SonarQube VSTS/TFS Extension 4.0 Build Error on Quality Gate Fail

[torp...@gmail.com]

Hi,

I have now installed the new VSTS/TFS Extension (4.0+) and ran into the problem where I couldn't enable "Fail build on quality gate error" (or what it was called) since that checkbox is now gone. How do I enable it within the new extension?

Would love to be able to do this server side (on our on-premise SonarQube installation) so that all builds always connected to this server would fail when the quality gate demands are not met, but I haven't found the option to do that either. (We only use TFS for our builds)

/Emil

[patrick...@digitecgalaxus.ch]

I also have that question. Also, when we upgraded, the report of the sonar analysis is no longer shown on the build result page and comment in the pull request are no longer working.

[Julien HENRY]

Hi Emil,

We are not in favor of breaking the build when quality gate is red. An issue can break your quality gate, and then you mark it as won't fix/change its severity and your quality gate is back to green. But your build remains red... Having to restart a full build is not a correct solution.

That's why we removed the option.

What will come soon is the ability to check quality gate on your pull request, and report the status on the P/R:

https://jira.sonarsource.com/browse/MMF-1203

The goal is to keep the master branch always green.

What would make sense is to break release definition pipelines in VSTS, as a safety net. We could have a special task "enforce quality gate".

WDYT? Are you using release pipelines?

Regards,

Julien

[Julien HENRY]

Hi Patrick,

Publishing the quality gate status on the build result page is now handled by a dedicated task, that you should add in your build definition. Using this task may increase a lot your build duration, because it has to wait for analysis to be completed on SonarQube/SonarCloud side (this is asynchronous). On VSTS where you pay according to build duration, it could be seen as a costly cosmetic feature, that's why we moved it to a separate task.

Regards,

Julien

[patrick...@digitecgalaxus.ch]

Hi Julien

Good to know. I assume I have to add the "Publish Analysis Result" task. Will this enable the comments in Pull Requests again?

Because I don't mind going to sonar for the full result, but I really want those comments, so developers cannot simply ignore sonar without actively resolving comments.

Regards,

Patrick

[torp...@gmail.com]

Sure, that is a possible to solution to break VSTS/TFS release pipelines. Since I think that is mainly why we want the failing builds, to stop serious issues to be deployed in production. 

Management decided a few months ago that all code must pass the quality gates (a few different ones depending on the type of application and its end-of-life date), and the only way to make sure of this was to break the builds that had failing quality gates. But the special task idea is much better and wouldn't be as disrupting. Building again is "free" since we have our own build servers but some builds take time.

And Pull Request checks are good. We use that now (with 3.*) but working with pull requests are still kinda new at our company, especially since many are still stuck in TFVC and for some reason don't want to migrate to something better. The long term goal is locked master branches where pull requests are the only viable method to get your code into production.

But at least I know that the fail build option is gone for now.

/Emil

[Julien HENRY]

"Old" Pull request decoration (ie using preview analysis mode on scanner side) is gone in task v4.x. It would have been a pain to rewrite everything in node, when we know the replacement is coming soon.

 We have started working on the replacement, that will be a server side feature, using SonarQube/SonarCloud new branch/pull request support (commercial features), and being updated "live" (ie marking an issue as FP in SonarQube will be reflected in your PR, without waiting for a new build).

In the meantime, if you really need pull request decoration, the option is to stay on tasks v3.x until the new feature is ready. Feel free to follow the MMF-1203.

++

Julien Henry | SonarSource

Developer

https://sonarsource.com

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/L5CRdwV3foY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/f1231034-094c-4852-8b99-1e6bce5ec336%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[patrick...@digitecgalaxus.ch]

Okay, thank you for this information. I will revert my pipeline back to 3.* and start following MMF-1203.

Regards, Patrick

To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.

[daniel.s...@gmail.com]

It'll work also with TFVC?

There're companies that are not using Git in TFS.

Maybe you can export the gate status as a build variable and let people decide when/what to break (build/release)

To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.

[Julien HENRY]

Hi Daniel,

I guess that we could be SCM agnostic, so TFVC should be supported.

Exporting a variable is a bit low level. We plan to implement a gate:

https://docs.microsoft.com/en-us/vsts/build-release/concepts/definitions/release/approvals/gates?view=vsts

++

Julien Henry | SonarSource

Developer

https://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/9ea5fd2f-2edb-4791-8ea8-a358818177af%40googlegroups.com.

[daniel.s...@gmail.com]

Workaround:
Add a PowerShell task after the Run Code Analysis task with the next code:

param([string]$SonarQubeProjectKey)

$u="<<SonarQube url>>/api/measures/search?projectKeys=$($SonarQubeProjectKey)&metricKeys=alert_status"

$r = Invoke-RestMethod -Uri $u

if($r.measures.value -eq "ERROR"){

    throw "SonarQube analysis failed."

}

On Monday, January 29, 2018 at 4:02:54 PM UTC+1, torp...@gmail.com wrote:

[Julien HENRY]

The analysis report is processed asynchronously on SonarQube server side. So your code may likely get the quality gate of a past analysis.

See the code of the "Publish report on VSTS" task for an idea of a correct implementation:
https://github.com/SonarSource/sonar-scanner-vsts/blob/471b9bb3fa2af818992fd0158d750b0938fce722/common/ts/publish-task.ts#L28

++

Julien Henry | SonarSource

Developer

https://sonarsource.com

--

You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/L5CRdwV3foY/unsubscribe.

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/3ee2be05-cee4-4c20-b621-f6aa81876724%40googlegroups.com.

[daniel.s...@gmail.com]

Indeed,

I moved it after the Publish Quality Gate Result task in order to wait for the analysis result.

On Tuesday, April 24, 2018 at 4:27:52 PM UTC+2, Julien HENRY wrote:

The analysis report is processed asynchronously on SonarQube server side. So your code may likely get the quality gate of a past analysis.

See the code of the "Publish report on VSTS" task for an idea of a correct implementation:
https://github.com/SonarSource/sonar-scanner-vsts/blob/471b9bb3fa2af818992fd0158d750b0938fce722/common/ts/publish-task.ts#L28

++

Julien Henry | SonarSource

Developer

https://sonarsource.com

2018-04-24 16:13 GMT+02:00 <daniel.s...@gmail.com>:

Workaround:
Add a PowerShell task after the Run Code Analysis task with the next code:

param([string]$SonarQubeProjectKey)

$u="<<SonarQube url>>/api/measures/search?projectKeys=$($SonarQubeProjectKey)&metricKeys=alert_status"

$r = Invoke-RestMethod -Uri $u

if($r.measures.value -eq "ERROR"){

    throw "SonarQube analysis failed."

}

On Monday, January 29, 2018 at 4:02:54 PM UTC+1, torp...@gmail.com wrote:

Hi,

I have now installed the new VSTS/TFS Extension (4.0+) and ran into the problem where I couldn't enable "Fail build on quality gate error" (or what it was called) since that checkbox is now gone. How do I enable it within the new extension?

Would love to be able to do this server side (on our on-premise SonarQube installation) so that all builds always connected to this server would fail when the quality gate demands are not met, but I haven't found the option to do that either. (We only use TFS for our builds)

/Emil

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/L5CRdwV3foY/unsubscribe.

To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.

[Julien HENRY]

That's much better, but you can still face some issue in case of concurrent analysis. The safe way is to get the task id of the submitted analysis, then get the quality gate of this precise analysis (that's what we do in the Publish Quality Gate Result task).

Julien Henry | SonarSource

Developer

https://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/524bd4ff-1d56-4d1f-883b-9dc5212e2bbe%40googlegroups.com.

[danielj...@gmail.com]

Hey Julian,

I can see MMF-1203 is marked as Closed now. Do you know when this will become available in the VSTS Tasks or SonarQube server?

Regards

Daniel

[Fabrice Bellingard]

Hi Daniel,

our plan is to enable support for PR analysis in SonarQube 7.2 (which includes the SonarQube VSTS/TFS extension obviously).

Best regards,

Fabrice Bellingard | SonarSource SonarCloud Product Manager https://sonarsource.com

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/ddcdc82e-6cc0-4f12-bbfd-1ec3222e6d5a%40googlegroups.com.

[ianbf...@gmail.com]

Julien,

Any idea when the VSTS Gate support will be finished? Is there a jira.sonarsource link?

[Julien HENRY]

Hi,

We are in touch with Microsoft to clarify the feature. Work has not started yet, but this is in the mid-term roadmap.

++

Julien Henry | SonarSource

Developer

https://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/a04b207d-574e-44d4-a622-b282cfccbba8%40googlegroups.com.