Our company uses Azure DevOps Pipelines for building software. All pipelines are connected to SonarCloud for code analysis.
While all our plans (DevOps and Sonar) are paid, I expect to get faster and clearer answers here
Monday November 30th 2021
Our last successful pipeline indicates a warning, I hope that the SonarCloud team took the proper attention to it
This task uses Node 6 execution handler, which will be deprecated soon. If you are the developer of the task - please consider the migration guideline to Node 10 handler - https://aka.ms/migrateTaskNode10. If you are the user - feel free to reach out to the owners of this task to proceed on migration.
Starting: SonarCloud Prepare Analysis
==============================================================================
Task : Prepare Analysis Configuration
Description : Prepare SonarCloud analysis configuration
Version : 1.22.0
Author : sonarsource
Help : Version: 1.22.0. [More Information](https://sonarcloud.io/documentation/analysis/scan/sonarscanner-for-azure-devops/)
==============================================================================
##[warning]This task uses Node 6 execution handler, which will be deprecated soon. If you are the developer of the task - please consider the migration guideline to Node 10 handler - https://aka.ms/migrateTaskNode10. If you are the user - feel free to reach out to the owners of this task to proceed on migration.
Finishing: SonarCloud Prepare Analysis
The pipeline, as I said, succeeded, so we built our software.
Tuesday November 30th 2021 and today December 1st
The warning has disappeared, but the pipelines will fail at SonarCloud scan
The SonarCloud tasks were upgraded to 1.23.0.
But Gradle task fails with the below error
* What went wrong:
Execution failed for task ':sonarqube'.
> You're not authorized to run analysis. No sonar.login or SONAR_TOKEN env variable was set
Pipeline code
stages:
- stage: Build
variables:
# Build
vstsFeed:
buildArtifactName:
# SonarCloud parameters
sonarCloudOrganization:
sonarCloudProjectKey:
sonarCloudProjectName:
jobs:
- job: Build
displayName: Build application
pool:
vmImage: ubuntu-20.04
steps:
- task: MavenAuthenticate@0
inputs:
artifactsFeeds:
# SonarCloud Prepare Analysis
- task: SonarCloudPrepare@1
displayName: SonarCloud Prepare Analysis
inputs:
SonarCloud: 'SonarCloud'
organization: $(sonarCloudOrganization)
scannerMode: 'Other'
extraProperties: |
# Additional properties that will be passed to the scanner,
# Put one key=value per line, example:
sonar.exclusions=**/*.bin, build/**, build-extra/**
sonar.projectKey=$(sonarCloudProjectKey)
sonar.projectName=$(sonarCloudProjectName)
- task: Gradle@2
displayName: Build with Gradle
inputs:
gradleWrapperFile: gradlew
gradleOptions: -Xmx3072m $(gradleJavaProperties)
options: -Pci=true -PbuildId=$(Build.BuildId) -PreleaseType=${{parameters.releaseType}}
jdkVersionOption: 1.11
jdkArchitectureOption: x64
publishJUnitResults: true
sqAnalysisEnabled: true
sqGradlePluginVersionChoice: specify
sqGradlePluginVersion: 3.2.0
testResultsFiles: '$(System.DefaultWorkingDirectory)/build/test-results/**/TEST-*.xml'
tasks: clean build
- task: SonarCloudPublish@1
displayName: Publish SonarCloud Quality Gate
inputs:
pollingTimeoutSec: '300'
# Publish Artifacts
- task: PublishCodeCoverageResults@1
displayName: Publish code coverage results (test)
condition: succeededOrFailed()
inputs:
summaryFileLocation: '$(System.DefaultWorkingDirectory)/build/reports/jacoco/test/*.xml'
pathToSources: $(System.DefaultWorkingDirectory)/src/main/java
failIfCoverageEmpty: false
Note that I use Gradle along with the Azure DevOps settings to run a SonarCloud scan. SonarCloud is linked to the project as a Service Connection
Edit: upgrading sqGradlePluginVersion to 3.3 yields the same result
Question
Can I do something to fix this? My pipelines require SonarCloud before merging a PR, and our coding is frozen at the moment.
Or is it a problem totally related to SonarCloud and Azure DevOps?
