Date posted: 20 Oct 2018, 4 minutes to read

SonarQube setup for Azure DevOps

During installation and setting up a SonarQube server for usage in an Azure DevOps Build I found some things that I didn’t remember from previous installation and wanted to log that in this post, so the next time I have somewhere to find these things in one place.

Updated 5-1-2019

Read the last section of this post if you want to use an even easier way of setting up and maintaining SonarQube: run it behind an Azure App Service!

Cool dog by Zach Lucero
unsplash-logoZach Lucero

Installation on Azure

For installation on an Azure environment I used the same Azure QuickStart ARM template I used before. Somehow, each time I need this template, something has changed underneath and I get to fix the template. This time the download URL for the SonarQube installer was changed as well as a new version got released. This has now been included in the template: because it is open source, I could find the places that needed to be updated and send in a pull request to Microsoft with the fix. I love open source! Such a pleasure to find an issue, look at the code and present a fix to the repository maintainer!

SonarQube logo

You can follow the usual steps from the ARM template: download and install the Java Development Kit on the SonarQube server, restart the SonarQube service and you’re up and running with the server side.

Things to know for next time

There are a couple of things that you need to think of when starting an installation yourself. The ARM template is already a great help in it, but you need to think of some other things. Those are mostly client side, so on the Azure DevOps Agent.

Bring a valid certificate

As noted before, the template uses a self signed certificate, which will not work with Azure DevOps: the tasks from the marketplace need a valid certificate that it trusts for the connection with the server. Therefore you need to provide a valid certificate and setup a DNS entry to match the URL in the certificate.

Download or install the SonarQube extension

Go to the marketplace and download or request installation in your Azure DevOps subscription.

The ‘Run Analysis Task’ has java as a requirement

This was a gotcha that I forgot this time: the Run Analysis Task has a demand requirement that it needs Java (specifically the Java Runtime Environment 8.0) on the agent. This also means that you cannot run it on a hosted agent: those do not have the JRE installed! Only the JDK is installed, which doesn’t add support for the java demand. I raised an issue on the hosted agent with a request for it.

Building on a new agent?

When you have a new agent you could install Visual Studio Community edition on it, that will provide you with the msbuild capability on the agent. This does not give you the tools to run the unit tests on the server, which is needed for the Run unit test task. These tools will provide SonarQube with the necessary information it needs to do, well basically, anything! You can install a licensed Visual Studio Enterprise on it, but then you need to update that license every once in a while. You probably don’t want that, because of the occasional error it will give you, for which you need to login to the server.

To help fix this, you can use the Visual Studio Test Platform Installer task to install all the tools VSTest needs to run.

Want CSS analysis from SonarQube

Out of the box, SonarQube can scan your CSS files for issues with over 180 available rules. To do this, the agent needs to have Node.js installed. This is already available on a hosted agent, but you cannot use that yet because of the dependency on JRE!

SonarQube CSS issue on large solution

Currently there is an issue on SonarQube with larger solutions or CSS files. The process seems to run out of memory somewhere. In the Azure DevOps Build log, you’ll see these as the last steps being logged:

INFO: Quality profile for cs: Sonar way
INFO: Quality profile for css: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: Sensor SonarCSS Metrics [cssfamily]
WARNING: WARN: Metric 'comment_lines_data' is deprecated. Provided value is ignored.
INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=1937ms
INFO: Sensor SonarCSS Rules [cssfamily]

For now the recommended fix is: do not use the CSS analysis, which isn’t great, but better then the alternative: currently the Run Analysis Task just hangs until the maximum runtime of your build has been reached. Al that time, your build server will run at 100% CPU (if you have 1 CPU available, 2 CPU’s got me 50% utilization)! It took me quite some searching around to find this one, so it’s good to document it here.

The current fix is to start the analysis task with a parameter that redirects the CSS files to a non-existing analyzer:
d:sonar.css.file.suffixes=.foo or do that globally for your entire SonarQube server via the settings on the CSS analysis there (which would be easier if you have multiple projects with this issue).

Update (05-01-2019) Run it in an Azure App Service!

Nathan Vanderby, a Premier Field Engineer from Microsoft, has created an ARM template to run the SonarQube installation behind an Azure App Service with a Java host. This saves you a lot of steps mentioned above! You can find the scripts for it onGitHub.

Several benefits you get this way:

  • You don’t have to manage a Virtual Machine anymore.
  • Setting up SSL becomes easier, thanks to the Azure App Service SSL being simpler.
  • Using a KeyVault for your secrets is now an option, you can inject those values as environment options.
  • If you already have an App Service Plan, you can use that for hosting and cut down on your resources and cost (although, running on a burstable VM isn’t that expensive)

The biggest benefit is that the App Service already has Java installed! So no more downloading the JRE by hand, installing it manually and starting the SonarQube service by hand!

Setting up a new SonarQube server this way is a breeze. Updating it should be easier as well and that is the another big plus: you now have the ability to run the installation on a Deployment Slot, let it update the database and then switch to the slot. No manual updating anymore!