Use pull request decoration in Azure DevOps with SonarCloud

Some time ago I wrote about how to fail your Azure Pipeline, if your SonarQube quality gate fails. I often get the request how you can do the same thing with SonarCloud. But it’s much better to use pull request decoration. This is really an awesome feature. You get the SonarQube Errors directly in the pull request and the quality gate is evaluated.

The configuration is a bit tricky and the options are pretty hard to find. And this only works in SonarCloud or with the SonarQube Developer Edition! I switched completely to SonarCloud – this is much more convenient.

I asume that you already have a build with the prepare, run and publish tasks configured. Note that there is a different extension for SonarCloud then for SonarQube. Add and configure the tasks accordingly and run the build with the analysis.

Now got to the project in SonarCloud. Go to “Generell Settings”, “Pull Requests”. Select VSTS and enter a Personal Access Token for Azure DevOps that SonarCloud uses to connect to Azure DevOps.

Now run the build again. If the analysis is complete got the the branch policy in your Azure Repo. If you now add a new Status Policy you will find in the drop down a policy called “SonarCloud/quality gate”. Select it and save the policy.

That’s it! Now create a pull request and enjoy the SonarCloud decoration. The Status Policy will fail the PR if the SonarCloud Quality Gate fails.

18 thoughts on “Use pull request decoration in Azure DevOps with SonarCloud

  1. If I update the code , should I have to build it again before raising the PR? If not, then how will Sonar know the static code analysis of the newly introduced code?

    1. You have to run the build that performs the analysis once on *master*, after you configure you PAT for Azure DevOps in SonarQube. After that the PR automatically triggers the build and runs the branch analysis. After the merge to master you should perform again a analysis in master. SonarQube is aware of the branches the analysis is preformed on.
      Does this answer your question?

  2. I am not seeing the dropdown value “SonarCloud/quality gate” when added a status policy. I can see the Quality gate result on the Extensions tab on the job.
    Doe any one know what I am missing?

    1. Look that you entered the PAT in SonarQube correctly and rerun the build. Then it should sho up. Sonar must send the status the first time so that you can see it as a policy.

      1. @Mike, Thank you for your reply. The PAT is configured correctly. I verified the PAT by making a REST call to ADO api. That works without any issue.
        In the dropdown I currently see sonar-sfdx/codecoverage ? (sonar-sfdx = project key/reponame)
        Does that mean SonarCloud already has access and push codecoverage status?
        Also note we are using ADO repos not github if that makes any difference.

      2. PR is not failing but under the extensions I can see the quality gate failed. I am using scannerMode: ‘CLI’ if that makes any difference.

  3. PR is not failing but under the extensions I can see the quality gate failed. I am using scannerMode: ‘CLI’ if that makes any difference.

  4. Is it possible to use pull request decoration as a boolean variable or something like that in yml code for the code of a pipeline?

      1. The objective is to stop the pipeline if the SonarCloud verification on the pull request fails, but to stop it at the code level, for example with a script using the information obtained from the pull request decoration.

  5. Hi, Even I’m not able to get the “SonarCloud/quality gate” in the dropdown when i’m raising the PR the quality gates are failing on the sonarcloud dashboard but in the status checks its shows passed. How can I display that failed status in the PR?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s