SonarCloud & Pull Request Feature in Azure DevOps Services

sudhir_cool
6 min readOct 11, 2019

Code Analysis as a Service with SonarCloud( https://sonarcloud.io):

Measuring code quality (and of course acting on it!) is a vital part of software development that helps you to keep Technical Debt low and the ability to make changes quickly and with quality high.

As business tycoons explain, reducing internal quality slows you down.

In Continuous Delivery, it plays an important role in shipping high-quality software often and fast.

As IT buzzwords change like the wind. You should always stay updated with the latest trends that might increase your productivity and improve the process overall. So today let’s speak about the buzz word “DevOps” along with Code Analysis as a Service because a lot of people are not actually sure is it a movement? A new process or technology? A job title? Or just a way of thinking? Also, we will look at the top DevOps technology, its benefits.

As we spoke about top DevOps technology, the very first name that comes to my mind is Azure DevOps a tool provided by Microsoft to implement the buzz word “DevOps” into the project workflow and process management.

In a single sentence, Azure DevOps is a suite of offerings in the cloud that you need to build your software product/project from beginning to end.

Azure DevOps, formerly known as Visual Studio Team System (VSTS). It helps you to plan your project, manage source code in repositories like Git, TFVC, Subversion, GitHub and deploys the code through the CI/CD pipeline system to cloud or in on-premise resources. Additionally, it gives a collaborative platform for developers, business users, and test engineers, project managers under one umbrella to real-time tracking of work and quick shipment of the product.

Before, arising the genuine question as below. Lets Start :-)

Pre-Requisite: You must have an Azure DevOps account as we are leveraging here azure-DevOps tool as a DevOps technology.

Let us start with setting up, SonarCloud first. I have already created an organization. Now, let’s start afresh with creating a project.

Initializing SonarCloud Server:

Step-1: Navigate to sonar cloud server https://sonarcloud.io and Sign-In Using Azure DevOps account

Step-2: Click on “Analyze new Project” Button

Step-3: In “Analyze Projects Screen” , Create your own organization and provide project key and display name as shown below, also you can create this project as public or private and Click on SetUp Button (make sure to copy the project key for future use).

Step-4: You will be re-directed to the screen where you will find a link which will help you to integrate sonar cloud with Azure DevOps Services

Step-5: Click on the Administration tab and open general settings and scroll down below to find the pull Requests module. Select the Provider (as Azure DevOps Services), as well as PAT Token, created on AzureDevOps Server

Let’s have a look, How a PAT Token created in Azure DevOps server, as mentioned in step-5

→ Click on Security under your profile settings

→ Click on the new token button and create a PAT token which is to be placed in sonar cloud server

→ Upon creation, you will get a PAT Token. Copy and paste the token as mentioned in below screen

Now, we are done with the settings to be taken care of, from the sonar Cloud server side.

It’s quite easy. Isn’t It? Let us see , how we can integrate sonar cloud with Azure DevOps in the Build Pipeline

Syncing up Azure DevOps Pull Request feature with Sonar Cloud Server:

Now let us understand what is Pull Request first.

Pull requests let you tell others about changes you’ve pushed to a branch in a repository.

Pull requests let your team give feedback on changes in feature branches before merging the code into the master branch. Reviewers can step through the proposed changes, leave comments, and vote to approve or reject the code. Azure DevOps provides a rich experience for creating, reviewing, and approving pull requests.

Step-1: Let us create a build pipeline in Azure DevOps, As below mentioned such that, the pipeline should always take code from Master Branch and should get triggered when there is PR triggered for the Master branch.

Get Source- Master branch
Should trigger when there is a change in the master branch

Step-2: Add a task “Prepare analysis on SonarCloud” — this link will help you to install SonarCloud for your respective project in Azure DevOps

→Manage SonarCloud Service Endpoint:

Click on Manage Link, and add SonarCloud Service connection, Provide Connection name and solar cloud Token

→ Sonar Cloud Token:

There is a well-defined link present in the same window which states how can we achieve sonar cloud token.

→ Copy the token and paste in the space mentioned above, also verify the connection post-set-up and click Ok

Step-3: Select Organization, ProjectKey, and ProjectName as we have created above in sonar cloud server

Step-4: Other sets of tasks are the default tasks which are present in the template for java project build, Click on save the Build definition.

Now, the base setup is done. and its time to create a pull request.

Step-5: Let us make a change in Develop branch code and commit the code with creating a pull request

Step-6: Approve and Complete the Pull Requested created under your belt

Let us validate and verify Sonar cloud server after successful execution of the build pipeline

Even, this feature will result in scanning the code as part of the pull request created and Also it gives you the provision to navigate back to the pull request screen in Azure DevOps.

Note: To make this process more secure, you can create another build pipeline(same tasks as above) which takes source from the develop branch and should trigger when there is a change in develop branch and a branch Policy created as a validation step before merging the code directly to main that is the master branch

Conclusion:

Azure DevOps compatibility and capabilities are much more than ever imagined with a wide range of tools integrated with it. Just refer to current documentation for information about Azure DevOps Services and Azure DevOps integration with various tools. As you can see, I love talking about Azure DevOps, and I have plenty more to say, but we’ll save that for a different blog post. 😊

I won't say to like share and subscribe :-P, rather your valuable feedback is always welcome with optimal appreciation.

Happy Learning Folks..!!!

--

--