Background: We are using SonarCloud integration with Azure DevOps pipeline and implemented the tasks as per the documentation (details below).
Prepare Analysis on SonarCloud - Using Maven as a way to run the analysis
Maven Task -
Have Jacoco plugin configured in the parent POM and using the goal as - clean jacoco:prepare-agent test jacoco:report.
Publishing test results to Azure pipelines.
Run SonarCloud analysis is checked
Using latest release of SonarQube scanner maven plugin
Running checkstyle
Run code analysis (optional)
Publish Quality Gate Result
Issue: Although, pipeline is executing fine and can see results generated in Azure DevOps agents folder on the VM but results are not getting published to SonarCloud. All the sections in the SonarCloud dashboard doesn’t reflect anything.
Trials: Have done the following trials with different combination of configs but no luck
Using the jacoco under code coverage options and removing jacoco goals from the Maven CLI
Using Sonarscanner maven plugin from the POM
Used command line task instead of Maven task and tried different config combinations including jacoco xml report path, changing jacoco exec path in pom, adding sonar:sonar in the CLI etc
Everytime the build just runs fine and all the pipeline tasks are in green but still no results on sonar cloud. It reflect the timings on the check ran on Azure DevOps side with the branch name though.
Ran the pipeline again disabling the “Run Code Analysis” step and seeing ambiguous results.
For e.g. can see only 1 java class reflecting in the dashboard under coverage section and not all of them.
If we go in further details, under coverage section, it is mentioned as “Coverage on New Code” but highlights only 1 java file but none of the other files are shown.
Similarly under New Issues section, it just shows the test file for that same java class and another file is one random HTML file.
Also, if we go to the “Code” menu on top, it list the multi-module projects’ folders along with parent pom but the folders seem to be empty and not shown in entirety i.e. including folders/files beneath it.
Provided we are running the build pipeline independently and not on the new commit, we expect it to show the entire results including all the files and folders and not selectively?
It sounds like you’re performing the analysis of a pull request or short-lived branch, in both cases you will only see changed code.
I would suggest scanning your main branch, or configuring the long-lived branch pattern to catch the branch you want to analyze (delete the branch from SonarCloud, and analyze again)
Although, I’ll try the various combinations based on your suggestion but
1.) What is the definition of a short lived branch here, I mean how does SonarCloud identifies if it’s a short lived branch or not. Is this the name of the branch?
2.)Also, how would you recognise if this is an analysis of PR? I have not configured the azure pipeline to get invoked on the merge of the PR.
3.)What branch does SonarCloud recommend to normally analyse to get the wholistic picture of the project?
Yes, if the name of the branch doesn’t match the long-lived branch pattern, it’s a short-lived branch.
It willl appear in the Pull Requests tab of your project. This is automatically configured by Azure DevOps when it detects that it’s running in a PR context.
It’s important to analyze the Main Branch, as it represents the current state of your codebase and what you’re deploying to production. Analyzing pull requests make sure that no new issues slip into the main branch, and that other conditions (such as coverage) is met on this code.