Yes you can ! Simply manage to have a dotnet docker image, then you can install the Scanner for MSBuild as a dotnet global tool, and you should be good to go ! Donât forget to copy all your files inside your docker image, including .git to get SCM information.
As i said, donât forget to copy your whole repo inside, with the .git folder; so SonarCloud will be able to get SCM information for git blame essentially.
RUN dotnet tool install --global dotnet-sonarscanner
RUN dotnet dotnet-sonarscanner begin /k:"staggerlee011-github " /o:âStaggerlee011â /d:sonar.login=âxxxxxâ
RUN dotnet build
RUN dotnet sonarscanner end /d:sonar.login=âxxxxâ
I get an error:
l
You can invoke the tool using the following command: dotnet-sonarscanner
Tool âdotnet-sonarscannerâ (version â4.8.0â) was successfully installed.
Removing intermediate container 6ec6f41c0a91
â> 69baa04c083e
Step 10/17 : RUN dotnet dotnet-sonarscanner begin /k:"staggerlee011-github " /o:âStaggerlee011â /d:sonar.login=âxxxâ
â> Running in e7a4631afc05
Could not execute because the specified command or file was not found.
Possible reasons for this include:
You misspelled a built-in dotnet command.
You intended to execute a .NET Core program, but dotnet-dotnet-sonarscanner does not exist.
You intended to run a global tool, but a dotnet-prefixed executable with this name could not be found on the PATH.
This is due to the global installation of dotnet that installs it in a path and add this path to the PATH env variable, so then you need to restart the shell so the command will be recognized, and for some reason, it doesnât work on Docker.
One workaround : Specify an install path while installing, with the --tool-path flag, then invoke the command from that path :
RUN dotnet tool install --tool-path msbuildscanner dotnet-sonarscanner
RUN msbuildscanner\dotnet-sonarscanner(.exe) begin /k:"staggerlee011-github" /o:"Staggerlee011" /d:sonar.login="xxxxx"
getting the same error running the container in --interactive i cant see a folder called msbuildscanner being created in the app directory, where should it be installed?
So if i then try and run the scanner using the top path.
root@7e7b88623733:/# /root/.dotnet/tools/dotnet-sonarscanner
SonarScanner for MSBuild 4.8
Using the .NET Core version of the Scanner for MSBuild
WARNING: Please specify the command âbeginâ or âendâ to indicate whether pre- or post-processing is required. These parameters will become mandatory in a later release.
Post-processing started.
19:36:34.338 Temporary analysis directory (usually .sonarqube) doesnât exist. The âbeginâ step was probably not executed.
19:36:34.338 Post-processing failed. Exit code: 1
Which is starting to look good! i then tried putting in the info from the example code using a newly generated token from my profile:
root@7e7b88623733:/# ./root/.dotnet/tools/dotnet-sonarscanner /k:"staggerlee011-github " /o:âStaggerlee011â /d:sonar.login=âxxxâ
SonarScanner for MSBuild 4.8
Using the .NET Core version of the Scanner for MSBuild
WARNING: Please specify the command âbeginâ or âendâ to indicate whether pre- or post-processing is required. These parameters will become mandatory in a later release.
Pre-processing started.
Preparing working directoriesâŠ
19:42:17.859 19:42:17.859 Invalid project key. Allowed characters are alphanumeric, â-â, â_â, â.â and â:â, with at least one non-digit.
19:42:17.859 Expecting at least the following command line argument:
SonarQube project key
When connecting to a SonarQube server earlier than version 6.1, the following command line arguments are also required:
SonarQube project name
SonarQube project version
The full path to a settings file can also be supplied. If it is not supplied, the exe will attempt to locate a default settings file in the same directory as the SonarQube Scanner fo
r MSBuild.
Use â/?â or â/hâ to see the help message.
19:42:17.859 Pre-processing failed. Exit code: 1
Can you confrim how i get the right info for the /k /p and /d
and is it because im using a diff image to you? slightly worried that im having to hardcode a path to the executable which is diff to the one in the documentation and to yoursâŠ
So the Scanner for MSBuild expects at least some mandatory flags to work properly :
1- âbeginâ or âendâ : This defines the step to execute, begin should be executed before any msbuild command, so that the targets that will be written by this step will be well taken in account when building your project / solution (Please note that for the end step, you will only need the /d:sonar.login to be passed, not all described below)
2- -k: or /k: : the project key, should reflect what is written in either the id of the dashboard in the url (i.e https://sonarcloud.io/dashboard?id=myprojectkey) or in the right pane of the home of a project, under Project Key
3 - -o or /o: :the organization key
4: The /d:sonar.host.url flag : as it is used manually, it should be provided with https://sonarcloud.io value
5: the /d:sonar.login , which is the token that you generate on your SonarCloudâs account.
In you case, be careful, your project key has a trailing space (at least in the log you showed)
For the path, iâll have a look deeper for that, the path that i provided was a local one, because i didnât find a suitable solution to call directly the dotnet-sonarscanner command in a docker env, the tool installation log said that itâs added to the path, but it seems that the shell is not well refreshed between 2 RUN command, so itâs not recognized.
RUN dotnet tool install --global dotnet-sonarscanner
RUN /root/.dotnet/tools/dotnet-sonarscanner begin /k:âstaggerlee011-githubâ /o:âStaggerlee011â /d:sonar.login=âxxxâ /d:sonar.host.url=âhttps://sonarcloud.ioâ
RUN dotnet build
RUN /root/.dotnet/tools/dotnet-sonarscanner end /d:sonar.login=âxxxâ
We havenât done that much benchmark on Docker, but i suggest that you have a look at the dedicated resource on your image itself, by doing a docker stats , you should be able to see if itâs stuck at 100% either in CPU / RAM, which can lead to such behavior.
Ok, my bad, i thought this was the analysis that took amount of time.
I think that for getting better result, you should build a docker image with all the stuff you want, but donât run the analysis inside the docker file, just run it everytime you need it, with a docker run command (by indeed replacing the RUN dotnet-sonarscanner by a EXEC or a CMD)
By doing that, the openjdk and node installation will be done only once, and you should be âgood to goâ
Sorry not sure what you mean, do you mean install them but only call them when i needed (No idea how you do that! if it is possible please let me know how!?) i dont think that would work as idea in this case as this is just the first stage of a multi stage docker file
The idea is to build a base image upon dotnet sdk, with all the stuff you want installed on, then use this image as the base of the other.
For example, hereâs the dockerfile of the prime base image (note that thereâs no copy of your code base or something else, just installing the tools youâll need after)
FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
#Install open jdk 11
RUN apt-get update && \
apt-get install apt-utils -y && \
apt-get install -y openjdk-11-jdk && \
apt-get install -y ant && \
apt-get clean;
RUN apt-get update && \
apt-get install ca-certificates-java && \
apt-get clean && \
update-ca-certificates -f;
ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk-amd64/
RUN export JAVA_HOME
#Install node.js 12
RUN apt-get update -yq \
&& apt-get install curl gnupg -yq \
&& curl -sL https://deb.nodesource.com/setup_12.x | bash \
&& apt-get install nodejs -yq
#check node installed
RUN node --version
#check java installed
RUN java --version
RUN dotnet tool install --global dotnet-sonarscanner
ENV PATH=${PATH}:/root/.dotnet/tools
With this, execute a docker build, tag your image propertly, and push it into a registry (local or remote).
docker build -t dotnetsonarbaseimage:tag .
Then this base will not change unless you have to rebuild something inside it (changing versions of one of the components for instance).
You can then use this image for your following docker file with :
FROM dotnetsonarbaseimage:tag AS dotnetscannerbase
WORKDIR /app
COPY *.sln /
COPY ./ ./
RUN dotnet restore
RUN dotnet-sonarscanner begin {args}
RUN dotnet build
RUN dotnet test
RUN dotnet-sonarscanner end {args}