Upgraded SonarQube now branch selection and Azure DevOps integration is not working

SonarQube
, ,
1

We have recently updated to a larger license as we reached our LoC limit. Along with this new license we updated the version of SonarQube we’re running. After these 2 changes we are no longer able to switch branches on the UI and the pull requests are not showing from Azure DevOps

image

Also the only branch showing is the main branch under branches

image
image1320×365 16.3 KB

and the pull requests are not showing:

image
image1415×249 11.4 KB

Please find attached below the prepare, analyse and publish logs from a build in Azure DevOps
Prepare.txt (2.5 KB)
Analyse log.txt (35.6 KB)
publish.txt (870 Bytes)

  • SonarQube Version: 10.2.0.77647

  • SonarQube ADO Extension version: 5.17.2

  • SonarQube is deployed using Docker

  • We are trying to scan multiple branches as well as have quality gates on Pull Requests and decorations on builds in Azure DevOps

  • We have tried updating the Azure DevOps agent as well as restarting and re-applying the license

2

Hi Deon,

Thank you for reporting this.
Would you mind sharing your pipeline so we can see which version of the SonarQube tasks you are using?

3

Hi Denis,

The SonarQubePrepare task looks like this:
- task: SonarQubePrepare@4
displayName: ‘Prepare analysis on SonarQube’
inputs:
SonarQube: SonarQube
projectKey: ‘STT_CalculationLibrary’
projectName: CalculationLibrary
projectVersion: ‘$(Build.BuildNumber)’

Here is the info that displays in the logs when it runs:
==============================================================================
Task : Prepare Analysis Configuration
Description : Prepare SonarQube analysis configuration
Version : 4.36.0
Author : sonarsource
Help : Version: 4.36.0. [More Information](SonarQube extension for Azure DevOps)
==============================================================================

The SonarQubeAnalyze task looks like this:
- task: SonarQubeAnalyze@4
displayName: ‘Run Code Analysis’

Here is the info that displays in the logs when it runs:
==============================================================================
Task : Run Code Analysis
Description : Run scanner and upload the results to the SonarQube server.
Version : 4.36.0
Author : sonarsource
Help : Version: 4.36.0. This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](SonarQube extension for Azure DevOps)
==============================================================================

The SonarQubePublish task looks like this:
- task: SonarQubePublish@4
displayName: ‘Publish Quality Gate Result’

Here is the info that displays in the logs when it runs:
==============================================================================
Task : Publish Quality Gate Result
Description : Publish SonarQube’s Quality Gate result on the Azure DevOps build result, to be used after the actual analysis.
Version : 4.9.4
Author : sonarsource
Help : Version: 4.9.4. [More Information](SonarQube extension for Azure DevOps)
==============================================================================

4

Thank you,

I was finally able to reproduce the issue here.
If I may ask, is it possible for you to bump your tasks to v5 :

  • SonarQubePrepare@5
  • SonarQubeAnalyze@5
  • SonarQubePublish@5

I was successful in my case with newer versions of the tasks.
Another user also reported issues when switching to 10.2, and mentioned that older task versions were not compatible anymore: SonarQube Azure DevOps quality gates not working since 10.x - #5 by rafal.prokopowicz.sp

5

Hi Denis,

Thank you, that fixed the issue with the quality gates not running. We can also select different branches or pull requests on SonarQube now.

We now have an issue where the quality gates on Azure DevOps don’t reset when a new commit is pushed to a PR. The new build does run after a push to an existing PR, but the result on the quality gate doesn’t reset and rerun the check. So if the initial quality gate on a PR passed the rest of the commits to that PR aren’t analyzed.

Along with this, we are not seeing any comments on issues picked up by SonarQube when the analysis runs. Previously we had comments on ADO that shows the issues that SonarQube picked up. They looked something like this:

image
image753×125 6.77 KB

6

Hi there,

Glad to hear your first problem has been handled successfully!

As for the new one, let me see if we can reproduce the behavior here and get back to you.
I am off for the next two days so it might take a bit of time on my side.

Denis

7

I just tried on my test project and I can see the result of the failed analysis on SQ, as well as the quality gate status on AZDO and the comments for the issues:

image
image1014×225 4.48 KB

image
image998×450 25.4 KB

Would you mind checking the permissions associated with the PAT in AZDO you are using for the configuration on Sonarqube’s side? It should be Code “Read & Write”. Please also check the expiration date of the PAT:

image
image1402×483 23.6 KB