Treat Warnings as Errors using SonarQube Analysis

2019-08-21 07:38发布

问题:

I have been trying to make my solution fail to build on Visual Studio Team Services when there are warnings. I have enabled the option in the project in VS2017 to treat warnings as errors, so that it won't build.

Treat warnings as errors set to All

Also, there is a MsBuild argument for the same purpose set to true on VSTS.

Treat warnings as errors set to true

This works, as when there is a warning it is treated as error (Eg. an unused int is a warning and becomes an error, failing the build).

Failed Build

However, when the SonarQube Analysis is present, the build does not fail. SonarQube overrides "TreatWarningsAsErrors = true" for some reason, and the warning stays as a warning.

I haven't found any option to enable TreatWarningsAsError on SonarQube server. I checked rules, quality gates, etc.

build with SonarQube

How is this supposed to be done?

Option menu from SonarQube server

回答1:

Practically speaking, there is little point of using the SonarQube scanner with TreatWarningsAsErrors=true, because when the build breaks, there will be no build results from our analyzers, the end step will not be executed and no issues will be pushed on SonarQube. If there are no issues from your builds, there is no reason to use SonarQube. In addition, with TreatWarningsAsErrors=true you will be forced to fix everything beforehand, or live with failing builds for long time, which I would not advise.

SonarQube allows you to fix your existing and new issues little by little and avoid having failed builds for long time because of warnings. You can rely on the quality gates for feedback about your code quality and even, if you insist, fail the builds when the quality gate does not pass (note that on large projects this might affect the build time).

If your builds are required to fail because of compiler warnings (note that SonarQube does not collect the standard compiler warnings, just the results of the Roslyn analyzers), I would recommend creating a separate build job for analysis. This way you will have the best of both worlds - issue tracking in SonarQube and failing builds because of compiler warnings.