In Azure Devops pipeline, how to perform SonarQube analysis for .NET project using sonar-project.properties

Question

My company works on several .NET (core) applications, and a company policy is to make changes through pull requests. Each pull requests triggers a build in an Azure Devops pipeline, and one of the steps in this pipeline is to perform a SonarQube analysis. Lately, one of the several applications introduced a sonar-project.properties file such that they could exclude generated files from the analysis. As far as I've understood, these settings can be set in the SonarQube user interface, but most developers don't have the required privileges in SonarQube. Moreover, we want all build and deployment related tasks to be part of the code base, which is why a sonar-project.properties file is needed.

Some weeks ago, I struggled to get the pipeline perform a SonarQube analysis using such a settings file, only after posting this SO question could I get the analysis to work. The takeaway was that using a sonar-project.properties requires the scannerMode to be CLI. The final solution was:

  - task: SonarQubePrepare@6
    inputs:
      SonarQube: 'SonarQubeOnDocker'
      scannerMode: 'CLI' #Only if scannerMode = CLI will the configFile be used.      
      configFile: 'sonar-project.properties'
      extraProperties: |
       sonar.host.url=<my url> 

Some time after I made this change, we noticed that SonarQube does not report on the code coverage, and there are absolutely no issues in the code, which is too good to be true. When I reverted my changes to the pipeline such that SonarQubePrepare@6 would instead use scannerMode=MsBuild, SonarQube started showing code coverage and issues in the code.

My sonar-project.properties looks like this:

sonar.projectKey=<sonarKey>
sonar.projectName=<sonarName>

#sonar.sources = src/   ## No effect
#sonar.exclusions = src/**/*tests/**/*

#sonar.tests = src/
#sonar.test.inclusions = src/**/*test/**/*
#sonar.test.exclusions = src/*


# sonar.exclusions=**/<path to folders that must be excluded>/**/*

The SonarQubePrepare task listed above does not work if I remove the sonar.projectKey, which proves that the sonar-project.properties file is being read. More proof hereof is that when I uncomment the last line about exclusions, I can see in SonarQube that the folder has been excluded.

When I perform a SonarQube analysis using scannerMode = MsBuild, the output of the pipeline task shows several lines such as "installing required Rosly analyzers", "Processing plugin: csharp version.." etc. When scannerMode = CLI the log does not mention anything of the kind, which to me suggests that SonarQube has no idea how to analyse my project. Adding the sonar.sources and sonar.tests properties, see commented out code, does not have any effect.

The question then is, how can I perform a SonarQube analysis of a .NET application using a sonar-project.properties file?

Answer 1

You can reference below example to configure your project:

1. A C# project and its test project have the following properties.

• TargetFramework: .NET 8.0

  

• Coverage tool used in test project: Coverlet

  

2. The sonar-project.properties file.

sonar.projectKey=xxxx
sonar.projectName=MathCalc
sonar.sources=.
sonar.cs.opencover.reportsPaths=testresults/**/coverage.opencover.xml

3. configure the pipeline like as below.

pool:
  vmImage: windows-latest

steps:
- task: SonarQubePrepare@6
  displayName: 'Prepare analysis'
  inputs:
    SonarQube: 'mySonarQubeConnection'
    scannerMode: 'CLI'
    configMode: 'file'
    configFile: 'sonar-project.properties'

- task: DotNetCoreCLI@2
  displayName: 'dotnet build'
  inputs:
    projects: MathCalc.sln

# Set the output directory of test result to the folder 'testresults' under the current working directory.
# The report of Code Coverage also will be output into this directory.
# Convert the report of Code Coverage to be 'opencover' format that can be available for SonarQube.
- script: |
    dotnet test "TestMathCalc/TestMathCalc.csproj" \
    --no-build \
    --collect:"XPlat Code Coverage" \
    --results-directory "./testresults" \
    -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
  displayName: 'dotnet test'

- task: SonarQubeAnalyze@6
  displayName: 'Run Code Analysis'

- task: SonarQubePublish@6
  displayName: 'Publish Result'

---