SonarCloud: Azure DevOps - Code Analysis and GitHub - Pull Request

Hi Everyone,

I’m just new on SonarCloud, and I’m trying to configure the SonarCloud on Azure DevOps: Build Pipeline to Run the Code Analysis. And for the Pull Request, I would like to apply that on our GitHub.

The problem is, on the documentation, configuring the pull request on GitHub must log-in to SonarCloud with GitHub, but when I do, the organization that has the subscription is gone. Unlike if I’m logging-in with Azure DevOps.

Can you please give me some suggestions? Many thanks for any help.

Jim

1 Like

Hi Jim,
You need to bind your SonarCloud project to your Github repository to benefit from PR decoration and indeed to be able to bind you need the correct rights both on your SonarCloud project and Github repository.
Login with Azure DevOps has not the same account as login with Github, so if you want so see your project from your Github account, you will need to invite that user in your organization from the Azure DevOps account and give him admin rights so that you can later bind it to your Github repository.

Hi Gregoire,

Thanks for the response. I have a one question, if we’re going to bind the subscription on Github, do we have to pay for another subscription? Our subscription in SonarCloud is only bound on Azure DevOps.

Hello,
If you currently have a paid plan on SonarCloud it’s not related to using Github or Azure DevOps, your subscription is for you SonarCloud organization.

Then if I understand correctly you use Github to host your code, and Azure DevOps for your build/CI pipeline. So you should bind your SonarCloud organization to your Github organization, because that’s were your code is, doing this will not change anything to your subscription. Your organization subscription is not tied to any ALM in particular.

And even if you bind your SonarCloud organization to Github, you will still be able to invite users that authenticate with Azure DevOps in your organization.

Hi Gregoire,

I’m having some trouble setting up the pull request analysis on Github. Based on the documentation provided by SonarCloud, to enable the PR Analysis, I must add the following parameters:

sonar.pullrequest.branch
sonar.pullrequest.key
sonar.pullrequest.base

I have these questions in mind:

  1. Where should I put these parameters?
  2. Where I can get the ‘sonar.pullrequest.key’?
  3. How can I confirm if the PR Analysis was successfully enabled?

Regards,
Jim

Hello,
Normally those sonar parameters should be automatically filled by the Azure DevOps extension that will trigger the SonarCloud analysis if it’s recognized as a PR build (it means being triggered by a push in a PR branch).

And you can check that it was successful in the SonarCloud interface, next to your project name there is a list of branches that have been analyzed, if you see yours it means that the PR analysis worked. And normally if it worked and your project is correctly bound to the Github repo you should be able to see the PR decoration in Github checks…

Hi,

How to triggered the PR Build by a push in the PR branch? Ours only triggered when I queued a Build on Azure DevOps.

Hi,

In the trigger tab of your pipeline, you can add both continuous integration with filters on branches, as well as pull request validation, just check the box, save, and it should be working

Thanks, Mickael.

After I enable the pull request validation, should I delete the additional parameters for pull request? (e.g. sonar.pulllrequest.key)

My apologies for too many questions. I’m really not familiar with the SonarCloud and I’m a bit confused with the documentation. Many thanks for you help.

Hello,

When I making a pull request on Github, the PR Analysis doesn’t trigger. Also I manually set the sonar.pullrequest.key on ‘Prepare analysis on SonarCloud’ in Build Pipeline (Azure DevOps) based on the pull request number for it to reflect on SonarCloud UI. But even it’s showing in the UI, there are the code smells, vulnerability, etc…


image

Hi,

All three additional properties can be removed from the prepare analysis task configuration.

Mickaël

Hi Mickael,

But when I removed the additional properties, the PR Analysis doesn’t reflect on the SonarCloud.

So, to summarize,

  • You have bound your GitHub organization to SonarCloud
  • You created a project, created a token that your entered while creating the new connection to SonarCloud in Azure DevOps (while setting up the pipeline)
  • You created a Personal Access Token on Azure with Code (read and write) grant access that your filled in the “Pull Request” section of the configuration of the project

Hence do you have any warning displaying on the “page” of the PR itself on SonarCloud ?

Thanks.

Mickaël

Hi Mickael,

Thanks for helping. Still doesn’t work on my end. Can we start from the beginning?
First I create a project

Then which should I choose here?

Many thanks,
Jim

Try ‘With other CI tools’, that way, you should be ask to generate a new token. This token shall be used when creating a new service connection to SonarCloud in Azure DevOps (while configuring the "Prepare Analysis on SonarCloud’ task).

Then try to run the pipeline itself, it should be working.

Mickaël

Has this worked for anyone yet? I have the exactly same problem to solve:

  1. Our code resides on Github and pull requests are done there.
  2. Our pipeline resides on Azure DevOps.
  3. We would like to create a new project in SonarCloud for our code in Github, and send scan results from pipeline runs in Azure DevOps to this project.

We have a SonarCloud organization on a paid subscription which so far has access to only our Azure DevOps repositories. I am able to see all our AD repos when I go to create a new project.

However it is still unclear how to get our Github repo(s) to appear in the list of repos to create a new project for in SC.

Is there any comprehensive step-by-step guidance on how to do this yet?

Thanks