Sonar Analysis of Python with Azure DevOps pipeline
Once you have test and Code Coverage for your build of Python code, last step for a good build is adding support for Code Analysis with Sonar/SonarCloud. SonarCloud is the best option if your code is open source, because it is free and you should not install anything except the free addin in Azure Devops Marketplace.
From original build you need only to add two steps: PrepareAnalysis onSonarCloud and Run SonarCloud analysis, in the same way you do analysis for a.NET project.
Figure 1: Python build in Azure DevOps
You do not need to configure anything for a standard analysis with default options, just follow the configuration in Figure 2.:
Figure 2: Configuration of Sonar Cloud analysis
The only tricks I had to do is deleting the folder /htmlcov created by pytest for code coverage results. Once the coverage result was uploaded to Azure Devops server I do not needs it anymore and I want to remove it from sonar analysis. Remember that if you do not configure anything special for Sonar Cloud configuration it will analyze everything in the code folder, so you will end up with errors like these:
Figure 3: Failed Sonar Cloud analysis caused by output of code coverage.
You can clearly do a better job simply configuring Sonar Cloud Analysis to skip those folder, but in this situation a simple Delete folder task does the job.
To avoid cluttering SonarCloud analysis with unneeded files, you need to delete any files that were generated in the directory and that you do not want to analyze, like code coverage reports.
Another important settings is the Advances section, because you should specify the file containing code coverage result as extended sonar property.
Figure 4: Extra property to specify location of coverage file in the build.
Now you can run the build and verify that the analysis was indeed sent to SonarCloud.
Figure 5: After the build I can analyze code smells directly in sonar cloud.
If you prefer, like me, YAML builds, here is the complete YAML build definition that you can adapt to your repository.
|
|
The only settings you need to adapt is the name of the SonarCloud connection ( in this example is called SonarCloud) you can add/change in Project Settings > Service Connections.
Figure 6: Service connection settings where you can add/change connection with Sonar Cloud Servers.
A possible final step is adding the Build Breaker extension to your account that allows you to made your build fails whenever the Quality Gate of SonarCloud is failed.
Thanks to Azure DevOps build system, creating a build that perform tests and analyze your Python code is extremely simple.
Happy Azure Devops.
Gian Maria