RUN dotnet sonarscanner begin
/k:{SONAR_PROJECT_KEY} \
/o:assurecare \
/d:sonar.host.url={SONAR_URL}
/d:sonar.login={SONAR_TOKEN} \
/d:projectVersion='{APP_VERSION}.{APP_BUILD}' \
/d:sonar.pullrequest.key={PR_NUMBER}
/d:sonar.pullrequest.branch=${PR_BRANCH}
/d:sonar.pullrequest.base=‘master’
/d:sonar.projectBaseDir=’/src’
/d:sonar.cs.opencover.reportsPaths=“coverage.opencover.xml”
/d:sonar.verbose=true
Running the scanner from the container, it does scan but I cannot get the PR is not update. I do see a warning in the UI SCM provider autodetection failed. Please use “sonar.scm.provider” to define SCM of your project, or disable the SCM Sensor in the project settings.
I have researched this and tried several things to no avail.
This behavior is normal as long as you don’t checkout your repo inside the container, because we are relying on some folder (for instance : .git) to automatically detect the SCM provider.
I have read about the auto detection. The .git folder is in the src folder that is COPY’ed to the container.
Yes I have tried setting .scm.enabled=false. That did not help. I still see the warning. This is the relevant log entries:
Project key: rule-execution-service
INFO: Base dir: /src
INFO: Working dir: /src/.sonarqube/out/.sonar
INFO: Load project settings for component key: ‘rule-execution-service’
INFO: Load project settings for component key: ‘rule-execution-service’ (done) | time=176ms
INFO: Load project branches
INFO: Load project branches (done) | time=149ms
INFO: Load projects for organization ‘assurecare’
INFO: Load projects for organization ‘assurecare’ (done) | time=135ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=144ms
INFO: Load branch configuration
INFO: Load branch configuration (done) | time=4ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=182ms
INFO: Load active rules
INFO: Load active rules (done) | time=4152ms
WARN: SCM provider autodetection failed. Please use “sonar.scm.provider” to define SCM of your project, or disable the SCM Sensor in the project settings.
INFO: Organization key: assurecare
INFO: Pull request 5972 for merge into master from feature/313108-fix-pipeline-yaml
INFO: Indexing files…
INFO: Project configuration:
INFO: Indexing files of module ‘rule-execution-service’
INFO: Base dir: /src/rule-execution-service
INFO: Source paths: Configuration/DatabaseOverride.cs, Configuration/IInRuleSetti…
…
No SCM system was detected. You can use the ‘sonar.scm.provider’ property to explicitly specify it.
INFO: 9 files had no CPD blocks
INFO: Calculating CPD for 19 files
INFO: CPD calculation finished
INFO: Analysis report generated in 150ms, dir size=154 KB
INFO: Analysis report compressed in 37ms, zip size=46 KB
INFO: Analysis report uploaded in 280ms
INFO: ANALYSIS SUCCESSFUL, you can browse https://sonarcloud.io/dashboard?id=rule-execution-service&pullRequest=5972
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AW4ifyO0uMaVx7Y05X3b
INFO: Analysis total time: 11.198 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 1:10.357s
INFO: Final Memory: 29M/124M
INFO: ------------------------------------------------------------------------
The SonarQube Scanner has finished
15:46:31.44 Post-processing succeeded.
I looked at the vsts source and saw it seem like ‘vsts’ would be correct so I tried setting the scm.provider=vsts and got this error: SCM provider was set to “vsts” but no SCM provider found for this key. Supported SCM providers are hg,git
I also tried
Changing the provider to git and I get this error:
ERROR: Error during SonarQube Scanner execution
ERROR: Not inside a Git work tree: /src
Questions
Shouldn’t I see source code in the UI for the PR branch? I don’t. Does Sonar pull that from the SCM if working correctly?
Is it possible that for whatever reason, .git is not in /src (inside the container)? Because according to the logs, that’s what seems to be happening.
It would be much better to make sure git metadata is made available to the scanner rather than disabling the SCM since you will have more precise results regarding what files/lines are changed in that pull request.
You probably don’t see any file in the UI for the PR because it’s not detecting any changed file in the P/R. When no SCM is used, SonarQube will compare the files in the P/R with the files in the target branch (master in this case) as seen by SonarQube and this might not be what you see in git.
Please run the scanner with debug enabled - the logs will have more information about how many files are changed.
You were correct. The .git was not getting into the container. it was in the .dockerignore file. I made that change and not I no longer see the scm warning and it looks like it finds the files in the PR branch (5 in this case). BUT I still am not getting the gate to update in Azure DevOps. I AM getting the blame data in SonarCloud (I added some smell as a test).
I reset the Azure DevOps access token (again) since that’s the only thing I’ve ever seen previously prevent an update.
Does this update to the PR happen from Sonar Cloud or from the scanner?
Are there any logs that should show an attempt to update it?
Thanks again for any assistance.
-allan
Here’s some snippets from the latest log - debug and verbose:
…
14:19:19.771 DEBUG: SCM reported 5 files changed in the branch
…
14:19:24.587 INFO: CPD calculation finished
14:19:24.689 INFO: SCM writing changed lines
14:19:24.695 DEBUG: Merge base sha1: 7a23d660c1138a774eaf64f4de053648ed8a540b
14:19:24.715 DEBUG: SCM reported changed lines for 1 file in the branch
14:19:24.716 INFO: SCM writing changed lines (done) | time=27ms
14:19:24.719 INFO: Analysis report generated in 129ms, dir size=155 KB
14:19:24.751 INFO: Analysis report compressed in 32ms, zip size=47 KB
14:19:24.752 INFO: Analysis report generated in /src/.sonarqube/out/.sonar/scanner-report
14:19:24.753 DEBUG: Upload report
14:19:25.038 DEBUG: POST 200 https://sonarcloud.io/api/ce/submit?organization=assurecare&projectKey=rule-execution-service&characteristic=pullRequest%3D6255 | time=284ms
14:19:25.041 INFO: Analysis report uploaded in 288ms
14:19:25.042 INFO: ANALYSIS SUCCESSFUL, you can browse https://sonarcloud.io/dashboard?id=rule-execution-service&pullRequest=6255
14:19:25.042 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
14:19:25.042 INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AW5GO_W3w1j-vgOD63oB
14:19:25.043 DEBUG: Report metadata written to /src/.sonarqube/out/.sonar/report-task.txt
14:19:25.046 DEBUG: Post-jobs :
14:19:25.048 INFO: Analysis total time: 10.815 s
14:19:25.051 INFO: ------------------------------------------------------------------------
14:19:25.051 INFO: EXECUTION SUCCESS
14:19:25.051 INFO: ------------------------------------------------------------------------
14:19:25.051 INFO: Total time: 33.759s
14:19:25.215 INFO: Final Memory: 33M/231M
14:19:25.215 INFO: ------------------------------------------------------------------------
Process returned exit code 0
The SonarQube Scanner has finished
Thanks Mickaël
There no warnings on the top right. There was but no longer see the SCM after adding the .git folder to the container.
Looking at the context it seem ok.
Question: sonar.projectBaseDir=/src and other places that reference src… This folder only exists in the container, not in source control. Does that matter?
Thanks again! -allan
SonarQube plugins:
SonarCSS 1.1.1.1010 (cssfamily)
SonarPLSQL 3.4.1.2576 (plsql)
SonarScala 1.7.0.883 (sonarscala)
SonarC# 8.0.0.9566 (csharp)
Vulnerability Analysis 8.0.0.5505 (security)
SonarJava 5.14.0.18788 (java)
SonarHTML 3.2.0.2082 (web)
SonarFlex 2.5.1.1831 (flex)
SonarXML 2.0.1.2020 (xml)
SonarTS 2.0.0.4283 (typescript)
SonarVB 8.0.0.9566 (vbnet)
SonarSwift 4.2.1.62 (swift)
SonarCFamily 6.4.0.11646 (cpp)
SonarPython 2.0.0.5043 (python)
JaCoCo 1.0.2.475 (jacoco)
Mercurial 1.1.2 (scmmercurial)
SonarGo 1.7.0.883 (go)
SonarKotlin 1.7.0.883 (kotlin)
SonarTSQL 1.4.0.3334 (tsql)
SonarApex 1.7.0.883 (sonarapex)
SonarJS 6.0.1.10206 (javascript)
SonarRuby 1.7.0.883 (ruby)
Vulnerability Rules for C# 8.0.0.5505 (securitycsharpfrontend)
Vulnerability Rules for Java 8.0.0.5505 (securityjavafrontend)
License for SonarLint 8.0.0.2461 (license)
SonarCOBOL 4.4.0.3403 (cobol)
Git 1.10.0.1891 (scmgit)
SonarPHP 3.2.0.4868 (php)
SonarABAP 3.8.0.2034 (abap)
Vulnerability Rules for PHP 8.0.0.5505 (securityphpfrontend)
Global server settings:
Hello,
No. Nothing is on the PR.
In this image you can see the commit where I added some extra usings to cause some issues. Those issues DID show up in Sonar Cloud (see previous post) but nothing on the PR.
No Sir, I tried a few times and got different SCM errors. But after getting the .git folder into the container I see that the provider is set to sonar.pullrequest.provider=Azure DevOps Services based on the context you directed me to.
I only set these:
dotnet sonarscanner begin
/k:{SONAR_PROJECT_KEY} \
/o:assurecare \
/d:sonar.host.url={SONAR_URL}
/d:sonar.login={SONAR_TOKEN} \
/d:projectVersion='{APP_VERSION}.{APP_BUILD}' \
/d:sonar.pullrequest.key={PR_NUMBER}
/d:sonar.pullrequest.branch=${PR_BRANCH} \
/d:sonar.cs.opencover.reportsPaths=“coverage.opencover.xml”
/d:sonar.cs.nunit.reportsPaths=“app/*.xml”
/d:sonar.coverage.exclusions="*Tests.cs"
/d:sonar.verbose=true
/d:sonar.log.level=DEBUG; \
You are right, we are populating these values from the Azure DevOps extension, but not with direct call to the Scanner for MSBuild indeed. We will update our documentation with those parameters.
