JS, TS, Go, Python, PHP, etc. project

Use these instructions to set up your build pipeline in Azure DevOps when analyzing JS, TS, Go, Python, and PHP projects in SonarQube Cloud.

This page explains how to add the SonarQube Cloud analysis to your Azure build pipeline for projects that are not Maven, Gradle, .NET, or C family projects.

Before starting, read the Azure Pipelines integration overview page.

Once you have created your project in SonarQube Cloud, set up the project integration with your DevOps platform (see the DevOps platform integration pages) and with Azure pipelines (see the Setting up project integration page), you can add the SonarQube Cloud analysis to your Azure build pipeline.

To create your Azure build pipeline, you can use either YAML or the Azure Classic interface.

  • The use of the Classic interface is not always possible (e.g. if your code is stored on GitHub).

  • If you use YAML, SonarSource can provide you with YAML templates or code examples.

If you need to use a specific scanner version, see the Using a specific version of SonarScanner for .NET or CLI article for instructions.

Make sure to enable the pull request and branch analysis in your pipeline. Instructions are on the Setting up project integration page.

Using YAML

Add the following SonarQube tasks to your YAML pipeline:

  1. Before your build task, add a Prepare Analysis Configuration task.

  2. After your build task, add a Run Code Analysis task.

  3. After the Run Code Analysis task, add a Publish Quality Gate Result task.

See the YAML file example below. See also our YAML pipeline templates. For information about the SonarQube task inputs, see the List of SonarQube tasks page.

Make sure the SonarQube task version used in your YAML file is the correct one. For example, in SonarCloudPrepare@3, @3 should correspond to the version of the Azure DevOps Extension you’re using.

YAML file example
trigger:
- master # or the name of your main branch
- feature/*

steps:
 # Checkout the repository
 - checkout: self
 
 # Disable shallow fetch
   fetchDepth: 0

# Prepare Analysis Configuration task
- task: SonarCloudPrepare@3
  inputs:
    SonarCloud: '<YourSonarQubeServiceEndpoint>'
    organization: '<YourOrganizationName>'
    scannerMode: 'cli'
    configMode: 'manual'
    cliProjectKey: '<YourProjectKey>'

# Add your build task(s) here

# Run Code Analysis task
- task: SonarCloudAnalyze@3
  inputs:
    jdkversion: 'JAVA_HOME_17_X64'

# Publish Quality Gate Result task
- task: SonarCloudPublish@3
  inputs:
    pollingTimeoutSec: '300'

Using the Classic interface

In the procedure below, the manual configuration mode is used to define analysis parameters at the pipeline level. You may use the sonar-project.properties file instead (or another specified configuration file). For more information, see the Using various features page.

Proceed as follows:

  1. In Azure DevOps’ Classic interface editor, create or edit your build pipeline.

  2. Add a Prepare Analysis Configuration task before your build task:

    • In SonarQube Cloud Service Endpoint, select the SonarQube service connection you created in Adding the SonarQube service connection to your AzDO project in Setting up project integration .

    • Under Choose a way to run the analysis, select Use Standalone SonarScanner CLI.

    • Select the Manually provide configuration mode.

    • In the Project key field, enter your project key.

  3. Add a new Run Code Analysis task after your build task.

  4. Add a new Publish quality gate Result on your build pipeline summary.

  5. Ensure that the pipeline runs automatically for all the branches you want:

    • Under the Triggers tab of your pipeline, select Enable continuous integration and select all the branches for which you want SonarQube Cloud analysis to run automatically.

  6. Save your pipeline.

Related pages

PreviousAdding analysis to build pipelineNextC family project

Last updated

Was this helpful?