Calculate code metrics as part of build pipeline in Devops - azure-devops

This seems a pretty straightforward thing to do, but I cannot find relevant information. In Visual Studio is very easy to calculate code metrics for all projects and I would like to do the same during a build pipeline in Azure DevOps.
Has anyone done something like this?

In azure devops, you can review code coverage results. The results can be viewed and downloaded on the Code coverage tab.
Publish Code Coverage Results publishes code coverage results to
Azure Pipelines or TFS, which were produced by a build in Cobertura
or JaCoCo format.
Built-in tasks such as Visual Studio Test, .NET Core, Ant, Maven,
Gulp, Grunt, and Gradle provide the option to publish code coverage
data to the pipeline.
Here are some documents you can refer to:
Review code coverage results
Azure DevOps and the Code Coverage
In addition, you can get code analysis through SonarCloud integrated with Azure devops. SonarCloud is a cloud-based code quality and security service.
Here is the lab you can follow.

You can generate code metrics by adding the Microsoft.CodeAnalysis.Metrics nuget and building with the parameter that target the "Metrics" build, this will store the results in an xml file.
msbuild /t:Metrics
If you're building a solution with multiple projects, you have to add the nuget to every project otherwise the build will fail because the Metrics target won't be present for the other projects.
The build will produce one xml file per project.
You can also use the metrics command line tool from the roslyn analyzer repository.
See https://learn.microsoft.com/en-us/visualstudio/code-quality/how-to-generate-code-metrics-data?view=vs-2022

Related

How to see the Code Coverage results in Sonar Qube using Azure DevOps pipelines

I have an .Net Core application along with unit test cases. For that I have configured the Build pipeline in Azure DevOps. In that pipeline I have integrated SonarQube tasks (prepare analysis, run code analysis, and publish quality gate results).
I can see the report in SonarQube server after successful run. But in that report, I didn’t see the Code Coverage Results and Unit test results. Even though I used Cobertura for unit tests.
Your pipeline seems to contain the right steps, so there can be two issues:
1. Code coverage file is not generated (correctly)
The easiest way to validate if the code coverage file is generated correctly, is by publishing it as an artifact. Now check what format the output file is. If there is no output file, please check if you did include /p:CollectCoverage=true --logger trx to the test command. If you are running the build pipeline on Linux, you should also add /p:CoverletOutputFormat=opencover and install the coverlet.collector NuGet package in the .NET Test Project.
2. Code coverage file is not sent to Sonarqube
If you configured step 1 correctly, it is still possible that the generated files are not sent to Sonarqube. The best way to see what is going wrong, is by checking the build logs of the Run Code Analysis and Publish Quality Gate Results steps.
The most common issue, is that Sonarscanner is checking the wrong directory. In the prepare step, please specify where the files are located, like:
sonar.cs.opencover.reportsPaths=$(Build.SourcesDirectory)/**/coverage.opencover.xml
sonar.cs.vstest.reportsPaths=$(Agent.TempDirectory)/*.trx
Build pipeline generates code coverage files would it be coverlet or opencover, the problem is that Azure Devops pipeline creates the reports outside the working directory on the build agent, it uses the _temp folder inside _work whereas soanrquube searches inside the working directory. I am facing this issue with coverlet as well as Visual studio coverage tool. You can read the following 2 threads
https://github.com/coverlet-coverage/coverlet/issues/1399
https://github.com/microsoft/azure-pipelines-tasks/issues/11536.
I posted an issue on snoarqube community site but did not get any response so far. The solution I think is either make the test step in the build pipeline change the directory or configure somewher sonarqube to search the agent build directory _temp which is above the working directory

How to generate Code Analysis report in Azure DevOps for a .NET 5.0 Project?

I am new to code quality analysis and I have a .NET 5.0 Project. Following the instructions in these two articles Overview of .NET source code analysis and Overview of source code analysis, I had added the following settings to the project file.
<PropertyGroup>
<AnalysisLevel>latest</AnalysisLevel>
<EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
<RunAnalyzersDuringBuild>true</RunAnalyzersDuringBuild>
<EnableNETAnalyzers>true</EnableNETAnalyzers>
<CodeAnalysisTreatWarningsAsErrors>false</CodeAnalysisTreatWarningsAsErrors>
</PropertyGroup>
This looks fine as I build the project.
Now I want to get a report when I execute my Azure DevOps build pipeline.
Is there any specific Azure DevOps task for this. I found Roslyn Analyzers build task,
But so far I could not find a way to add this to the pipeline. Looks like this task is a part of Microsoft Security Code Analysis Extension. Furthermore, I may have to purchase this.
All I am looking for is a simple Azure DevOps task which can show me the the code quality analysis report(not code coverage). If there is there one, please suggest.

Multiple code coverage reports merged, published, showing no data in Azure DevOps pipeline

I am using ReportGenerator task in my Azure DevOps to merge Cobertura based code coverage reports into one, end up with empty reports in pipeline CodeCoverage tab.
Below is my pipeline with three jobs.
Job1 – uses Windows agent pool1, builds java- (clean compile, test, cobertura:cobertura ), if build success, saves test reports, code coverage reports (only xml) to Azure pipeline artifacts.
Job2 – uses Windows agent pool2, builds .NET core- (restore, test, coverlet reports in Cobertura format), if build success, saves test reports, code coverage reports (only xml) to Azure pipeline artifacts.
Job3 - uses Windows agent pool3, downloads test and multiple coverage reports uploaded from previous jobs, merges all Cobertura reports into one using ReportGenerator. Publish code coverage reports.
But, if I go and see the Code Coverage report tab pipeline, assemblies, classes, files, package names data is there but no coverage data, when I click on a particular package class name it’s empty and showing “ ’/some relative path/ abc.java’ does not exist (any more)”.
Please suggest.
ReportGenerator needs the source code in order to create a complete report.
There is no way to avoid that.
You need to copy the source code or check it out again in the same directory.
Agree with Daniel's answer. And if you use Microsoft-hosted agents, there are different machines for each job so they don't share same build source directory.
You could try to deploy self-hosted agent and use it in pipeline so all jobs share the same build source directory, and then you don't need to check it out again.

Project code is not being analyzed for sonarqube

I have a repo in azure DevOps with only folder as test.
Now, I have given the task structure in this way in azure DevOps. But I cannot see the code getting analyzed in sonarqube. The code tab shows blank. Could someone help me with where I am going wrong?? I do not want to give folder name in sources..I want whatever code I add in the branch to be analyzed.
edit: Just realized this is happening only for feature short lived branch..My sonarqube version is 8.0
steps:
task: SonarQubePrepare#4
inputs:
SonarQube: 'connection name'
scannerMode: 'CLI'
configMode: 'manual'
cliProjectKey: 'pipeline-sonar-demo'
cliProjectName: 'pipeline-sonar-demo'
cliSources: "."
extraProperties: |
# Additional properties that will be passed to the scanner,
# Put one key=value per line, example:
sonar.exclusions=**/*.xml
SonarQube extension provides three tasks you will use in your build definitions to analyze your projects:
Prepare Analysis Configuration task, to configure all the required
settings before executing the build.
This task is mandatory.
In case of .NET solutions or Java projects, it helps to integrate
seamlessly with MSBuild, Maven and Gradle tasks.
Run Code Analysis task, to actually execute the analysis of the
source code.
This task is not required for Maven or Gradle projects, because
scanner will be run as part of the Maven/Gradle build.
Publish Quality Gate Result task, to display the Quality Gate status
in the build summary and give you a sense of whether the application
is ready for production "quality-wise".
This task is optional.
It can significantly increase the overall build time because it
will poll SonarQube until the analysis is complete. Omitting this
task will not affect the analysis results on SonarQube - it simply
means the Azure DevOps Build Summary page will not show the status
of the analysis or a link to the project dashboard on SonarQube.
It seems you still need add Run Code Analysis task. Regarding how to use SonarScanner for Azure DevOps, please refer to the following documentation:
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/

Showing Code Coverage Report with Azure DevOps

I'm using Microsoft Unit Tests to validate my solutions via Azure DevOps Pipelines. I am able to see tests being executed and the % of code coverage
However, I can't see the code coverage results (or they won't render)...
Here is my publish code coverage task - am I missing something to have it render here?
This is a known issue on Azure devops. Now, we could only download the report, and open it with Visual Studio.
Azure devops only support the download link for .coverage files currently. The white page you see is a UI glitch. This scenario is only supposed to render a download link to the coverage file.
Besides, this issue has been submitted in this earlier suggestion ticket linked here:
support vstest .coverage "code coverage" build results tab
This feature request is On Roadmap, I believe it will be released soon, you can follow this thread to know its latest feedback.
In addition, we found a similar case and I have tested via the answer, set the code coverage tool to Cobertura, then I get the code coverage report in the Azure DevOps pipeline.