Azure DevOps

Sonar Cloud offers a tool to assist in the analysis of technical debt in software projects, also allowing to find possible bugs and vulnerabilities, acting as a support platform in improving the quality of projects.

Sonar can be integrated with services such as Azure DevOps, Github, Gitlab, Bitbucket and many others, allowing you to update with each version generated.

Items needed in your environment

• An active account on the Devprime platform and Developer or Enterprise use license.
• Devprime CLI installed and active (dp auth)
• An active account on Sonar Cloud
• A new microservice creating using the Devprime platform.
• An account and a GIT repository in Azure DevOps.

**Creating and Obtaining Project Credentials
The first step is to create a new project and get the SONAR_TOKEN

Creating Azure Pipeline yaml
Create a new file in the project folder with the name “azure-pipelines.yml”
and add the content from the YAML.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

##########################################################################
# Create an environment variable "SONAR_CLOUD_TOKEN" to put the token
##########################################################################

trigger:
- main

pool:
  vmImage: ubuntu-latest

variables:
  buildConfiguration: 'Release'

steps:

- task: UseDotNet@2
  displayName: 'Install .NET 6.x SDK'
  inputs:
    packageType: 'sdk'
    version: '6.x'
    includePreviewVersions: true


- task: CmdLine@2
  displayName: 'Starting Sonar Scanner'
  inputs:
    script: |
      echo Installing Sonar Scanner tool
      dotnet tool install --global dotnet-sonarscanner     
      echo Starting ...
      dotnet sonarscanner begin /o:Devprimelabs /k:stack-startup /d:sonar.host.url=https://sonarcloud.io  /d:sonar.login=$(SONAR_CLOUD_TOKEN)      

- script: dotnet build --configuration $(buildConfiguration)
  displayName: 'dotnet build $(buildConfiguration)'


- task: CmdLine@2
  displayName: 'Collect Sonar results and Publish'
  inputs:
    script: |
      echo Collect Sonar results and Publish
      dotnet-sonarscanner end /d:sonar.login=$(SONAR_CLOUD_TOKEN)      

Commit

1
2
3

git add . 
git commit -am "sonarcloud"
git push

Creating a new Pipeline in Azure DevOps
Follow the steps in the Azure DevOps portal to create a new Pipeline using the “azure-pipelines.yml” file that exists.

-Pipelines

• New pipeline
• Azure Repos Git
• Existing Azure Pipelines YAML file

Locate and click on the “Variables” button to create the new “SONAR_CLOUD_TOKEN” variable and add the value of the Token obtained from Sonar Cloud.

Start the Pipeline you just created. At the end, the result will be published on Sonar Cloud.

Viewing in the Sonar Cloud Portal
With each Build in Azure DevOps, the result is published to Sonar Cloud so that you can follow the technical evolution of the development.