Sonarcloud for azure devops yaml v3 ignoring exclusions

using the below in azure devops yaml:

  • task: SonarCloudPrepare@3
    displayName: Prepare SonarCloud
    inputs:
    SonarCloud: SonarCloud
    organization: $(sonarCloudOrganization)
    scannerMode: dotnet
    projectKey: $(sonarCloudProjectKey)
    projectName: $(sonarCloudProjectName)
    extraProperties: |
    sonar.cs.opencover.reportsPaths=$(testCoverageOpencover)
    sonar.cs.xunit.reportsPaths=$(testResults)
    sonar.sourceEncoding=UTF-8
    sonar.coverage.exclusions=/css/less//,/css/common//,/js/common//*
    sonar.exclusions=.Test/,/*.jpg,/.jpeg,**/.png,/*.gif,/.mp4,**/.pdf,/*.sql,/.js,cisiweb2/**
    sonar.test.inclusions=
    .Test/*

I would expect this to ignore all js files and also everything inside the cisiweb2 folder?..

yet in the analysis I get errors like this:
##[error]17:10:51.020 ERROR: Failed to analyze file [CISIWeb2/js/three.interaction.js] from TypeScript: Cannot read properties of undefined (reading ‘parent’)\u000aOccurred while linting D:/a/1/s/CISIWeb2/js/three.interaction.js:1\u000aRule: “S1874”

and its processing all the files anyway eg:

17:08:39.707 DEBUG: ‘CISIWeb2/js/advent2020.js’ generated metadata with charset ‘UTF-8’
17:08:39.708 DEBUG: Average line length for CISIWeb2/js/advent2020.js is 23
17:08:39.708 DEBUG: ‘CISIWeb2\js\advent2020.js’ indexed with language ‘js’

why aren’t the exclusions working?

Hi @whiterabbit99, welcome back to the community!

This is a bug we discovered yesterday in the way extraProperties are handled in v3 tasks on Windows agents.

This has been fixed in v3.0.2 of the extension.

Denis

So do I need to change anything on my end or does it just use 3.02 automatically now?

As far as I know, the extension itself should upgrade automatically, at least on Azure DevOps Services.

You can normally check it in your Organization’s settings, under extensions.

Denis

doesn’t look like its fixed - 3.02 is running and still have same issues…

Starting: SonarCloud Analysis

Task : Run Code Analysis
Description : Run scanner and upload the results to the SonarCloud server.
Version : 3.0.2

I believe this is caused by the sonar.scanner.scanAll now being enabled by default. I’m experiencing the same issue, but setting sonar.scanner.scanAll=false fixes the problem. However, I’m unsure what it does and if I’m still getting the same result.

I’m also using version 3.0.2, so it’s clearly not fixed.

Hi @siewers and @whiterabbit99

Indeed @siewers is right, I was a bit quick in thinking this was the same issue.

It looks like there is an error analyzing some Javascript files, which are now being automatically discovered by the scanner in its latest version.

Setting scanAll=false will indeed prevent said files from being analyzed, but it will also prevent any files other outside your dotnet solution from being analyzed. You can normally also use exclusions to ignore some files more precisely.

In this specific case, the files should have been excluded due to the sonar.exclusions=.Test/,/*.jpg,/.jpeg,**/.png,/*.gif,/.mp4,**/.pdf,/*.sql,/.js,cisiweb2/** property.

If you are running on a linux-based agent, be careful with the case of your paths. I see here you indicated cisiweb2/** but the folder is actually CISIWeb2. This might be why you are seeing the error even though the folder was supposed to be excluded.
Try changing your property to sonar.exclusions=.Test/,/*.jpg,/.jpeg,**/.png,/*.gif,/.mp4,**/.pdf,/*.sql,/.js,CISIWeb2/**
Please let us know if changing the path solves the exclusion problem.
As for the error itself, I will refer this to the proper team.

Denis

I can’t get exclusions to work on Windows or Linux if sonar.scanner.scanAll is enabled (either by default or explicitly).

I have two directories I want to exclude, but they are still scanned, causing errors in the task.
Strangely, it worked fine before updating to version 3 of the task.

The exclusions look like this: sonar.exclusions="WebApi/**,TypeScriptTemplates/**".
I also tried changing the exclusion pattern to **/WebApi/**,**/TypeScriptTemplates/**, but it doesn’t make any difference.

I’ve gone back to v2. It seems v3 is still in beta judging from the number of issues people are having. I’m still waiting on various issues so once these have been resolved I might try it again.

I think there needs to be a proper migration document as well covering the intentional changes and how to mitigate new issues like the increased lines of code being scanned. v2 should not have been marked as deprecated until v3 was properly tested either

Any news about the exclusions with v3?

We want to fix the deprecation warning from v2 but are waiting with an update until exclusions are working again.

Hi @SvenC

Exclusions have normally been fixed since
The current v3 tasks should use the latest scanner (task 3.1.1 as of today, targeting Scanner for .NET 9.0.2) and honor sonar.exclusions properly. We also corrected other issues since the original release (usage of variables in extraProperties, problems with specifying projectBaseDir…).

Please let us know if you still have issues.

To all of you (@siewers , @SvenC , @whiterabbit99), I’m sorry I missed your messages here. If you still have issues I’d like to know more:

  • Can you share your (redacted) pipeline?
  • can you share the repository layout
  • the logs of your tasks (prepare, build, analyze) with the sonar.verbose=true extra property

Denis

1 Like