SonarQube + Azure Devops, properties file not in root is ignored

mdazy · February 21, 2019, 2:56pm

versions used: SonarQube 7.7, scanner 3.2.0 + Azure devops
error observed (wrap logs/code around triple quote ``` for proper formatting)
The sonar-project.properties file in our project is not in the default location (project root). We have configured the AZ devops SonarCloud integration to specify our custom location for the file.

However the analysis task fails, stating that projectKey has not been defined. The log suggests that the configuration file is not found at all - see second INFO line:

##[section]Starting: Run Code Analysis
==============================================================================
Task         : Run Code Analysis
Description  : Run scanner and upload the results to the SonarCloud server.
Version      : 1.5.1
Author       : sonarsource
Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
==============================================================================
[command]C:\WINDOWS\system32\cmd.exe /D /S /C "D:\agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.5.1\sonar-scanner\bin\sonar-scanner.bat"
INFO: Scanner configuration file: D:\agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.5.1\sonar-scanner\bin\..\conf\sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 3.2.0.1227
INFO: Java 1.8.0_171 Oracle Corporation (32-bit)
INFO: Windows 10 10.0 x86
INFO: User cache: C:\WINDOWS\system32\config\systemprofile\.sonar\cache
INFO: SonarQube server 7.7.0
INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=255ms
INFO: Server id: BD367519-AWHW8ct9-T_TB3XqouNu
INFO: User cache: C:\WINDOWS\system32\config\systemprofile\.sonar\cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=87ms
INFO: Load/download plugins (done) | time=271ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 3.022s
INFO: Final Memory: 19M/124M
INFO: ------------------------------------------------------------------------
##[error]ERROR: Error during SonarQube Scanner execution
ERROR: You must define the following mandatory properties for 'Unknown': sonar.projectKey
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
ERROR: Error during SonarQube Scanner execution
ERROR: You must define the following mandatory properties for 'Unknown': sonar.projectKey
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
##[error]D:\agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.5.1\sonar-scanner\bin\sonar-scanner.bat failed with return code: 1
##[section]Finishing: Run Code Analysis

steps to reproduce
Configuration yaml for the SonarCloud task in AZ devops:

steps:
- task: SonarSource.sonarcloud.14d9cde6-c1da-4d55-aa01-2965cd301255.SonarCloudPrepare@1
  displayName: 'Prepare analysis on SonarCloud'
  inputs:
    SonarCloud: sonarcloud
    organization: '**hidden**'
    scannerMode: CLI
    configFile: 'config/sonar/sonar-project.properties'

Contents of config/sonar/sonar-project.properties:

# must be unique in a given SonarQube instance
sonar.projectKey=myProject:master
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=MyProject
sonar.projectVersion=1.0
 
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set. 
sonar.sources=.
 
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

# Additional properties that will be passed to the scanner, 
# Put one key=value per line, example:
# sonar.exclusions=**/*.bin
sonar.inclusions=server/**/*,client/**/*
sonar.exclusions=node_modules/**/*,dist/**/*

sonar.javascript.lcov.reportPaths=coverage/lcov.info
sonar.typescript.lcov.reportPaths=coverage/lcov.info

sonar.typescript.tslint.reportPaths=ts-lint-report.json

# issue filtering
# the syntax for multiple criteria is missing from the documentation but we
# can supply a comma-separated list of criteria names in sonar.issue.ignore.multicriteria
# and then define each criteron as a pair of options
# sonar.issue.ignore.multicriteria.<name>.ruleKey and sonar.issue.ignore.multicriteria.<name>.resourceKey
sonar.issue.ignore.multicriteria=allowNonNullInTests
# typescript:S2966 - non-null operator should not be used
# disable for unit and integration tests, as non-null is normally checked
# with jest assertions but TypeScript does not detect that, so non-null
# operator relieves the code of unnecessary extra checks
sonar.issue.ignore.multicriteria.allowNonNullInTests.ruleKey=typescript:S2966
sonar.issue.ignore.multicriteria.allowNonNullInTests.resourceKey=**/__*tests__/*

potential workaround: put properties file at root and set configFile: 'sonar-project.properties in the AZ devops configuration. As far I have been able to assess, it is the only place - and file name - that does work.

andrejohansson · February 28, 2019, 11:06pm

I can confirm this too, I’ve spent better part of the day trying to analyze two projects in the same repo. Putting their Sonar settings in two separate files in the root, and they were not named sonar-project.properties.

But the Sonar scanner is not pick it up (CLI mode). Putting the settings in one file sonar-project.properties with modules was a suggested solution but I cannot get the reporting for the submodules to show in the SonarCloud UI either.

ganncamp · March 1, 2019, 8:31am

Hi,

It’s not a “workaround” to put your configuration in the root and name the file sonar-project.properties, it’s the only supported way to use a properties file.

However, you do have the option of passing your configurations on the command line something like this:

C:\WINDOWS\system32\cmd.exe /D /S /C "D:\...\sonar-scanner.bat -Dsonar.projectKey=myProject:master -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info ..."

And by the way, you should consider configuring your exclusions in the UI. You’ve cracked the multicriteria nut, but in general exclusions are far easier to manage via the UI.

Ann

mdazy · March 1, 2019, 8:51am

Thanks for your answer.

But then why does the VSTS plugin provide the option at all? It even features an actual file selector, which leads the user to expect it is possible to set the file in an arbitrary location.

The advantage of the configuration file vs the UI is that it is instantly transferrable from one project to another - although admittedly we have not played around with the UI much yet.

andrejohansson · March 1, 2019, 9:08am

Like Matthieu pointed out then, why is there a textbox allowing you to change the filename?

And in other words, then SonarCloud does not support monorepo layouts where you have a lot of different projects in the same repository?

Julien_HENRY · March 1, 2019, 9:49am

Hi folks,

But then why does the VSTS plugin provide the option at all? It even features an actual file selector

You might be affected by [VSTS-171] - Jira. Sorry for the inconvenience.

where you have a lot of different projects in the same repository

We are not supporting that. For example if you run PR analysis, the last analysis will override results. An entire repository should be analyzed as a single SonarCloud project.