From 5355fb8f1475d8da4b3a36b2b6f96439c317e127 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 3 Sep 2025 22:52:56 +0200 Subject: [PATCH 1/7] Fix analysis warning by providing 3.100.0 --- .github/workflows/quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index ebcb03d..963cb3f 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -50,7 +50,7 @@ jobs: run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml + .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 dotnet build .\src\ArbitrarySolution.sln --configuration Release dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From ec588c7daadc429a309d1bd6d619cfbde2f719d4 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Thu, 4 Sep 2025 08:26:47 +0200 Subject: [PATCH 2/7] Add FluentAssertions for SCA testing --- src/ArbitraryProject/ArbitraryProject.csproj | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ArbitraryProject/ArbitraryProject.csproj b/src/ArbitraryProject/ArbitraryProject.csproj index 2748991..cf2ac82 100644 --- a/src/ArbitraryProject/ArbitraryProject.csproj +++ b/src/ArbitraryProject/ArbitraryProject.csproj @@ -8,6 +8,7 @@ + From 40f3c80a2114df480853a1f78d9c8b571696a0ac Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Sat, 6 Sep 2025 08:18:59 +0200 Subject: [PATCH 3/7] Enable verbose logging --- .github/workflows/quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 963cb3f..015d51e 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -50,7 +50,7 @@ jobs: run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 + .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 /d:sonar.verbose=true dotnet build .\src\ArbitrarySolution.sln --configuration Release dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From 7f3eeb3870d1e9e9154dc9af20b010e7a38c958e Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Tue, 9 Sep 2025 22:14:51 +0200 Subject: [PATCH 4/7] Remove verbose logging --- .github/workflows/quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 015d51e..963cb3f 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -50,7 +50,7 @@ jobs: run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 /d:sonar.verbose=true + .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 dotnet build .\src\ArbitrarySolution.sln --configuration Release dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From 2068843a407b29723e84cb2d36f458a171c775b8 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Tue, 9 Sep 2025 22:20:06 +0200 Subject: [PATCH 5/7] Add .sonar/* to .gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 8a30d25..4240c15 100644 --- a/.gitignore +++ b/.gitignore @@ -396,3 +396,6 @@ FodyWeavers.xsd # JetBrains Rider *.sln.iml + +# Sonar +.sonar/* From c0ae3e3b4772caa5d222e9d12284bbe164ab5952 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Tue, 9 Sep 2025 23:39:52 +0200 Subject: [PATCH 6/7] Update .gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 4240c15..16e8e0f 100644 --- a/.gitignore +++ b/.gitignore @@ -398,4 +398,5 @@ FodyWeavers.xsd *.sln.iml # Sonar -.sonar/* +# Uncomment the following line to avoid error message "There were errors in the dependency analysis" on the "Dependencies" tab in SoanrQube Cloud due to inclusion of scanner directory +# .sonar/* From 6edf122de1dce9d96a77a18bef0230513fa27b90 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Tue, 9 Sep 2025 23:45:09 +0200 Subject: [PATCH 7/7] Install dotnet-sonarscanner in runner.temp Install dotnet-sonarscanner in runner.temp to avoid error message "There were errors in the dependency analysis" on the "Dependencies" tab in SoanrQube Cloud due to inclusion of scanner directory --- .github/workflows/quality.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 963cb3f..27d076d 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -29,15 +29,15 @@ jobs: id: cache-sonar-scanner uses: actions/cache@v4 with: - path: .\.sonar\scanner + path: ${{ runner.temp }}\scanner key: ${{ runner.os }}-sonar-scanner restore-keys: ${{ runner.os }}-sonar-scanner - name: Install SonarCloud scanner if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' shell: pwsh run: | - New-Item -Path .\.sonar\scanner -ItemType Directory - dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner + New-Item -Path ${{ runner.temp }}\scanner -ItemType Directory + dotnet tool update dotnet-sonarscanner --tool-path ${{ runner.temp }}\scanner - name: Install dotnet-coverage shell: pwsh run: | @@ -50,7 +50,7 @@ jobs: run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 + ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 dotnet build .\src\ArbitrarySolution.sln --configuration Release dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' - .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"