.NET Core-Part 4: Continuous Code Quality with Sonar Cloud
Achieve code quality standards with Sonar Cloud and Azure pipelines
This article is mainly focused on discussing the importance of maintaining proper coding quality standards for projects and how it is done using Sonar Cloud and Azure pipelines.
Importance of Maintaining Proper Code Quality Standard
Writing quality code should not be regarded as a time-consuming task, but rather as one of the main goals when developing software; it should be considered as an essential investment on which return will follow almost immediately as it contains the following advantages.
- Code that is highly readable, consistent, and documented is easier to review, leading to a much lower development effort.
- Clean and elegant code is also much easier to understand, maintain, and extend.
- Software that is well designed and achieves a lower code complexity also benefits a great deal in terms of testability and robustness (less prone to new bugs being introduced).
In essence, high code quality is one of the most effective ways of lowering technical debt.
What is Sonar Cloud?
Sonar Cloud is one of the main static code analyzers. Sonar cloud is an open-source platform that can continuously inspect static codes for a set of predefined quality standards. Sonar cloud can detect bugs, code smells, and security vulnerabilities under the standards and generates reports with grading. Sonar Cloud supports many languages through built-in rule-sets and can also be extended with various plugins. It can also report things such as duplicated code, code coverage, or coding standards.
Note : following images are taken from Sonar Cloud Explore
Sonar Cloud Integration with Azure Pipelines
Note: .NET Core doesn’t includes the projectGuid to csproj files. all the projectGuids stated in project sln file. We have to manually add each projectGuid to each csproj inside <PropertyGroup> tag.
<PropertyGroup>
<TargetFramework>netstandard2.0</TargetFramework>
<ProjectGuid>{add_projectGuide_to_here}</ProjectGuid>
</PropertyGroup>
- Install the SonarCloud Azure DevOps extension to Azure DevOps account. (https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarcloud)
- Add Prepare SonarCloud analysis configuration task before build task.
Fill the required field for Prepare SonarCloud analysis configuration task. Use the following property under ‘additional property’
sonar.cs.opencover.reportsPaths={Path to your agent temp directory}\coverage.opencover.xml
Note : .NET Core doesn’t create code coverage xml file. So we need to create code coverage xml file by a third party nuget. I recommend coverlet tool to generate test coverage. Install coverlet nuget in your test project library class in code.
3. Create a command-line task to run tests after build task. Use the following script.
cd {path to your test project}
dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:CoverletOutput=$(Build.SourcesDirectory)/coverage/
copy $(Build.SourcesDirectory)\coverage\coverage.opencover.xml {Path to your agent temp directory}\coverage.opencover.xml
4. Add ‘Run Code Analysis’ and ‘Publish Quality Gate Result’ tasks after the test task in the pipeline.
5. Sonar Cloud needs personal access token to decorate pull request when build runs. So get a personal access token to Azure DevOps with read & write permission.
In the Sonar Cloud dashboard select the project. Then
administration > general settings > Pull request
Configure provider and personal access token in that.
Now you have successfully configured the Sonar Cloud in the pipeline. Create a new pull request to automatically set sonar vsts integrations in DevOps.
At last we can set build failures when sonar cloud quality status fails. For that in Azure DevOps,
repos > branches > branch policies (for master branch)
Add status policy as follows
Now you have configured Sonar Cloud continuous code quality inspector to your Azure Pipeline. I hope you successfully followed steps without any issues.
This is the end of this article. If you have any issue regarding the Sonar Cloud + Azure DevOps configuration leave a comment under the comment section. Happy Coding!😊
