Using Sonarcloud with ADO pipeline templates

Hi,

We use a series of templates to build and deploy in ADO. We have a section that allows passing of additional tasks into the templates. I am trying to pass in the sonarcloud tasks but this does not work because it doesn’t like the directory that our code lives in (which is a result of checking out multiple repos, including the templates)

This is the code

preBuildSteps:

  - task: SonarCloudPrepare@3
    inputs:
      SonarCloud: 'redacted'
      organization: 'redacted
      scannerMode: 'dotnet'
      projectKey: 'redacted-demo'
      extraProperties: |
        sonar.sources="$(Agent.BuildDirectory)/code/redacted-demo"
  
  # Dotnet build task
  - task: DotNetCoreCLI@2
    displayName: 'dotnet build'
    inputs:
      command: 'build'
      projects: '$(Agent.BuildDirectory)/code/redacted-demo/*.csproj'

  # Run Code Analysis task
  - task: SonarCloudAnalyze@3

  # Publish Quality Gate Result task
  - task: SonarCloudPublish@3
    inputs:
      pollingTimeoutSec: '300'

This SonarCloudAnalyze task fails with the following

15:21:01.082 WARNING: File ‘/home/vsts/work/1/code/redacted-demo/Program.cs’ is not located under the base directory ‘/home/vsts/work/1/s’ and will not be analyzed.
15:21:01.082 WARNING: File ‘/home/vsts/work/1/code/redacted-demo/obj/Debug/net8.0/apphost’ is not located under the base directory ‘/home/vsts/work/1/s’ and will not be analyzed.

Is it possible to use sonarcloud as part of our templates? I have been going round in circles and tested a number of things without success, so any help you be appreciated.

Hello!

You don’t need to use sonar.sources when working with the SonarScanner for .NET. In fact, it’s not supported and shouldn’t be used in this context.

If your pipeline is only building these projects:

projects: '$(Agent.BuildDirectory)/code/redacted-demo/*.csproj'

Then only the files associated with these .csproj files will be indexed and analyzed automatically by the SonarScanner for .NET. There’s no need to specify them separately with sonar.sources.

How does analysis behave when you remove sonar.sources?

Thanks for the response, Colin.

I have tried removing the sonar.sources and still have the same issues with the base directory

  - task: SonarCloudPrepare@3
    inputs:
      SonarCloud: 'redacted'
      organization: 'redacted'
      scannerMode: 'dotnet'
      projectKey: 'redacted-demo'
  
  # Dotnet build task
  - task: DotNetCoreCLI@2
    displayName: 'dotnet build'
    inputs:
      command: 'build'
      projects: '$(Agent.BuildDirectory)/code/redacted-demo/*.csproj'

  # Run Code Analysis task
  - task: SonarCloudAnalyze@3

  # Publish Quality Gate Result task
  - task: SonarCloudPublish@3
    inputs:
      pollingTimeoutSec: '300'

09:47:09.4 WARNING: File ‘/home/vsts/work/1/code/redacted-demo/Program.cs’ is not located under the base directory ‘/home/vsts/work/1/s’ and will not be analyzed.
09:47:09.401 WARNING: File ‘/home/vsts/work/1/code/redacted-demo/obj/Debug/net8.0/apphost’ is not located under the base directory ‘/home/vsts/work/1/s’ and will not be analyzed.

Hm. Well thanks for trying.

You could also try playing around with sonar.projectBaseDir (the same way you were configuring sonar.sources under SonarQubePrepare) to see if you ultimately get a correct value.

I would guess it wants to be /home/vsts/work/1/ or /home/vsts/work/1/code/.

In fact, diving into the code, I’m pretty sure this is what you want to be doing. The SonarScanner for .NET will use Build.SourcesDirectory if not told otherwise, which seems to be the wrong directory in your multi-repo checkout scenario. One of these variables must be a better one.

Thanks Colin.

Not sure if the issue is on my side but it doesn’t seem to find the dir, despite it appearing valid.

  - task: SonarCloudPrepare@3
    inputs:
      SonarCloud: 'redacted'
      organization: 'redacted'
      scannerMode: 'dotnet'
      projectKey: 'redacted-demo'
      extraProperties: |
        sonar.projectBaseDir="/home/vsts/work/1/code/"
  
  # Dotnet build task
  - task: DotNetCoreCLI@2
    displayName: 'dotnet build'
    inputs:
      command: 'build'
      projects: '$(Agent.BuildDirectory)/code/redacted-demo/*.csproj'

  # Run Code Analysis task
  - task: SonarCloudAnalyze@3

  # Publish Quality Gate Result task
  - task: SonarCloudPublish@3
    inputs:
      pollingTimeoutSec: '300'

• task: SonarCloudAnalyze@3 output
  ##[error]12:54:57.471 The project base directory doesn’t exist.

Running find prior shows the following paths
find $(Agent.BuildDirectory)/code/redacted-demo/

/home/vsts/work/1/code/redacted-demo/
/home/vsts/work/1/code/redacted-demo/Program.cs
/home/vsts/work/1/code/redacted-demo/redacted-demo.csproj

I have tried

sonar.projectBaseDir=“/home/vsts/work/1/code/”
sonar.projectBaseDir=“/home/vsts/work/1/code/redacted-demo/”
sonar.projectBaseDir=“$(Build.SourcesDirectory)/code”
sonar.projectBaseDir=“$(Build.SourcesDirectory)/code/redacted-demo”
sonar.projectBaseDir=“$(Agent.BuildDirectory)/code/redacted-demo”
sonar.projectBaseDir=“$(Agent.BuildDirectory)/code”

Try without using double quotes.

      extraProperties: |
        sonar.projectBaseDir=/home/vsts/work/1/code

That seems to have done it, thanks Colin.

I’m trying to do some python with the same logic but it doesn’t appear to scanning the files. I will keep trying and then if I get stuck I’ll reach out again.

Really appreciate the help.