SonarQube 分析任务更改构建的输出
SonarQube anasysis task changes the output of the build
在设置 CI 环境时,在我们的 buld 定义中,我们有一个任务“准备 SonarQube 分析”和另一个构建解决方案的任务。
构建解决方案的任务基于 dotnet CLI (dotnet build),它接收 3 个参数:配置 (release)、sln 文件和输出 (the将保存二进制文件的输出文件夹)。该解决方案包含 2 个项目:.net 标准 class 库和 .net framework 4.6.2 class 库。
为了测试 CI,我创建了一个分支并从 .net 框架项目中删除了符合 CLS 的属性,希望我能让构建失败(我将所有警告视为错误,我的规则集文件包含在项目中,它包含其他规则,关于 CLS 合规性的规则 CA1014。
令我惊讶的是,仅当我禁用 SonarQube 分析步骤时,TFS 中的构建才会失败。启用此步骤后,构建通过,即使我在日志中看到此警告,构建也会成功结束。
你们知道如何解决这个问题吗?
此外,如果这不是提问的合适网站,请建议我,我会移动问题。
查看案例的原因:
Practically speaking, there is little point of using the SonarQube
scanner with TreatWarningsAsErrors=true, because when the build
breaks, there will be no build results from our analyzers, the end
step will not be executed and no issues will be pushed on SonarQube.
If there are no issues from your builds, there is no reason to use
SonarQube. In addition, with TreatWarningsAsErrors=true you will be
forced to fix everything beforehand, or live with failing builds for
long time, which I would not advise.
SonarQube allows you to fix your existing and new issues little by
little
and avoid having failed builds for long time because of warnings. You
can rely on the quality gates for feedback about your code quality and
even, if you insist, fail the builds when the quality gate does not
pass (note that on large projects this might affect the build time).
If your builds are required to fail because of compiler warnings (note
that SonarQube does not collect the standard compiler warnings, just
the results of the Roslyn analyzers), I would recommend creating a
separate build job for analysis. This way you will have the best of
both worlds - issue tracking in SonarQube and failing builds because
of compiler warnings.
我读到这个 documentation 并且它指出:
The "begin" step will modify your build like this:
- all existing code analyzers that are referenced by your projects will be disabled and only analyzers from SonarQube plugins will be
executed
- the active CodeAnalysisRuleSet will be updated to match the SonarQube quality profile
- WarningsAsErrors will be turned off
If your build process cannot tolerate these changes we recommend
creating a second build job for SonarQube analysis.
这就是为什么在启用此任务的构建过程中,我的一些规则被忽略的原因。
在设置 CI 环境时,在我们的 buld 定义中,我们有一个任务“准备 SonarQube 分析”和另一个构建解决方案的任务。
构建解决方案的任务基于 dotnet CLI (dotnet build),它接收 3 个参数:配置 (release)、sln 文件和输出 (the将保存二进制文件的输出文件夹)。该解决方案包含 2 个项目:.net 标准 class 库和 .net framework 4.6.2 class 库。
为了测试 CI,我创建了一个分支并从 .net 框架项目中删除了符合 CLS 的属性,希望我能让构建失败(我将所有警告视为错误,我的规则集文件包含在项目中,它包含其他规则,关于 CLS 合规性的规则 CA1014。
令我惊讶的是,仅当我禁用 SonarQube 分析步骤时,TFS 中的构建才会失败。启用此步骤后,构建通过,即使我在日志中看到此警告,构建也会成功结束。
你们知道如何解决这个问题吗?
此外,如果这不是提问的合适网站,请建议我,我会移动问题。
查看案例
Practically speaking, there is little point of using the SonarQube scanner with
TreatWarningsAsErrors=true, because when the build breaks, there will be no build results from our analyzers, the end step will not be executed and no issues will be pushed on SonarQube. If there are no issues from your builds, there is no reason to use SonarQube. In addition, withTreatWarningsAsErrors=trueyou will be forced to fix everything beforehand, or live with failing builds for long time, which I would not advise.SonarQube allows you to fix your existing and new issues little by little and avoid having failed builds for long time because of warnings. You can rely on the quality gates for feedback about your code quality and even, if you insist, fail the builds when the quality gate does not pass (note that on large projects this might affect the build time).
If your builds are required to fail because of compiler warnings (note that SonarQube does not collect the standard compiler warnings, just the results of the Roslyn analyzers), I would recommend creating a separate build job for analysis. This way you will have the best of both worlds - issue tracking in SonarQube and failing builds because of compiler warnings.
我读到这个 documentation 并且它指出:
The "begin" step will modify your build like this:
- all existing code analyzers that are referenced by your projects will be disabled and only analyzers from SonarQube plugins will be executed
- the active CodeAnalysisRuleSet will be updated to match the SonarQube quality profile
- WarningsAsErrors will be turned off
If your build process cannot tolerate these changes we recommend creating a second build job for SonarQube analysis.
这就是为什么在启用此任务的构建过程中,我的一些规则被忽略的原因。