SonarCloud Quality Gate stopped or not available in Azure DevOps branch policies

SonarQube Cloud
,
1

Hi, recently, the policy in charge of the Quality Gate in Azure DevOps is not working as expected anymore.

I have tried, to replace all my tokens, added a new config as exposed below in the Azure Publish and prepare tasks:

 SonarCloud: "org.sonarcloud.connection"

          organization: "org"

scannerMode: "CLI"

configMode: "manual"

cliProjectKey: "org_Frontend"

cliProjectName: "org.frontend"

cliSources: "./frontend"

extraProperties: |

            sonar.pullrequest.provider=vsts

            sonar.javascript.lcov.reportPaths=frontend/coverage/**/lcov.info

            sonar.coverage.exclusions=frontend/**/*test*.ts,frontend/**/*test*.tsx,frontend/**/*spec*.ts,frontend/**/*spec*.tsx

            sonar.pullrequest.vsts.instanceUrl=$(System.TeamFoundationCollectionUri)

            sonar.pullrequest.vsts.project=$(System.TeamProject)

            sonar.pullrequest.vsts.repository=$(Build.Repository.Name)

The analysis is working as expected, furthermore I can see the quality gate in the extensions:

image
image1548×1156 69.2 KB

image
image1764×1590 137 KB

However, I cannot create a policy for master branch as I did in the past anymore:

image
image972×1876 67 KB

Could someone help me with this?

Don’t know if is a known issue between Azure DevOps and SonarCloud version.

Thanks in advance.

2

Hey there.

Have you updated any Azure DevOps tokens on SonarQube Cloud that might have gone bad?

3

Hi Colin. Thanks for the guide. Yes, was the first I did, I regenerated the personal access token and the organization token and update it in the Azure DevOps settings.

There is some api or tool where can I verify is getting the right ones?

I clicked in the verify section and worked well.

4

I would double check that you have nothing set in the project-level settings (see here)

If that’s the case, I’ll reach out via PM for some extra details to look things up in the backend.

5

I have followed the guide, removed the token at the project level, and redo the Sonar Cloud Policy, and is still waiting the quality gate.

image
image2312×1322 155 KB

6

Have you reanalyzed your PR?

And, the screenshot you’re sharing is at the org-level, not the project level.

7

yes, even tried to abandon and republish the Pull request without success,

that is my currently config at project level:

image
image2284×1450 268 KB

Verified also the project repo is bound to Azure:

image
image870×496 39 KB

Thanks

8

I’ve sent you a PM

9

Still not working.

I have removed the project associated tokens, and only using Orngaization valid token and still not working as expected

10

I’ve had this exact scenario happen over the last few days… Projects that were reporting successfully suddenly just stopped…. I would appreciate being a part of this troubleshooting effort as well. Difference being we’re using Sonarqube Server..

11

Could someone from SonarCloud clarify is this token is needed?

Because I found in different places different tokens, one documentation says about Organization token, same as PAT, other said specific project token, like this:

And other guides, says SONAR_TOKEN used for environment variables for use as Other configuration.

I have a problem between SonarCloud and Azure DevOps, not Azure DevOps to –> SonarCloud.

For some reason, the SonarCloud is not reaching the PR and didn’t decorate it, however I can see the analysis in the extensions of the pipeline and also in SonarCloud.

Need some assistance please.

Thanks in advance.

image
image1340×416 50.3 KB

12

Seems the token is mandatory write code permissions for the Pull Requests section in Azure DevOps, after that, is working again. Could someone clarify the difference between PAT TOKEN at project level, and Organization Token level? Can be reused for all the projects?

**Scoped Organization Tokens
**
Can it be used for Pull request decorator?

13

Hey @rafalg8

This is what you had to check, right? Just want to make sure nothing has changed (this is what is documented)

image
image1273×1950 177 KB

The PAT token at the project level simply overrides the organization token. It is legacy that the project-level token exists at all, but it is hard to remove something once it’s added.

SOTs are SonarQube Cloud tokens, while what you’re talking about is an Azure DevOps Token.

14

Yes, was documented I misunderstood it.

Regarding the PAT and tokens, there is some way to reuse same PAT for the communication between Sonar and Azure DevOps, which the PAT can be reusable by all the projects below same organization using same token?

I assume like this? Importing Azure DevOps organization | SonarQube Cloud | Sonar Documentation

It can be possible simply use Azure Service connection and managed through it, instead a Personal Acces Token which will be outdate each 90 days?

Thanks

15

The PAT set at the org-level is automatically used by projects with no project-level token defined.

It’s something on our roadmap.

16

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.