Single ADO pipeline C# and JS/TS but I can't get both code languages to scan in a single run

chris.needle · June 23, 2021, 2:06pm

Template for a good new topic, formatted with Markdown:

ALM used (Azure DevOps)
CI system used (Azure DevOps)
Scanner command used MSBUILD
Languages of the repository (C# / JS / TS)
Error observed:
- If I use scanner mode MSBUILD then sonar analyses the c# code base but ignores the JS/TS code
- If I use scanner mode CLI then sonar analyses the JS/TS code base but ignores the C# code.

Pipeline YAML (CLI Mode)

- task: SonarCloudPrepare@1
  displayName: 'Sonar Prep - CLI Mode'
  inputs:
    SonarCloud: 'MyProject-SonarCloud'
    organization: 'MyOrg'
    scannerMode: 'CLI'
    configMode: 'manual'
    cliProjectKey: 'MyProjectKey'
    cliProjectName: 'MyProjectName'
    cliSources: '.'
    extraProperties: |
      # Additional properties that will be passed to the scanner, 
      # Put one key=value per line, example:
      sonar.exclusions=**/infrastructure/**/*,**/db_connect/**/*,**/docs/**/*,**/ETL/**/*,azure-pipelines.yml,myproject-cd.yml,README.md,sonarcloud-pipeline.yml,template-deploy-environment.yml
      sonar.verbose=true
      sonar.javascript.lcov.reportPaths=$(Build.Repository.LocalPath)/app/MyProject.UI/coverage/lcov.info
  condition: or(eq(variables['Build.SourceBranch'], 'refs/heads/develop'), startsWith(variables['Build.SourceBranch'], 'refs/heads/cjn/'))

Pipeline YAML (MSBUILD Mode)

- task: SonarCloudPrepare@1
  displayName: 'Prepare analysis on SonarCloud'
  inputs:
    SonarCloud: 'MyProject-SonarCloud'
    organization: 'MyOrg'
    projectKey: 'MyProjectKey'
    projectName: 'MyProjectName'
    extraProperties: |
      sonar.exclusions=**/infrastructure/**/*,**/db_connect/**/*,**/docs/**/*,**/ETL/**/*,azure-pipelines.yml,customerportal-cd.yml,README.md,sonarcloud-pipeline.yml,template-deploy-environment.yml
      sonar.cs.vstest.reportsPaths=$(Agent.TempDirectory)/*.trx
      sonar.javascript.lcov.reportPaths=$(Build.Repository.LocalPath)/app/MyProject.UI/coverage/lcov.info
      sonar.verbose=true
  condition: or(eq(variables['Build.SourceBranch'], 'refs/heads/develop'), startsWith(variables['Build.SourceBranch'], 'refs/heads/cjn/'))

The CLI version reads all of the code base from both the app/<C#> and app/<js_ts> code but only reports on the JS/TS side of the code. The MSBUILD version only reads from the app/<C#> code and analyses that…

The JS/TS is built using NPM. whereas the C# code is built using a ‘DotNetCoreCLI@2’ task.

I’ve tried a bunch of things and the coverage files all seem to be located when it runs the analysis, I’m just not sure what I’m missing to get it to analyse them both together.

FYI, this is my 1st in-roads into sonarcloud so any help would be most appreciated.

EDIT: just noticed (on writing this post) that the sonar.vstest.reportsPaths variable is missing from the CLI run. Just retesting now.

chris.needle · June 23, 2021, 3:08pm

so I’m still having the same issue. However, that said I have spotted the following in the log file:

WARN: Your project contains C# files which cannot be analyzed with the scanner you are using. To analyze C# or VB.NET, you must use the SonarScanner for .NET 5.x or higher, see https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html

I added the following task into the pipeline

- task: DotNetCoreCLI@2
  displayName: 'Install SonarScanner for C# scanning'
  inputs:
    command: custom
    custom: tool
    arguments: 'install --global dotnet-sonarscanner --version 5.2.1'

but it reports:

Since you just installed the .NET SDK, you will need to logout or restart your session before running the tool you installed.
You can invoke the tool using the following command: dotnet-sonarscanner
Tool 'dotnet-sonarscanner' (version '5.2.1') was successfully installed

As for the run code analysis step the log still contains the above warning message.

mickaelcaro · June 24, 2021, 6:51am

Hi @chris.needle

You can totally run the Scanner for .NET on standalone mode, there are some documentation available here on how to do it.

If you’re using the .NET Core version of it, you can expect that your JS/TS files will be analyzed.

Let us know.

Thanks.
Mickaël

chris.needle · June 24, 2021, 10:25am

Hi @mickaelcaro ,

Thanks for getting back to me so quickly. I’ve ended up generating 2 analysis views for the same project and by using different project keys added multiple analysis runs into the pipeline to get the data into sonarcloud. This is working right now so I’m going to leave it as is because I’ve got a bucket load of other stuff on the backlog to sort out but will create a backlog ticket to review this down-the-line to look at combining the two sonar ‘projects’.

system · July 1, 2021, 10:25am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.