omnio
(Seun Omotosho)
July 15, 2024, 8:59am
1
Hi
Please i really need help on this
Going through the below link
I see that
This is confirmed by the below as sonar does not detect .Net in the scan
Below also is my current github action script
on:
# Trigger analysis when pushing in master or pull requests, and when creating
# a pull request.
push:
branches:
- master
- staging
pull_request:
types: [opened, synchronize, reopened]
name: SonarCloud
jobs:
sonarcloud:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
args: >
-Dsonar.projectKey=xxxxx_xxxxx
-Dsonar.organization=xxxxx
-Dsonar.c.file.suffixes=- -Dsonar.cpp.file.suffixes=- -Dsonar.objc.file.suffixes=-
-Dsonar.exclusions="**/Migrations/*,**/*.c,**/*.cc,**/*.cpp,**/*.h"
# Disabling shallow clone is recommended for improving relevancy of reporting
# /Migrations/
fetch-depth: 0
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
Colin
(Colin)
July 15, 2024, 9:02am
2
Hey there.
When you create a new project in SoanrCloud, there’s a tutorial right in the UI.
You can also find it in your project’s Administration > Analysis Method
omnio
(Seun Omotosho)
July 15, 2024, 9:12am
3
Hi @Colin ,
I was just praising you for your help so far in my work with sonar to @Silpa .
So i am currently trying this now and i will give a feedback afterwards
Cheer
1 Like
omnio
(Seun Omotosho)
July 15, 2024, 10:20am
4
Hi @Colin
Kindly see below
Time Elapsed 00:08:41.28
SonarScanner for MSBuild 6.2
Using the .NET Core version of the Scanner for MSBuild
Post-processing started.
09:15:52.503 sonar-project.properties files are not understood by the SonarScanner for MSBuild. Remove those files from the following folders: D:\a\adora\adora
09:15:52.504 Post-processing failed. Exit code: 1
Error: Process completed with exit code 1.
Mind you I already have a sonar-project.properties
with the below content
sonar.organization=organization_name_in_sonarcloud
sonar.projectKey=project_key_in_sonarcloud
sonar.sources=.
Please help
Colin
(Colin)
July 15, 2024, 12:46pm
5
The error message is pretty clear about what actions to take.
You should instead provide these values as command line arguments to the Scanner. See the docs here .
omnio
(Seun Omotosho)
July 15, 2024, 1:15pm
6
So they also stated in the yml file for the githb action
run: |
.\.sonar\scanner\dotnet-sonarscanner begin /k:"xxxxx" /o:"xxxxx" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
dotnet build
.\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
should i remove them from the sonar-project.properties file? or remove the file altogether?
Colin
(Colin)
July 15, 2024, 7:41pm
7
Remove the file altogether.
omnio
(Seun Omotosho)
July 16, 2024, 9:01am
8
Done and everything seem to be fine
Just that GitHub actions is scanning all the source code with every push
I need to be able to scan only the new changes to the source code
Please how do I achieve that?
Colin
(Colin)
July 16, 2024, 1:04pm
9
Incremental Analysis is supported in the context of analyzing Pull Requests, but not branch analyses.
omnio
(Seun Omotosho)
July 17, 2024, 12:24pm
10
Hi @Colin
in light of the below
What else do I need to do to ens the scan of the pull request does not result in scanning the whole project again?
Colin
(Colin)
July 18, 2024, 2:11pm
11
Specifically, in the context of a PR analysis, it should work out of the box when you follow the tutorial in the UI! If it’s not, I’d be happy to look at the logs of your job.
omnio
(Seun Omotosho)
July 23, 2024, 2:05pm
12
Hi @Colin
Many thanks yes i’ve been able to set this up and all that buh there is still a challenge
GH PR still does not stop the merge even when the QG fails
See below
sonarcloud
and here’s the settings on GH
Please what am I missing
omnio
(Seun Omotosho)
July 23, 2024, 2:44pm
14
No it’s not, i use the steps in Analysis Method
Colin
(Colin)
July 23, 2024, 2:59pm
15
As I told you in this thread, you need a GitHub-bound organization
The only way to have your organization bound to a different DevOps Platform currently is to create a new organization and re-import your repositories there. Unfortunately, that means you’ll lose the results of previous analyses on these projects.
omnio
(Seun Omotosho)
July 23, 2024, 3:11pm
16
Hi @Colin
Does it mean I can not use the Quality Gates to block merges of new code that fails the quality gates?
Colin
(Colin)
July 23, 2024, 3:45pm
17
If you have a Github-bound organization, sure you can. If not, then no, you cannot decorate the PR with a comment/status check, ultimately used to block the merge.
omnio
(Seun Omotosho)
July 23, 2024, 3:54pm
18
This is sad. … is there no other way. …
However, for one of my projects, not a .Net project the quality gate works and stops the merge of code that fails.
Please, there should be another way to get these .Net projects to work. …
Colin
(Colin)
July 23, 2024, 4:06pm
19
Why can’t you create a bound GitHub organization?
Maybe you can share a screenshot or whatever is indicating to you that this is working for the non-NET project. Is the non-.NET project on GitHub or Azure DevOps?
omnio
(Seun Omotosho)
July 23, 2024, 4:59pm
20
All projects are on GitLab and GitHub