I have a Azure Devops organization, where I log in with a live ID account (no work or school). On this, I have build pipelines using github as a source repository.
Is it possible to analyse the source code from azure devops ? I’m asking because when I set up sonarcloud with github, it only offer me to do the analyse with the scanner from my computer, and I don’t know why since I want CI.
If this is the case, then the following setup will work just fine:
Sign up on SonarCloud with you GitHub account
Follow the “Analyse new project” wizard where you will select a repository from you organization
Forget the tutorial that is displayed on the home page of the newly created project, and instead follow instructions from the Microsoft Lab (https://aka.ms/sonarcloudlab) with some slight differences:
No need to log in with your Live account to generate the user token, generate it from you GitHub-based account
When configuring the “Prepare analysis on SonarCloud” task, use the org and project keys that you can see on your newly created project in SonarCloud
This setup is what our .NET team is using at SonarSource, so you can be sure that it is working good (even for PR decoration on GitHub through Azure Pipelines builds!).
@Fabrice_Bellingard, I have set up AzureDevOps to trigger on PR. However, PR decoration on Github does not work because it said SonarCloud is not installed on Github.
However, the application is installed on Github. Is there anything else that have to be set?
Since you are relying on the SonarCloud Azure DevOps extension to trigger the scan, why do you need to manually set sonar.pullrequest.key? AFAIR, the extension is supposed to do this for you.