TFS Build vNext Code Analysis Ignored

By : Iceman
Source: Stackoverflow.com
Question!

I have a solution that is using an hybrid .csproj and project.json combination (for nuget management purposes). So basically the "project.json" file is working as a "packages.config" file with a floating version capability.

This solution is using a custom RuleSet that is being distributed via Package, and is imported automatically. On the dev machine, works without a problem.

At the build machine (that is, inside the machine itself, working as an user) the solution also compiles without a problem.

However, when a vNext build (is this the name for the new build system?) is queued, it ignores completely the custom ruleset and just uses the StyleCop one (that is also included), which gives a bunch of warnings. Said warnings should not appear as the Custom RuleSet basically suppresses those warnings (ie: Warning SA1404: Code analysis suppression must have justification, Warning SA1124: Do not use regions, etc)

As far as I have checked, there is no setting to specify the ruleset, and this works with XAML Builds. What is different in this new build system that is causing this? Is there a way to force/specify the Code Analysis Rule Set from the definition?

Thanks in advance for any help or advice on the matter.

Update/Edit

After debugging back and forth with the wonderful help of jessehouwing I must include the following detail on my initial report (that I ignored as I did not know that it was influential):

I am using SonarQube Analysis on my build definition.

I initially did not mention it as I did not know that it replaces the Code Analysis at Build Time (and not only when it "analyzes", as I thought).

By : Iceman


Answers

If you are using the SonarQube tasks

The SonarQube tasks generate a new Code Analysis Ruleset file on the fly and will overwrite the one configured for the projects. These rulesets will be used regardless of what you've previously specified.

There is a trick to the naming of the rulesets through which you can include your own overrides.

More information on the structure can be found in the blog post from the SonarQube/Visual Studio team. Basically when you Bind your solution to SonarQube it will generate 2 ruleset files. One which will be overwritten during build, the other containing your customizations.

There is a toolkit/SDK to generate a SonarQube plugin for custom analyzers which allow you to import your rules into SonarQube, so it will know what rules to activate for your project(s).


If you're not using SonarQube

Yes you can specify the ruleset you want to use and force Code Analysis to run. It requires a couple of MsBuild arguments:

/p:RunCodeAnalysis=true /p:CodeAnalysisRuleset="PathToRuleset"

Or you can use my MsBuild helper extension to configure these settings with the help of a UI template:

enter image description here



This video can help you solving your question :)
By: admin