I have a PR analysis done on a project in Azure pipeline and the analysis doesnt show up any issues in sonarUI for the code.
But when the PR is merged in to the branch and analysis is performed then the issues are generated for the same piece of code.
using SonarQube 8.5
Could someone explain the reason??
What type of Azure DevOps are you using? The cloud offering, Azure DevOps Services (VSTS)? Or the on-premises offering, Azure DevOps Server (TFS)?
According to the introduction from the docs about Pull Request Analysis in SonarQube, it seems that Azure DevOps Services is not supported for Pull Request Analysis in SonarQube.
If you are using Azure DevOps Services, you can try the method below to see if it can work:
Install a Self-hosted agent on the machine your SonarQube server is hosting. And use this agent to run your pipeline. Before analyzing your Pull Requests, make sure the Pull Request branch is checked out.
[UPDATE]
According to your comments,
I have a PR analysis done on a project in Azure pipeline and the analysis doesnt show up any issues in sonarUI for the code. But when the PR is merged in to the branch and analysis is performed then the issues are generated for the same piece of code.
The PR build and the CI build have the same configuration, and the only difference is the trigger type. Due to the CI build can work as expected, the configuration you set in the Azure pipeline should be correct.
I see this happenning intermittently...previously with 8.0 version this issue never happened..after the upgradation to 8.5..I can see this issue happening
You can try the build pipeline with version 8.0 to see if it still works as expected. And compare the output logs in the build pipeline between version 8.0 and 8.5.
If it works fine on version 8.0, it means the Azure pipeline can work normally, and the issue should occur on the version 8.5 itself. If so, I recommend that you can open a topic on the SonarSource Community to get more help.
Related
I am currently on SonarQube Community Edition and I am trying to Integrate SonarQube with BitBucket. I have created an OAuth Consumer in my BitBucket Account and when I try to add it in SonarQube's BitBucket Cloud I am getting an error which is not properly complete I Guess (Unknown url : /api/alm_settings/create_bitbu... )
I don't know what I am doing wrong or if SonarQube Community Edition doesn't allow me to integrate BitBucket ALM. I am attaching a screenshot of the same
Cheers,
As it turns out, I have solved this issue and am posting the solution for whoever needs it.
It just so happens that this was an issue with the version of SonarQube I had. I updated SonarQube to the latest version(v9.6.1) and that resolved my issue.
Cheers,
I have a Xamarin project that builds just fine on my local machine but is not building on the azure server. Anyone see this before ?
##[error]The nuget command failed with exit code(1) and error(NU1201: Project XXX.XXXX.XXXXX is not compatible with monoandroid10.0 (MonoAndroid,Version=v10.0). Project XXX.XXXX.XXXXX supports: netstandard2.1 (.NETStandard,Version=v2.1)
Upgrade your nuget version to 5.8 and this will all go away :)
If you use Azure pipelines to Build and deploy Xamarin apps, please refer to this doc. And if you use Microsoft-hosted agent, its build environment is different from local machine, such as it may lack of some software or installs different software version. You can see the installed software for each hosted agent by choosing the Included Software link in the table.
To your issue, please check which NuGet version do you use to build this project locally, and then use the NuGet Tool Installer task in Azure pipeline to specify this NuGet version(maybe 5.8.0 works for your issue as Mouse commented) to build your project with Microsoft-hosted agent.
Also you could deploy local self-hosted Windows agent and use it in Azure pipeline to build your project, which will run local build environment.
BTW, you could refer to this doc: Review logs to diagnose pipeline issues to make initial troubleshooting steps when encounter pipeline issues.
I understand that it is possible to perform the analysis of the master branch with the Community version.
How can this be done? Since the only way I've found is using the sonar-scanner.
Thanks.
Sonarqube supports scanning of a branch per project in the Community Edition without any additional plugins installed. You typically do this using the scanner that fits into your build tool, e.g. Sonar Maven Scanner, Sonar Gradle Scanner, Sonar MSBuild Scanner plus some other scanners. You'll need to have a SonarQube server running somewhere (locally, or potentially Sonar Cloud) for the Scanner to communicate with.
The terminology may be what's misleading you here - SonarQube is split into 3 main parts:
Sonar Server: the user interface and API, typically run on a remote server
Sonar Scanner: the part that runs on your local/build machine, gathers details about your source code, libraries, test results, coverage etc and submits them to the Compute Engine
Sonar Compute Engine: the part that does all the work of analysing source and byte code, coverage, and test results to calculate any issues and produce quality metrics which Sonar Server then presents back as the result of a scan. This part is normally run as part of you launching Sonar Server so you wont typically have to do anything special to get this working.
You wont be able to get any results without having used all 3 of these parts, normally by downloading and running SonarQube, and then running the scanner using your build tool.
If you're wanting to scan more than a single branch in newer editions of SonarQube (7.3 and above) then you'll need to consider updating to SonarQube Developer Edition, or installing a plugin that support Community Edition Branch Analysis
I have just updated the SonarQube plugin to V4 in my VS2017 VNext build but the build is sat waiting for an available agent.
All my agents have MSBuild and Java, are there any other capabilities required for the V4 update.
If I move back to the V3 SonarQube plugin the same build works fines
v4 of the tasks do not add any new demands. However, the new version is written in Node.js rather than PowerShell (so it can run on non-Windows build agents). If you are running an on-premise version of TFS you might need to update your build agents.
FYI when I ran the v4 of the task on TFS2017.2 the build failed with the message No agent found in pool X which satisfies the specified demands: .... Agent.Version -gtVersion 2.119.1
The Microsoft docs for upgrading the agents are here. I ended up downloading the specified version of the agent from the vsts-agents releases page on GitHub.
is it possible to make the TFVC Plugin of SonarQube work with VSTS?
If I want to use the Plugin to connect with the TFVC of our VSTS-Account I get a not authorized exception. I'm pretty sure that the credentials are correct. Or Are there any special rights which are needed for that?
19:54:37.632 ERROR - Unable to TFS annotate the project which raised the following authentication exception: TF30063: You are not authorized to access xxx.visualstudio.com\DefaultCollection.
the configuration seems all correct, because the plugin works with a TFS2015-Server without any issues.
I'm Testing the plugin localy with the sonar Scanner V1.1.
SonarQube Version 5.2, TFVC Plugin Version 2.1
Thank you for your help!
Apparently this scenario is not supported yet. I ran into the same problem and I found the following issue on the backlog of the SonarQube team:
With the current TFVC Annotate plugin code author information is not seen for VSO hosted builds, this MMF is to enable the same.
You can find this information on: https://jira.sonarsource.com/browse/MMF-85
So until they fixed it I fear you'll need to disable this plugin...