Sonarcloud, AzureDevops CICD, PR scan failure not found

mercia-davidhirst · September 1, 2023, 9:29am

Template for a good new topic, formatted with Markdown:

ALM used GitHub
CI system used Azure DevOps
Scanner command used when applicable (private details masked)
Languages of the repository - C#
Error observed (wrap logs/code around with triple quotes ``` for proper formatting)

2023-09-01T03:32:07.2636898Z ##[section]Starting: SonarCloudAnalyze
2023-09-01T03:32:07.2748212Z ==============================================================================
2023-09-01T03:32:07.2748412Z Task         : Run Code Analysis
2023-09-01T03:32:07.2748498Z Description  : Run scanner and upload the results to the SonarCloud server.
2023-09-01T03:32:07.2748643Z Version      : 1.41.0
2023-09-01T03:32:07.2748717Z Author       : sonarsource
2023-09-01T03:32:07.2748810Z Help         : Version: 1.41.0. This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarcloud-extension-for-azure-devops/)
2023-09-01T03:32:07.2749104Z ==============================================================================
2023-09-01T03:32:07.5597173Z [command]D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.38.0\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
2023-09-01T03:32:07.6137856Z SonarScanner for MSBuild 5.13
2023-09-01T03:32:07.6138529Z Using the .NET Framework version of the Scanner for MSBuild
2023-09-01T03:32:07.6567847Z Post-processing started.
2023-09-01T03:32:07.8547969Z Calling the TFS Processor executable...
2023-09-01T03:32:07.9857254Z Attempting to locate the CodeCoverage.exe tool...
2023-09-01T03:32:07.9915676Z Attempting to locate the CodeCoverage.exe tool using setup configuration...
2023-09-01T03:32:08.0240754Z Code coverage command line tool: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Team Tools\Dynamic Code Coverage Tools\CodeCoverage.exe
2023-09-01T03:32:08.0427169Z Fetching code coverage report information from TFS...
2023-09-01T03:32:08.0446380Z Attempting to locate a test results (.trx) file...
2023-09-01T03:32:08.0807129Z Looking for TRX files in: D:\a\1\TestResults
2023-09-01T03:32:08.0812304Z No test results files found
2023-09-01T03:32:08.1176668Z Did not find any binary coverage files in the expected location.
2023-09-01T03:32:08.1190319Z Falling back on locating coverage files in the agent temp directory.
2023-09-01T03:32:08.1195047Z Searching for coverage files in D:\a\_temp
2023-09-01T03:32:08.1198829Z No coverage files found in the agent temp directory.
2023-09-01T03:32:08.1199654Z Coverage report conversion completed successfully.
2023-09-01T03:32:08.1292486Z The TFS Processor has finished
2023-09-01T03:32:08.1341269Z Calling the SonarScanner CLI...
2023-09-01T03:32:10.2688216Z INFO: Scanner configuration file: D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.38.0\classic-sonar-scanner-msbuild\sonar-scanner-4.8.0.2856\bin\..\conf\sonar-scanner.properties
2023-09-01T03:32:10.2860597Z INFO: Project root configuration file: D:\a\1\.sonarqube\out\sonar-project.properties
2023-09-01T03:32:10.5272993Z INFO: SonarScanner 4.8.0.2856
2023-09-01T03:32:10.5273972Z INFO: Java 17.0.8 Eclipse Adoptium (64-bit)
2023-09-01T03:32:10.5274479Z INFO: Windows Server 2022 10.0 amd64
2023-09-01T03:32:12.6705437Z INFO: User cache: C:\Users\VssAdministrator\.sonar\cache
2023-09-01T03:32:15.1192358Z INFO: Analyzing on SonarCloud
2023-09-01T03:32:15.1193785Z INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is platform dependent)
2023-09-01T03:32:17.5100687Z INFO: Load global settings
2023-09-01T03:32:17.5100999Z INFO: Load global settings (done) | time=147ms
2023-09-01T03:32:17.5101514Z INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
2023-09-01T03:32:17.5101748Z INFO: User cache: C:\Users\VssAdministrator\.sonar\cache
2023-09-01T03:32:17.5101958Z INFO: Load/download plugins
2023-09-01T03:32:17.5102136Z INFO: Load plugins index
2023-09-01T03:32:17.5102328Z INFO: Load plugins index (done) | time=206ms
2023-09-01T03:32:19.9263667Z INFO: Load/download plugins (done) | time=3058ms
2023-09-01T03:32:20.6919904Z INFO: Loaded core extensions: developer-scanner
2023-09-01T03:32:21.3167667Z INFO: Found an active CI vendor: 'Azure DevOps'
2023-09-01T03:32:21.3201449Z INFO: Load project settings for component key: 'MyProject'
2023-09-01T03:32:22.1618608Z INFO: Load project settings for component key: 'MyProject' (done) | time=82ms
2023-09-01T03:32:22.1618899Z INFO: Process project properties
2023-09-01T03:32:22.1619088Z INFO: Execute project builders
2023-09-01T03:32:22.1619293Z INFO: Execute project builders (done) | time=120ms
2023-09-01T03:32:22.1619529Z INFO: Project key: MyProject
2023-09-01T03:32:22.1619728Z INFO: Base dir: D:\a\1\s
2023-09-01T03:32:22.1619910Z INFO: Working dir: D:\a\1\.sonarqube\out\.sonar
2023-09-01T03:32:22.2046827Z INFO: Load project branches
2023-09-01T03:32:22.3048332Z INFO: Load project branches (done) | time=101ms
2023-09-01T03:32:22.3113698Z INFO: Check ALM binding of project 'MyProject'
2023-09-01T03:32:22.3742688Z INFO: Detected project binding: BOUND
2023-09-01T03:32:22.3747425Z INFO: Check ALM binding of project 'MyProject' (done) | time=60ms
2023-09-01T03:32:22.3748335Z INFO: Load project pull requests
2023-09-01T03:32:22.4502506Z INFO: Load project pull requests (done) | time=67ms
2023-09-01T03:32:22.4503298Z INFO: Load branch configuration
2023-09-01T03:32:22.9267898Z INFO: ------------------------------------------------------------------------
2023-09-01T03:32:22.9268602Z INFO: EXECUTION FAILURE
2023-09-01T03:32:22.9268949Z INFO: ------------------------------------------------------------------------
2023-09-01T03:32:22.9269179Z INFO: Total time: 12.761s
2023-09-01T03:32:22.9648343Z INFO: Final Memory: 21M/70M
2023-09-01T03:32:22.9650374Z INFO: ------------------------------------------------------------------------
2023-09-01T03:32:22.9651764Z ##[error]ERROR: Error during SonarScanner execution
2023-09-01T03:32:22.9655981Z ERROR: Error during SonarScanner execution
2023-09-01T03:32:22.9660693Z ##[error]ERROR: Could not find the pullrequest with key '221'
2023-09-01T03:32:22.9677180Z ERROR: Could not find the pullrequest with key '221'
2023-09-01T03:32:22.9679478Z ##[error]ERROR: Caused by: Error 404 on https://sonarcloud.io/api/alm_integration/show_pullrequest?project=MyProject&pullrequestKey=221 : {"errors":[{"msg":"Unable to find the pullrequest with key \u0027221\u0027"}]}
2023-09-01T03:32:22.9680568Z ERROR: Caused by: Error 404 on https://sonarcloud.io/api/alm_integration/show_pullrequest?project=MyProject&pullrequestKey=221 : {"errors":[{"msg":"Unable to find the pullrequest with key \u0027221\u0027"}]}
2023-09-01T03:32:22.9682092Z ##[error]ERROR:
2023-09-01T03:32:22.9682486Z ERROR: 
2023-09-01T03:32:23.3306052Z ##[error]The SonarScanner did not complete successfully
2023-09-01T03:32:23.3307944Z The SonarScanner did not complete successfully
2023-09-01T03:32:23.3310323Z ##[error]03:32:23.329  Post-processing failed. Exit code: 1
2023-09-01T03:32:23.3311326Z 03:32:23.329  Post-processing failed. Exit code: 1
2023-09-01T03:32:23.3413471Z ##[error]The process 'D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.38.0\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe' failed with exit code 1
2023-09-01T03:32:23.3477487Z ##[section]Finishing: SonarCloudAnalyze

Steps to reproduce
Raise pull request in GitHub which triggers the Azure Devops pipeline with the SonarCloud analyser and this happens. It happens on all projects but does not happen on standard pushes, only PRs.
Potential workaround
None

I have checked and recreated both the project and the private tokens used between SonarCloud and Azure Devops, neither seem to resolve the issue but it is now becoming a major problem that we may need to abandon using SonarCloud for something else if we cannot resolve. I can confirm the PR’s exist in GitHub.

Colin · September 4, 2023, 8:10am

Hey there.

I was able to find your project and it looks like SonarCloud is querying Azure DevOps instead of GitHub for the pull request.

Is your project bound to Azure DevOps or GitHub?

mercia-davidhirst · September 4, 2023, 8:21am

Hi Colin,

The project is bound to Azure Devops, since this is where our CI/CD resides that calls the analysers.

When we create a new SonarCloud project, SonarCloud provides a list of our repos from GitHub (either new or currently set up), however I note they all have the Azure DevOps icon against them.

Cheers,

David

Colin · September 4, 2023, 12:02pm

Hey there.

The organization should be linked to GitHub, where your repositories are located and where your Pull Requests will be decorated.

Is it possible that some “fake” repo gets created when you create the pipelines in Azure DevOps – and that is what is actually being used in the binding? Where do you get taken when you click on the Azure DevOps logo when viewing your project (such as the example below for GitHub)

mercia-davidhirst · September 4, 2023, 1:21pm

Our Azure Devops uses GitHub for its repo’s. When we set up a project in Azure DevOps, we select GitHub as our repository location and it pulls this information across to itself. We have since then added SonarCloud as an analyser and pointed it at AzureDevOps, since this made sense at the time.

When I go into a project I see an Azure DevOps icon, not a github one. When I click that link I am taken to a 404 page for a URL similar to:
https://dev.azure.com/MyOrg/MyProjectName/_git/MyProjectName

mercia-davidhirst · September 6, 2023, 10:09am

Is there any more information regarding this?

I am unable to create a project that is not Azure DevOps bound which seems to be inherited from the organisation. However, I cannot also create a new organisation since SonarCloud only allows me to select Azure DevOps or create one manually which comes with a lot of warnings.

Is this inability to select another type is because I have used Azure DevOps as my method of logging into SonarCloud? If so, this seems very unintuitive that it forces me to only use Azure DevOps. I would have thought that the login page should clearly state, you are not just selecting an OAuth method like you would on any other site but that SonarCloud seemingly forces you to use only that provider when you do. This seems to be a very odd decision to make as other similar saas providers, like Snyk do not take this approach, it is merely a means to authenticate to the service, setting up third parties after that should be done via tokens.

Colin · September 6, 2023, 3:13pm

Hey David.

I just went ahead and configured an Azure DevOps organization like you describe – and wow, you really do get a “fake” repo that you can use to create projects. That’s not great – and I’ll flag this for attention our side.

Kind of. The problem is that your organization was bound with Azure DevOps and not GitHub – this being the only option presented to you when you authenticated with Azure DevOps.

That’s recognized on our side and we want to improve this in the long-term.

For now, what you’ll have to do is authenticate with GitHub, create an organization bound to your GitHub organization, and start over with new projects (which will be properly bound, meaning PR decoration will work)

mercia-davidhirst · September 6, 2023, 3:22pm

Thanks for coming back Colin, though hoping that was not the answer I guess I will have to weigh up the time to transfer everything over or switching to something else.

Thanks for looking into this for me.

system · September 13, 2023, 3:22pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.