Setting up Sonar Cloud with Azure DevOps pipelines for .net core
Our team wanted to add code coverage and look at code quality metrics for what we’re producing. Sonar Cloud works with our pipelines to provide that — although in setting it up I referred to a lot of sources in different places to get it working as I wanted — all of which I’ve consolidated into the guide below. I hope this helps people wanting to set this up for themselves.
Setting up Sonar Cloud from scratch
- Log in to Sonar Cloud, pick Azure Devops from the list of providers, and use the same credentials for Azure Devops if you’re not already logged in to that account.
- If you are not an admin on your companies Azure Devops ‘organization’ you’ll need someone with that access to link the two together. Someone will also need to set up payment details if you’re analysing private code — open source repos are free though!
- While you’ve got an admin’s ear — get them to approve the Sonar Cloud app for DevOps: SonarCloud — Visual Studio Marketplace
- Once Sonar is set up and an organisation/permissions created — users logging in will be able to see an empty portal screen
Connecting Sonar to DevOps
- Create a token in security menu in Sonar (Avatar icon > My Account > Security), save it somewhere as it can’t be retrieved. You should probably be logged in with a service account to generate this token, but it’s easy to change this later.
- Add Sonar Cloud Service connection in DevOps (Project Settings > Service Connections) and add token from previous step. Make the name field useful as it will be referenced in a yaml pipeline later.
- In Sonar Cloud, click the Plus next to the avatar to add a new project. Then create project manually. Don’t add any more settings after organisation, key and name are input, and you’ve pressed the Set Up button — as these settings will be set up via. the push from Devops.
Creating yaml templates
In ADO Repo, add templates to your pipeline with the correct project name. The organisation key must match, and be in the correct case.
I created a step for preparing Sonar which must run before build, and another step to execute Sonar and analyse.
Prepare sonar step
I need the name of the Sonar Cloud service connection I set up earlier in ADO, and my organisation and project keys from Sonar. Note the last line waiting for quality gate, this will cause my pipeline to fail if the code and coverage conditions in sonar settings are not met
steps:
- task: SonarSource.sonarcloud.14d9cde6-c1da-4d55-aa01–2965cd301255.SonarCloudPrepare@1displayName: ‘Prepare analysis on SonarCloud’inputs:
SonarCloud: ADOSonarCloudTokenName
organization: ‘org-key-from-sonar’
projectKey: ‘projectarea-projectname’
extraProperties: |
sonar.exclusions=**/obj/**,**/*.dll,**/Migrations/*
sonar.cs.vstest.reportsPaths=$(Agent.TempDirectory)\**\*.trx
sonar.qualitygate.wait=true
Execute analysis step
steps:
- task: SonarSource.sonarcloud.ce096e50–6155–4de8–8800–4221aaeed4a1.SonarCloudAnalyze@1
displayName: ‘Run Code Analysis’- task: SonarSource.sonarcloud.38b27399-a642–40af-bb7d-9971f69712e8.SonarCloudPublish@1
displayName: ‘Publish Quality Gate Result’
Calling steps from the build template
I’ve trimmed the edges of the pipeline yaml file, and there are some parameters which would need replacing, but hopefully the below example is illustrative of where the steps need to be called. Note the additional parameters added to my unit test task to ensure the correct coverage is collected for Sonar to use
steps:
- template: /step/sonar_prepare.yml- task: DotNetCoreCLI@2
displayName: dotnet restore
inputs:
command: restore
projects: ‘${{parameters.project_path}}’
feedsToUse: ‘config’
includeNuGetOrg: true
nugetConfigPath: ‘${{parameters.nuget_config_path}}’
- script: |
dotnet build ${{parameters.solution_path}} — configuration ${{parameters.build_configuration}}- task: DotNetCoreCLI@2
displayName: run unit tests
inputs:
command: test
projects: ‘${{parameters.test_projects_path}}’
arguments: ‘ — configuration ${{parameters.build_configuration}} /p:CollectCoverage=true /p:CoverletOutputFormat=opencover --collect "Code Coverage"’- template: /step/sonar_execute.yml
Now you can run the pipeline in DevOps, this will populate the project in Sonarcloud and show metrics on the ADO completed build — in the ‘extensions’ and ‘code coverage’ tabs. You can also get more detail in SonarCloud, if you’ve analysed a branch other that master you will need to select the branch from a drop down to view the analysis
