SonarCloud + DevOps PR Integration = No Comments

  • ALM used
    Azure DevOps

  • CI system used
    Azure DevOps

  • Scanner command used when applicable
    dotnet-sonarscanner begin /o:“org” /k:“project” /d:sonar.host.url=“https://sonarcloud.io” /d:sonar.login=“token” -d:sonar.qualitygate.wait=true

  • Languages of the repository
    c#, xml, HTML, css, Javascript

  • Only if the SonarCloud project is public, the URL

    • And if you need help with pull request decoration, then the URL to the PR too

Project is Private but we do need help with PR decoration.

  • Error observed
    Inline comment is not posted in the Pull Request

  • Steps to reproduce

  1. Configure Pull Request Integration between SonarCloud.io and DevOps
  2. Run standalone scanner via Pipeline with the -d:sonar.qualitygate.wait=true option
  3. The Pipeline waits for the analysis results successfully, but no inline comment is posted, as described in: https://azuredevopslabs.com/labs/vstsextend/sonarcloud/
  • Potential workaround
    Unknown

Greetings,

We have a dedicated pipeline that runs whenever a Pull Request is submitted - the Pipeline injects GUID’s into our .csproj files, and then runs the standalone scanner against builds that are triggered with ‘dotnet build’, and submits to SonarCloud.io I recently enabled the Pull Request integration using the -d:sonar.qualitygate.wait=true option, which does seem to wait for the Analysis results and send a pass/fail result back to the Pipeline. However, no inline comments are posted, and I have not made much progress determining how to get this working.

  1. Are the Inline Comments from Pull Request Integration with DevOps supported when using the standalone scanner? Or do we have to use the native Task as shown in the guide?
  2. If supported, is ‘-d:sonar.qualitygate.wait=true’ the proper way to enable this?

Please let me know if there is any additional information that I can provide.

Hi @p4th0g3n

If you run everything by hand, you will need to know and pass the relevant parameters to the Scanner.

Especially, for pull requests, you will need to pass :

  • The Pull Request id, with the property ‘sonar.pullrequest.key’
  • The base branch of the PR, with the property ‘sonar.pullrequest.base’
  • The target branch of the PR, with the property ‘sonar.pullrequest.target’
  • The CI provider : ‘sonar.pullrequest.provider’
  • You AzDo instance URL ‘sonar.pullrequest.vsts.instanceUrl’
  • Your AzDo project name ‘sonar.pullrequest.vsts.project’
  • Your AzDo repository name ‘sonar.pullrequest.vsts.repository’

May i ask you why you’re not using the Azure DevOps Extension for SonarCloud that we provide ? it will ease you the work by automatically detecting and passing those properties right to the Scanner.

HTH,
Mickaël