code to the pr branch
  4. Create a Pull request in Azure DevOps
    Now the SonarCloud analyze task will fail on creating the project in SonarCloud

I feel this is a very normal case but I cannot get this to work without having to either manual create the SonarCloud project or have powershell code that create the project in SonarCloud.

Thanks,
Mikkel

Hi @Mikkel,
Do you really need this to be a different SonarCloud project? I mean : what is your goal behind that : Having several SonarCloud project that analyze different .NET Solutions (in order to have different Quality Gate, one per C# solution for example) or is it to evaluate the code quality for added solutions in your repo? To me it’s two different use cases.

Also, what you described I think is what we used to call “project auto-provisionning” and we abandoned that a while ago because of the many side-effects it caused.

Thanks.
Regards,
Christophe

Hi @Christophe_Havard

I am not 100% sure what you mean. We have around 10 different c# solutions (sln files) in the same Git repository. Each have their own build pipeline.

Do you tell me that we can reuse the same SonarCloud project across multiple build pipelines? We triede that but have no success in that.

Reading this article: https://blog.sonarsource.com/mono-repository-support-for-github-and-azure-devops
It say:
“For each project contained in your monorepo, add a corresponding SonarCloud project by clicking “Add new project”. You have to choose a unique project key for each SonarCloud project”

I read that as each c# solutions needs it’s own SonarCloud Project, but I could be mixing things up.

We can use the same Quality Gate across all projects
We can use the same Quality Profiles across all projects

So what should the process be when adding a new c# solution to the Git repository when Pull Requests is enforced?

Thank you
Mikkel

Hi Mikkel,

Yes, you read that right. If you want different analysis for each of your solutions, then you will have to create one SonarCloud project per solution.

Keep in mind that SonarCloud doesn’t understand the concept of “C# solution”. It only reads all of your .cs files and analyse its code. So if you already have a SonarCloud project configured to analyse your repo, adding a new C# solution will be understood by SonarCloud as “new code has been added on a repo I watch, I analyse it” (if PR analysis is configured).

Is it clearer ?
Regards,
Christophe

Hi @Christophe_Havard

I might be missing something basic here. But dont understand the answer

Lets say we have a repository with 3 different solution files in (they share nothing)

They are mapped as following in SonarCloud
A) /src/MicroServiceA/MicroServiceA.sln -> SonarCloud projectKey: mycompany_microservicea

B) /src/MicroServiceB/MicroServiceB.sln -> SonarCloud projectKey: mycompany_microserviceb

C) /src/MicroServiceC/MicroServiceC.sln -> SonarCloud projectKey: mycompany_microservicec

Each have their own build pipeline, and here is an example with MicroServiceA:

*) SonarCloud Prepare projectKey:mycompany_microservicea
*) dotnet build /src/MicroServiceA/MicroServiceA.sln
*) SonarCloud Analyze
*) SonarCloud Publish

Only the *.cs files included in the sln are analyzed and uploaded to the SonarCloud project. For me this indicates that it is the files under the solution that is analyzed.

New Solution in a pull request:

When I want to add a new Solution to my repository, then I checkout a git branch and add it there.

git checkout -b pr/new_service_d
Add the sln file to the branch
commit and push
Setup a build pipeline:

*) SonarCloud Prepare projectKey:mycompany_microserviced
*) dotnet build /src/MicroServiceD/MicroServiceD.sln
*) SonarCloud Analyze <-- fails with the message that the solution does not exists on the main branch
*) SonarCloud Publish

Only way to get around this, is that I go to sonarcloud.io and create the project manually first, with the project key specified.

Question: Is it required that you manually create the SonarCloud projects when you work on a branch that is different from main?

(If I had done this directly on the main branch, then the process would work, the Analyze step does NOT fail then, it creates the project in sonar cloud for me.)

Regards,
Mikkel

Hi @Mikkel

Yes, it is required.

(If I had done this directly on the main branch, then the process would work, the Analyze step does NOT fail then, it creates the project in sonar cloud for me.)

The fact that it is working comes from a deprecated behaviour and it will be dropped someday (without notice), so I would not recommend to go on with this.

Only idea I have is to take a look at the web Api, maybe you will find something interesting for you :wink:

HTH.
Regards,
Christophe

1 Like

Hi @Christophe_Havard

Thank you for confirming this and explaining why the projects works from the main branch.
I will use the API to ensure the projects exists in SonarCloud before analyzing.

Regards,
Mikkel

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.