I am looking for steps to configure sonarcloud analysis for one of our javascript projects, with Azure DevOps as the build platform.
The following links have given us some information to start.
I am looking for steps to configure sonarcloud analysis for one of our javascript projects, with Azure DevOps as the build platform.
The following links have given us some information to start.
https://www.npmjs./package/sonarqube-scanner
Share Improve this question asked Mar 31, 2020 at 17:17 SanthoshSanthosh 76113 silver badges36 bronze badges 1- What have you tried? What hasn't worked? What research have you done? – Daniel Mann Commented Mar 31, 2020 at 17:44
2 Answers
Reset to default 7You can refer to below steps:
1, Create sonarcloud server, and create a SonarQube Project and configure Quality Gate on the server. you can refer to this tutorial of creating sonarcloud server on azure.
2, And set up sonarqube service connection on your azure devops project.
Project settings-->Service connections (under Pipelines)--> New service connection--> Choose Sonarqube. Please refer here to Get a sonarqube security token
3, Go to azure devops marketplace to install Sonarqube extension to your azure devops organization.
4, Create a build pipeline to build your project. Please check the document to Build, test, and deploy JavaScript and Node.js apps.
5, Create a sonar-project.properties file with below contents in the root of your project. Click here for more information
sonar.projectKey=projectKey
sonar.projectName=projectName
sonar.projectVersion=1.0
sonar.sources=mainsourcefilesfolder #eg. dist
sonar.sourceEncoding=UTF-8
sonar.tests=testcodesourcefolder
5, Add below three sonarqube tasks to the end of your pipeline(after build task). For below example in yaml pipeline.
Note: SonarQube is only working on the master branch. Please run your pipeline against master branch. Check this thread for more information.
- task: Npm@1
displayName: 'npm run build'
inputs:
mand: 'custom'
customCommand: 'run build'
- task: SonarQubePrepare@4
inputs:
SonarQube: sonarqubeConnectionName
scannerMode: CLI
configFile: sonar-project.properties
- task: SonarQubeAnalyze@4
- task: SonarQubePublish@4
Then you should be able to see the analysis result on the sonar server after you finish running your build pipeline.
Hope above helps!
This is an addition to the above answer from @Levi Lu-MSFT. In the 3rd step, you can additionally install the SonarQube Build Breaker extension.
Then you can add an additional step in YAML after SonarQube Analyze to run the build breaker test so that the Pipeline will break when the SonarQube Analysis fails. Otherwise, even though the Analysis Fails the Pipeline will be a success.
You can use the Assitant to add the Breaker task or setup as below with the correct SonarConnectionName
- task: sonar-buildbreaker@8
inputs:
SonarQube: sonarqubeConnectionName