Analyze Your OS Code For Free With Azure DevOps Pipelines and SonarCloud

in previous posts, i've shown how easy it is to create a yaml definition to create a build definition to build your github open source project in azure devops, without the need to spend any money or installing anything on your server.

once you create a default build that compiles and run tests, it would be super nice to create a free account in sonarcloud to have your project code to be analyzed automatically from the azure pipeline you've just created. i've already blogged on how to setup sonarcloud analysis for os project with vsts build and the very same technique can be used in yaml build.

once you have free yaml azure devops pipeline, it makes sense to enable analysis with sonarcloud.

first of all, you need to register to sonarcloud, create a project, set up a key, and create a token to access the account. once everything is in place you can simply modify the yaml build to perform the analysis.

figure 1: task to start sonarcloud analysis.

the above task definition can be obtained simply by creating a build with a standard graphical editor, then press the yaml build to have the ui generate the yaml for the task.

actually yaml build does not have an editor, but it is super easy to just create a fake build with standard editor, drop a task into the definition, populate properties then let the ui to generate yaml that can be copied into the definition.

once the analysis task is in place, you can simply place the "run code analysis task" after build and test tasks. the full code of the build is the following.

# .net desktop
# build and run tests for .net desktop or windows classic desktop solutions.
# add steps that publish symbols, save build artifacts, and more:
# https://docs.microsoft.com/azure/devops/pipelines/apps/windows/dot-net

pool:
  vmimage: 'vs2017-win2016'

trigger:
- master
- develop
- release/*
- hotfix/*
- feature/*

variables:
  solution: 'migration/migrationplayground.sln'
  buildplatform: 'any cpu'
  buildconfiguration: 'release'

steps:

- task: gitversion@1
  displayname: gitversion 
  inputs:
    buildnameprefix: 'migrationci'

- task: sonarsource.sonarqube.15b84ca1-b62f-4a2a-a403-89b77a063157.sonarqubeprepare@4
  displayname: 'prepare analysis on sonarqube'
  inputs:
    sonarqube: 'sonarcloud'
    projectkey: xxxxxxxxxxxxxxxxxxx
    projectname: migrationplayground
    projectversion: '$(assemblyversion)'
    extraproperties: |
     sonar.organization=alkampfergit-github
     sonar.branch.name=$(build.sourcebranchname)

- task: nugettoolinstaller@0

- task: nugetcommand@2
  inputs:
    restoresolution: '$(solution)'

- task: vsbuild@1
  inputs:
    solution: '$(solution)'
    platform: '$(buildplatform)'
    configuration: '$(buildconfiguration)'

- task: vstest@2
  inputs:
    platform: '$(buildplatform)'
    configuration: '$(buildconfiguration)'

- task: sonarsource.sonarqube.6d01813a-9589-4b15-8491-8164aeb38055.sonarqubeanalyze@4
  displayname: 'run code analysis'

once you changed the build just push the code and let the build run. you should check if the build completes without error, then verify if the analysis is present in the sonarcloud dashboard.

a couple of suggestion are useful at this point: first of all, you can encounter problems with endpoint authorization, if you have such problem, check this link . another issue is that you should analyze the master branch for the first analysis for sonarcloud to work properly. until you analyze master branch, no analysis will be shown to sonarcloud.

figure 2: analysis in sonarcloud after a successful master build

if everything is green you should start seeing analysis data on sonarcloud ui.

figure 3: sonarcloud badge added to readme.md of the project.

as you can see, just a few lines of yaml and i have my code automatically analyzed in sonarcloud, thanks to azure devops pipelines that already have tasks related to sonarcube integration.

a nice finishing touch is to grab the badge link for the sonarcloud analysis and add it to your github readme.md.