ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
Azure DevOps
CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
Azure DevOps
Scanner command used when applicable (private details masked)
We are using a Cake task for running our builds with SonarCloud analysis. It outputs the following command:
Server running version 8.0.0.11819 (https://sonarcloud.io/api/server/version)
begin /d:sonar.host.url="https://sonarcloud.io" /k:"[REDACTED]" /o:"[REDACTED]" /n:"[REDACTED]" /d:sonar.exclusions="[REDACTED]" /d:sonar.cs.vstest.reportsPaths="[REDACTED]" /d:sonar.coverage.exclusions="[REDACTED]" /d:sonar.cs.opencover.reportsPaths="[REDACTED]" /d:sonar.pullrequest.branch="refs/heads/feature/7567-sonar-pr-analysis" /d:sonar.pullrequest.key="530" /d:sonar.login="[REDACTED]"
Languages of the repository
dotnet core
Only if the SonarCloud project is public, the URL. And if you need help with pull request decoration, then the URL to the PR too
Both are private
Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
PR analysis works in SonarCloud and shows up just fine, however, the issues it finds are not decorated in our Azure DevOps Pull Request.
I have followed the steps as described in the documentation for enabling PR decoration, but nothing happens.
I have also checked out similar topics on this forum and can already confirm that “Enable Azure Active Directory Conditional Access Policy Validation” is not enabled in our Azure DevOps organization.
ID of the background task of the PR Analysis AXRy1ENXmUNksq5y72VI
Am I missing something else? Any help is appreciated.
We are executing a Cake script as part of our build pipeline and I tried extending our existing and working configuration which uses this Cake.Sonar package for running the analysis from the Cake scripts. I configured it as follows:
Task("SonarPrepareAnalysis")
.WithCriteria(isRunningOnPipelines)
.Does((context) => {
var buildSourcesDirectory = EnvironmentVariable("BUILD.SOURCESDIRECTORY") ?? context.Environment.WorkingDirectory.FullPath;
var vsTestReports = string.Join(",", testProjects.Select(projectName => $"{buildSourcesDirectory}/tests/{projectName}/TestResults/TestResults-{projectName}.xml"));
var openCoverReportsPath = string.Join(",", testProjects.Select(projectName => $"{buildSourcesDirectory}/tests/{projectName}/coverage.opencover.xml"));
var settings = new SonarBeginSettings {
Url = "https://sonarcloud.io",
Organization = "[REDACTED]",
Key = "[REDACTED]",
Name = "[REDACTED]",
Login = sonarCloudToken,
Version = versionInfo.FullSemVer,
CoverageExclusions = "**/TestUtils/**,**/DbMigrator/**,**/*.sql",
Exclusions = "**/DbMigrator/**,**/Scripts/*.sql",
VsTestReportsPath = vsTestReports,
OpenCoverReportsPath = openCoverReportsPath
};
if (AzurePipelines.Environment.PullRequest.IsPullRequest)
{
settings.PullRequestKey = AzurePipelines.Environment.PullRequest.Id;
settings.PullRequestBranch = AzurePipelines.Environment.PullRequest.SourceBranch;
}
SonarBegin(settings);
});
// Build, test and collect code coverage tasks here
Task("SonarRunAnalysis")
.WithCriteria(isRunningOnPipelines)
.Does(() => {
SonarEnd(new SonarEndSettings {
Login = sonarCloudToken
});
});
Using this approach PR Analysis were actually getting created and analyzed correctly in SonarCloud, however as I mention, the issues it finds are not decorated in our Azure DevOps Pull Request with comments. There is also no button in SonarCloud to click through to the Pull Request in Azure Devops.
Should I be passing along more / other analysis parameters besides the PullRequestKey and PullRequestBranch?
Yes, you need also
sonar.pullrequest.vsts.instanceUrl
sonar.pullrequest.vsts.project
sonar.pullrequest.vsts.repository
To be set, along with a Personal Access Token that you will generate on Azure DevOps and put in the relevant setting of your project (in the Pull Request section)
