I configure Azure pipelines with react native. I need to analyse the code using SonarQube. Builds are succeeded.But SonarQube shows no issues. The Publish Quality Gate Result shows ['No analysis found in this build! Please check your build configuration.']
Related
We have setup pull request analysis for C# .Net code. It is observed old code(unmodified) is being considered for analysis which is not expected, this is blocking us from using quality gates.
The new code condition is set based on the “number of days” condition which is set to 1.
Even then the PR/short branch analysis reports issues that are present in old code (which are not updated\edited as part of the pull request), because of this issue we are unable to enable quality gates.
Following tasks are used in the azure devops pipeline:
Prepare analysis for sonar cloud
Run code analysis
Publish quality gate result
ALM used: Git in Azure DevOps CI system used Azure DevOps
Languages of the repository: C# .Net
This is an example SonarQube pipeline configuration which is executed on every merge to the master branch.
Example pipeline steps
Steps:
Node is installed for building purposes
Prepare analysis is initiated which downloads necessary for scanning, configurations and rulesets
Nugget package manager is installed
Nugget restore is initiated
Solution is built (important step)
Code analysis is checking every .cs file contained in the solution previously built
Strict quality gate are the scan results
Custom build step which breaks the pipeline if quality gate has failed
This might be obvious but make sure you are building the C# solution in between the Prepare analysis on SonarQube and Run Code Analysis in order to provide updated code that SonarQube will analyze.
The "Get results from SonarQube" step is a powershell script that calls the SonarQube API to get the quality gate results of the scan initiated in order to fail if issues have been found.
Issue :
SONAR Code coverage is not getting reflected on Azure DevOps.
We are developing application in C# .NET , the test methods are running successfully however when we push the build in pipeline of Azure DevOps, the code coverage percentage still remains 0%.We tried checking all the possible settings but aren't able to reach on any solution yet. Can anyone let me know which all areas we should be checking to resolve this issue?
Let me know if additional information is required.
after fighting now with integrating JaCoCo results into my SonarQube to see code coverage for more then one working day, I will try to open another post regarding this topic, because the internet is really messed with postings.
Preconditions:
SonarQube: Version 6.7.2
Maven: 3.5.2
Windows Server2012 R2
I successfully integrated Sonar Scan and results are published. I added the configuration for JaCoCo in the pom.xml of my application and the result files are generated after the build and just using the JaCoCo Jenkins plugin they can be displayed on the Jenkins dashboard. But I did not figure out what Analysis properties the Jenkins action "Execute SonarQube Scanner" needs in order to import the results and display them.
Is "scan" the correct operation or do I need something else to trigger the import?
I saw so many variantes of giving JaCoCo and Sonar the correct parameters, that I do not have a clear picture any more. Any hints maybe looking at my parameters?
As described in the docs, since you're building with Maven you should analyze with it too. There's some global setup you want to do (see the docs) but once that's done, you'll add this to your job instead of your current SonarQube Scanner build step:
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL
Note that this needs to come after your build and test execution. The JaCoCo reports should be picked up automatically.
I successfully integrated it now with these Analyses properties and it is working.
sonar.projectName=
sonar.projectKey=
sonar.login =
sonar.password =
sonar.sources=./
sonar.java.binaries=./
sonar.jacoco.reportPaths=./trackingboard-service/target/jacoco.exec
sonar.jacoco.reportMissing.force.zero=true
We are using scripted build in our VSO environment and integrate with SonarQube, using the SonarQubePreBuild and SonarQubePostTest tasks.
Especially since SonarQube version 5.2 we experience that builds are always succeeding as long as SonarQube succeeds in generating the report.
For VSO Git pre-commit policies we have configured pull requests to start a build including SonarQube analysis.
However the configured Quality Profile is not met for the project, the build seems to succeed since SonarQube was able to do the actual analysis.
...But we want the build to fail....since quality conditions are not met.
We could add an additional custom (powershell) task to retrieve the results from the SonarQube instance, but what if we are running in preview mode and reports are not stored in the SonarQube database?
Before 5.2 you could use the Build Breaker Plugin to have the build fail in VSO. But the Plugin is no longer compatible with 5.2 and is planned to be included in Sonar Core in 5.4.
See this question for details.
When I run an incremental analysis on my project through maven, build warner plugin is not called, resulting in an analysis completing successfully even if there are violations.
I have quality gate setup correctly (0 violations) and I have tried configuring sonar sonar.preview.includePlugins with buildwarner plugin in General settings, but without luck - the plugin is still not called in an incremental analysis.
The plugin works correctly with SonarQube 5.1 as it is called in full analysis without problems.
It is the expected behavior. This plugin does not work for incremental analysis for now. But maybe soon. See http://sonarqube.15.x6.nabble.com/Sonarqube-and-Build-Breaker-Plugin-td5034703.html