SonarCloud with Azure DevOps - Scan Fails

SonarQube Cloud
,
8

Hi Mickael,

This morning, I switched from the CLI scannerMode to the MSBuild scannerMode within the dedicated Stage I had previously created, but fouind that the integration fails when the scan runs:

##[error]The SonarQube MSBuild integration failed: SonarQube was unable to collect the required information about your projects.

The MSBuild option seems to expect the build to be occurring between the Prepare and Analyze Tasks, similar to what I had to do when I ran the manual scan and built each of the .sln files one by one. However, we have multiple build Jobs and you cannot have the Prepare/Analyze sections span between Jobs; it does not detect that the analysis has been run if it is not within the same job. It seems like I have to place a separate Build/Analyze sets of tasks for each in-scope build in our Pipeline.

I set up a set of Prepare/Analyze/Publish tasks around the existing build operations in our first build to test this theory and get around the previous error where the builds were not detected. This time, the Projects were detected, but the scanner skipped all projects due to duplicate GUID’s:

WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\ramsoft.common\src\ramsoft.recurrence\ramsoft.recurrence.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\ramsoft.common\src\ramsoft.documentconversion\ramsoft.documentconversion.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\ramsoft.common\src\ramsoft.common\ramsoft.common.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\fhir-api-services\r4\src\ramsoft.fhir.r4.api\ramsoft.fhir.r4.api.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\fhir-api-services\r4\src\ramsoft.fhir.r4.unittests\ramsoft.fhir.r4.unittests.csproj”

##[error]No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.

##[debug]Processed: ##vso[task.logissue type=error;]No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.

Based on the following, it looks like we have two options (for this particular build) - change our existing build to build off the .sln, or add a GUID to the .csproj file: WARNING: Duplicate ProjectGuid: "00000000-0000-0000-0000-000000000000". The project will not be analyzed by SonarQube - #4 by Andrei_Epure

Single .NET Core project files (csproj or vbproj) could be built and successfully analyzed only if a <ProjectGuid>unique guid</ProjectGuid> element is added in the csproj or vbproj XML. The <ProjectGuid> element is not required if you build a solution (sln) containing that project.

Any input on this? Am I on the right track in terms of running a scan per build (is it even supported)?