We have a large C# monorepo setup in Azure DevOps. We've set up SonarCloud via their Azure DevOps extension, using the MSBuild flavour of the scanner. We are using their "monorepo" variant, with one SonarCloud project per solution.
Since we have many libraries shared as source, we want to exclude them from all consuming solutions, so that they don't get scanned twice. We also want every SonarCloud project to have fine-grained control over what is in its scope. So in the "prepare" phase, we are passing to the sonar scanner source exclusions and inclusions, populated from a proprietary solution-level config file, and the inclusions are prepended by path/to/solution/**/*.
The task looks like this:
- task: SonarCloudPrepare@1
inputs:
SonarCloud: redacted
organization: redacted
projectKey: redacted
projectName: redacted
scannerMode: 'MSBuild'
extraProperties: |
sonar.exclusions=$(sonarCloudExclusions)
sonar.inclusions=$(sonarCloudInclusions)
This narrows down the scope as expected for source code. However, because these properties refer to source code only - test code is still unfiltered, and appears from all across the repo. We would like to add the exact same inclusion and exclusion filters for tests:
extraProperties: |
sonar.exclusions=$(sonarCloudExclusions)
sonar.inclusions=$(sonarCloudInclusions)
sonar.test.exclusions=$(sonarCloudExclusions)
sonar.test.inclusions=$(sonarCloudInclusions)
Surprisingly, when we do this - tests get filtered correctly, but any and all source code suddenly gets excluded.
A glance at SonarCloud UI under Project --> Administration --> Backgroun Tasks --> SonarScanner Context shows the correct parameters (sonar.test.inclusions, sonar.test.exclusions) being added, and no change in the source parameters (sonar.inclusions, sonar.exclusions). The important properties sonar.sources and sonar.tests are also still populated correctly via the MSBuild-flavoured scanner. So the context looks as expected. However, looking at the pipelines logs, we see:
INFO: Project configuration:
INFO: Included sources: path/to/solution/**/*
INFO: Excluded sources: path/to/solution/**/* <-- new, unexpected
INFO: Included tests: path/to/solution/**/* <-- new, expected
Are we doing anything wrong? Or is this a bug in SonarScanner?
EDIT:
Posted also on Sonar community forum: https://community.sonarsource.com/t/sonarcloud-test-inclusions-causes-source-exclusions/85978
