Skip to content

Latest commit

 

History

History
107 lines (78 loc) · 6.8 KB

README.adoc

File metadata and controls

107 lines (78 loc) · 6.8 KB

C++ example project scanned on SonarCloud using Azure Pipelines

Build Status Quality Gate Status

This project is analysed on SonarCloud!

It is very easy to analyze a C, C++ and Objective-C project with SonarCloud on Azure DevOps:

  1. Create a sonar-project.properties file to store your configuration

  2. Install SonarCloud extension for your organization:

    1. Open Organization settings (in the bottom left corner of organization view)

    2. Open "Extensions" page (in the General category)

    3. Press "Browse marketplace" and find "SonarCloud"

    4. Select your organization and click "Install"

  3. Add the SonarCloud connection to your project:

    1. Open Project settings (in the bottom left corner of project page)

    2. Open "Service connections" page (in the Pipelines category)

    3. Press "New connection" and select the "SonarCloud"

    4. Fill in the SONAR_TOKEN

    5. Name your connection SonarCloud (to reference it later in azure-pipelines.yml)

  4. In your azure-pipelines.yml file:

    1. Add the SonarCloudPrepare task and configure it:

      • Specify the SonarCloud Service Endpoint as SonarCloud - the connection you created earlier

      • Choose your organization

      • Choose "Use standalone scanner" (scannerMode: 'CLI')

      • Choose "Store configuration with my source code (sonar-project.properties)" (configMode: 'file')

    2. Add a task to download the Build Wrapper

    3. Wrap your compilation with the Build Wrapper

    4. Add the SonarCloudAnalyze task

You can take a look at the sonar-project.properties and azure-pipelines.yml to see it in practice.

Documentation

Warnings

The following warning may appear during invocation of /build-wrapper-macosx-x86. To best of our knowledge does not affect the result of the analysis:

dyld: warning: could not load inserted library '/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib' into hardened process because no suitable image found.  Did find:
	/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib: code signature in (/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.

For details please refer to following ticket and community thread.

macOS\XCodeBuild

A build of the code repository on a macOS using XCode build system.

To build the code run from the repository root directory:

xcodebuild

Code Description

An example of a flawed C++ code. The code repository can be analyzed automatically, but it can also be compiled with different build systems using different CI pipelines on Linux, macOS, and Windows.

The code repository is forked into other repositories in this collection to add a specific build system, platform, and CI. The downstream repositories are analyzed either with SonarQube or SonarCloud.

You can find examples for:

Using the following build systems:

Running on the following CI services:

Configured for analysis on:

You can find also a few examples demonstrating:

See examples-structure.adoc for a description of the structure of this GitHub organization and the relations between its different repositories.