duncanp-lseg
commented
3 years ago @SimonBammel thanks for reporting the issue.
There are conditions in the SonarQube.Integrations.targets file specifically to check for tmp_proj files, and they seem to be working because the project is marked as excluded in the ProjectInfo.xml file. Perhaps the problem is the code that checks for duplicate guids isn't ignoring excluded projects.
Here's a workaround you could try: conditionally change the ProjectGuid for the tmp_proj e.g. add something like the following to your project file:
<PropertyGroup>
<ProjectGuid Condition="$(MSBuildProjectFile.EndsWith('.tmp_proj', System.StringComparison.OrdinalIgnoreCase))">11111111-1111-1111-1111-111111111111</ProjectGuid>
</PropertyGroup>
SimonBammel
andrei-epure-sonarsource
Description
Short description:
The SonarQube Azure Dev Ops Azure Pipeline Action fails to omit temporary project files (tmp_proj) from code analysis.
Longer Description:
I'm developing a SharePoint 2019 server solution. Part of that solution is a SharePoint 2013 Worflow. This type of SharePoint Workflow is based on xaml. To properly include it in a SharePoint solution file and to get it to run as a proper workflow you need to have the build action for the xaml definition file set so XamlAppDef.
This causes the build to create a temporary project files which is used to build the workflow and include it in the solution. it is not a step which can be omitted.
To create an installation bundle we are using an on premise azure dev ops server. We have installed the SonarQube Azure Pipeline build action for use in our build pipelines. It is working fine with alot of other projects and solutions.
We use the 4.19 Version of the Azure Dev Ops Azure Pipeline Actions.
After the build pipeline finished successfully the project with the SharePoint 2013 Workflow is not analyzed in SonarQube. It is not even present.
Repro steps
Please provide the steps required to reproduce the problem
Create a Solution which in some way creates an temporary project file (tmp_proj) which is used to build part of your project (e.g. SharePoint 2019 Solution with a SharePoint 2013 Workflow or any other project artefact, that uses XamlAppDef as build action)
Build that with an apropriate Azure Dev Ops Pipeline including the SonarQube pipeline actions
Check if the project is present in your SonarQube project.
Expected behavior
The original project should be present in SonarQube and properly analyzed
Actual behavior
In short the project is not present in SonarQube.
Here is the output of the SonarQube pipeline actions:
i have attached the ProjectInfo.xml files for the original Project, which is defined by the original .csproj file and the ProjectInfo.xml which is generated for the temporary project file which is generated based on the original .csproj file.
ProjectInfo_Original_Project.txt ProjectInfo_Temp_Project.txt
In the ProjectInfo_Temp_Project.txt the pipeline action set the property for the tmp_proj to "true". Which is completely fine.
After that the Run Code Analysis Task is run and logs this: 08:48:01.821 WARNING: Duplicate ProjectGuid: "7d020d16-2044-4003-b553-1a40400a6f68". The project will not be analyzed. Project file: "d:\agent_work\20\s\Project1\hn3wn4gp.tmp_proj" 08:48:01.821 08:48:01.821 WARNING: Duplicate ProjectGuid: "7d020d16-2044-4003-b553-1a40400a6f68". The project will not be analyzed. Project file: "d:\agent_work\20\s\Project1\Project1.csproj"
Which is correct the .csproj file and the tmp_proj file do have the same ProjectGuid. That is because the tmp_proj is based on the original .csproj file.
What i dont understand is that the property is not respected in the analysis pipeline task and the tasks tries to analyze the tmp_proj anyway.
Known workarounds
UPDATE: see comments below for a workaround.
As of now i dont have any workaround which results in our desired outcome. which would be a properly analyzed project which is mapped to a properly build production environment install artefact as output of a azure dev ops build pipeline.
One thing you could do is to set the build action to something else then XamlAppDev which prevents the generation of tmp_proj files. which is nothing that helps our process.
Here is some stuff i did try:
I tried to define in our project file the following SonarQube properties to exclude the project from the analysis:
i was not able to omit anything with those conditions from the analysis. As basis for this i used the content of this -> https://github.com/SonarSource/sonar-scanner-msbuild/blob/master/src/SonarScanner.MSBuild.Tasks/Targets/SonarQube.Integration.targets file
Related information