Skip to first unread message
Dinesh Bolkensteyn
Feb 13, 2016, 3:39:20 AM2/13/16
to SonarQube
Hi all,
We are about to release the SonarQube C# Plugin 4.5 and the SonarQube Scanner for MSBuild 2.0.
The main feature of this combined release is to allow custom and 3rd party Roslyn analyzers to be used in SonarQube.
The "SonarQube Roslyn SDK" is a new project, which generates SonarQube plugins starting from a Roslyn analyzer Nuget package.
Once you have generated the .jar corresponding to the Roslyn analyzer and deployed it to the SonarQube server, you'll have to enable the new rules in your quality profile and relaunch an analysis using these new versions of the MSBuild Scanner and C# plugin. Note that the support of custom & 3rd party analyzers requires MSBuild 14.
Downloads:
SonarQube C# plugin 4.5 RC1 : https://github.com/SonarSource/sonar-csharp/releases/download/4.5-RC1/sonar-csharp-plugin-4.5-RC1.jar
SonarQube Scanner for MSBuild 2.0 RC1 : https://github.com/SonarSource-VisualStudio/sonar-msbuild-runner/releases/download/2.0-RC1/MSBuild.SonarQube.Runner.2.0-RC1.zip
Release notes:
SonarQube C# Plugin: https://jira.sonarsource.com/jira/secure/ReleaseNote.jspa?projectId=10935&version=12878
SonarQube Scanner for MSBuild: https://jira.sonarsource.com/jira/secure/ReleaseNote.jspa?projectId=10941&version=12858
SonarQube Roslyn SDK: https://jira.sonarsource.com/jira/secure/ReleaseNote.jspa?projectId=11231&version=12925
The vote is open for 72 hours.
Release early, release often!
Marcel
Feb 13, 2016, 5:46:46 AM2/13/16
to SonarQube
Hello,
The C# plugin and the SonarQube Scanner for MSBuild work great for my.
The new feature to use Roslyn analyzer with SoanrQube is awesome!!
But I get the following output if I execute the RoslynSonarQubePluginGenerator:
G:\sonarQube\development\csharp-rules\sonarqube-roslyn-sdk\RoslynPluginGenerator\bin\Debug>RoslynSonarQubePluginGenerator.exe /a:Wintellect.Analyzers
Roslyn Analyzer Plugin Generator for SonarQube 1.0.0.0
[DEBUG] Parsed NuGet reference. Id: Wintellect.Analyzers, version:
[DEBUG] Fetching NuGet config files...
[DEBUG] Enabled package sources:
[WARNING] No enabled package sources. Please update the NuGet config to specify at least one valid package source.
Attempting to locate package with id 'Wintellect.Analyzers'
[DEBUG] Number of packages located: 0
No packages with the specified id were found: Wintellect.Analyzers
I have set one active package source in my global nuget.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageRestore>
<add key="enabled" value="True" />
<add key="automatic" value="False" />
</packageRestore>
<activePackageSource>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
</activePackageSource>
<bindingRedirects>
<add key="skip" value="False" />
</bindingRedirects>
</configuration>
What is going wrong? How can I set a vallid package source?
Regards
Marcel
duncanp
Feb 13, 2016, 9:05:03 AM2/13/16
to SonarQube
Hi Marcel.
It should be possible to set the package sources in either the user NuGet.config or the machine-wide NuGet.config. I've reopened SFSRAP-23 and we'll have another look at why this isn't working.
As a workaround, create a NuGet.config file in the directory as RoslynSonarQubePluginGenerator.exe with the following content:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="nuget.org" value="https://www.nuget.org/api/v2/" />
</packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="nuget.org" value="https://www.nuget.org/api/v2/" />
</packageSources>
<packageRestore>
<add key="enabled" value="True" />
<add key="automatic" value="True" />
</packageRestore>
<activePackageSource>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
</activePackageSource>
</configuration>
Regards,
Duncan
Marcel
Feb 13, 2016, 10:19:56 AM2/13/16
to SonarQube
Hi Duncan,
thanks :)
With your workaround it works!!
It will be great if you remove the limitations that the analyzer package must be available at nuget.org in the future and it will be possible that the Generator can use a local analylzer.
Regards,
Marcel
duncanp
Feb 13, 2016, 12:53:00 PM2/13/16
to SonarQube
Great. FYI any NuGet feed will do, which could just be a folder on your local disk - see http://docs.nuget.org/create/hosting-your-own-nuget-feeds
Currently the SDK makes it easy to wrap up analyzers written by other people. We'd like to make it easier for analyser authors to generate the plugin, preferably as part of the build. Ideally, authors of public analysers would publish the plugin along with the analyser itself.
Regards,
Duncan
Rik van den Berg
Feb 15, 2016, 8:02:19 AM2/15/16
to SonarQube
Hi Dinesh,
I have one small question. How would this affect the bootstrapper in the TFS tasks? Our on-premise environment was recently upgraded to TFS2015 and is still using the 1.0.1 bootstrapper embedded in its tasks. I know we can upgrade those tasks, but would 1.0.1 still be able to download and invoke the MSBuild Runner 2.0?
Kind Regards,
Rik
Op zaterdag 13 februari 2016 09:39:20 UTC+1 schreef Dinesh Bolkensteyn:
Op zaterdag 13 februari 2016 09:39:20 UTC+1 schreef Dinesh Bolkensteyn:
Dinesh Bolkensteyn
Feb 15, 2016, 8:07:55 AM2/15/16
to Rik van den Berg, SonarQube
Hi Rik,
The bootstrapper 1.x is able to work with this new C# 4.5 version. An update of the TFS tasks will follow, embedding the new bootstrapper.
We do have a system in place to be able to break the forward compatibility of the bootstrapper and have it fail with a clear and explicit message - but we've never used it so far (and hope to not have to).
Kind regards,
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/-Lj2jePY85Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/ca43cc76-4fa1-4d9e-86a6-d10a77372856%40googlegroups.com.
m...@soloplan.de
Feb 17, 2016, 8:43:10 AM2/17/16
to SonarQube
I'm very happy to see this making progress :-)
However, when running the RoslynSonarQubePluginGenerator to generate a SonarQube plugin for "StyleCop.Analyzers" I got a "RoslynPlugInGenerator has stopped working". After some debugging I found out the reason was that it couldn't find my Java installation (it wasnt on the PATH and no JAVA_HOME was set). Your JdkWrapper class is throwing an InvalidOperationException in that case which nobody catches.
After fixing this and setting everything up I got this exception during the scan:
ERROR: Error during Sonar runner execution
org.sonar.runner.impl.RunnerException: Unable to execute Sonar
[...]
"Caused by: java.lang.IllegalStateException: The plugin [stylecopanalyzers] does not support Java 1.7.0_79"
I used JDK 1.8 to build the plugin, but on the CI server there's only Java 1.7 available. There should probably be some documentation/warning to use the same Java version for generating the plugin and for the scan (or I didn't notice such a warning). Although I have to say from a C# developer perspective it feels really weird that I'm starting an MSBuild.Runner (written in .Net), each analyzer is written in .Net and still there's some Java involved to perform the analysis...(apparently to retrieve the analyzers that I would already have on my CI server anyway)
After generating the plugin again with JDK 1.7 it worked fine. :-)
Bye,
Markus
However, when running the RoslynSonarQubePluginGenerator to generate a SonarQube plugin for "StyleCop.Analyzers" I got a "RoslynPlugInGenerator has stopped working". After some debugging I found out the reason was that it couldn't find my Java installation (it wasnt on the PATH and no JAVA_HOME was set). Your JdkWrapper class is throwing an InvalidOperationException in that case which nobody catches.
After fixing this and setting everything up I got this exception during the scan:
ERROR: Error during Sonar runner execution
org.sonar.runner.impl.RunnerException: Unable to execute Sonar
[...]
"Caused by: java.lang.IllegalStateException: The plugin [stylecopanalyzers] does not support Java 1.7.0_79"
I used JDK 1.8 to build the plugin, but on the CI server there's only Java 1.7 available. There should probably be some documentation/warning to use the same Java version for generating the plugin and for the scan (or I didn't notice such a warning). Although I have to say from a C# developer perspective it feels really weird that I'm starting an MSBuild.Runner (written in .Net), each analyzer is written in .Net and still there's some Java involved to perform the analysis...(apparently to retrieve the analyzers that I would already have on my CI server anyway)
After generating the plugin again with JDK 1.7 it worked fine. :-)
Bye,
Markus
duncanp
Feb 17, 2016, 10:31:04 AM2/17/16
to SonarQube, m...@soloplan.de
Thanks for the feedback Marcus, and for getting to the bottom of the issues. I've created a couple of new bugs against the SDK project.
Unable to find the JDK: I've created SFSRAP-36 to track this.
"I used JDK 1.8 to build the plugin, but on the CI server there's only Java 1.7 available": well, you didn't miss any documentation or warnings ;-). Now tracked by issue SFSRAP-35.
"[i]t feels really weird that I'm starting an MSBuild.Runner (written in .Net), each analyzer is written in .Net and still there's some Java involved to perform the analysis": the SonarQube Scanner for MSBuild executes the Java sonar-runner during the end phase so there will always be some Java code executed on the client. However, the generated jar isn't required to perform the analysis and doesn't contain any client-side code so I was surprised to hear that you were encountering this error. However, Dinesh explained why: the sonar-runner will download and instantiate all of the plugins to check which ones do have client-side extensions in them.
"...retrieve the analyzers that I would already have on my CI server anyway": We want the analysis process to work on hosted build agents so we can't assume that the required analyzers are installed on the target machine. We also want the analysis that is performed to be determined by the quality profile on the SonarQube server so we can't assume that the MSBuild projects to be analysed are already set up to use the required versions of the expected Roslyn analyzers with the correct ruleset. Retrieving the required .Net analyzer assemblies from the SonarQube server is the simplest reliable solution. FYI the analyzers are fetched during the "begin" phase and cached locally in the %temp%\.sonarqube\.static folder.
Thanks again for the valuable feedback. We'll update the docs and fix those issues before releasing v1.0 so that others don't hit the same problems.
Regards,
Duncan
Dinesh Bolkensteyn
Feb 22, 2016, 4:56:58 AM2/22/16
to SonarQube
Thank you all for the feedback.
The C# plugin 4.5 & MSBuild Scanner 2.0 are now generally available, as announced in the following news:
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/-Lj2jePY85Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/f7e8a401-3e5b-49ca-893b-b20e8a6d4a97%40googlegroups.com.
Message has been deleted
G. Ann Campbell
Aug 16, 2017, 10:20:36 AM8/16/17
to SonarQube, dinesh.bo...@sonarsource.com, sabrine...@gmail.com
Hi,
This thread closed a year and a half ago. Please don't excavate old threads. Instead, please start a new one.
Ann
On Wednesday, 16 August 2017 09:53:11 UTC-4, sabrine...@gmail.com wrote:
On Wednesday, 16 August 2017 09:53:11 UTC-4, sabrine...@gmail.com wrote:
Hi all,
I wrote a C# Roslyn analyzer. It works ok and detects the issue as expected.
Nevertheless, when I try to deploy it under SonarQube using the Roslyn-SDK like this:
RoslynSonarQubePluginGenerator /a:SleepRuleI get that error:
Attempting to locate package with id 'SleepRule'
[DEBUG] Number of packages located: 0
No packages with the specified id were found: SleepRuleI am using Visual Studio 2015 and Roslyn 4.6.86 to generate the Nuget package of the analyzer using Roslyn, and I want to add the rule to Sonarqube 6.3. Besides, I can generate WintellectAnalyzer, but not mine.
Reply all
Reply to author
Forward
0 new messages