Sonarcloud + Azure DevOps but repo from Github

azure

(Bob) #1

I have a Azure Devops organization, where I log in with a live ID account (no work or school). On this, I have build pipelines using github as a source repository.

Is it possible to analyse the source code from azure devops ? I’m asking because when I set up sonarcloud with github, it only offer me to do the analyse with the scanner from my computer, and I don’t know why since I want CI.

thanks for your help


(Fabrice Bellingard) #2

Hi Bob,

if I understand correctly:

  • Your source code is hosted on GitHub
  • You build it with Azure Pipelines

If this is the case, then the following setup will work just fine:

  1. Sign up on SonarCloud with you GitHub account
  2. Follow the “Analyse new project” wizard where you will select a repository from you organization
  3. Forget the tutorial that is displayed on the home page of the newly created project, and instead follow instructions from the Microsoft Lab (https://aka.ms/sonarcloudlab) with some slight differences:
    • No need to log in with your Live account to generate the user token, generate it from you GitHub-based account
    • When configuring the “Prepare analysis on SonarCloud” task, use the org and project keys that you can see on your newly created project in SonarCloud

This setup is what our .NET team is using at SonarSource, so you can be sure that it is working good (even for PR decoration on GitHub through Azure Pipelines builds!).

Hope this helps!


(My) #4

@Fabrice_Bellingard, I have set up AzureDevOps to trigger on PR. However, PR decoration on Github does not work because it said SonarCloud is not installed on Github.

However, the application is installed on Github. Is there anything else that have to be set?

Here’s the successful run on ADO: https://dev.azure.com/msft-vott/VoTT/_build/results?buildId=832

Here’s the sonarcloud.io dashboard: https://sonarcloud.io/project/issues?id=Microsoft_VoTT&pullRequest=5&resolved=false


(My) #5

nvm, turns out I incorrectly set sonar.pullrequest.key in properties and so this was looking for a nonexistent pr.


(Fabrice Bellingard) #6

Since you are relying on the SonarCloud Azure DevOps extension to trigger the scan, why do you need to manually set sonar.pullrequest.key? AFAIR, the extension is supposed to do this for you.


(My) #7

It wasn’t clear to me at first that it was already set