I'm new to C# and the project as well. My team members are making a lot of spelling mistakes in strings. My manager want that the build should fail if there are spelling errors. While searching I found out Visual Studio Code Analysis tool and Spell Checker Plugins.
I have configured Code Analysis tool so that it shows analysis error if there are spelling mistakes. Is there any way to a enforce it as a build failure in such situation? And is it a good approach? Is there any better approach? I'm using VS2012.
EDIT
I have configured Code Analysis to run on every build. Now it's showing an error on running project after saving the code but if I run the code again (without saving), it runs successfully. But I want it show show error on every run until Code Analysis errors are resolved.
I don't think enforcing build error using code analysis is a good approach, it is really disturbing for the developer while writing the code and the developer can just turn off or uninstall the plugin in their environment.
What you might need to have is setting up a build server that runs the code analysis as part of it. It could be cruise control .net or team city or sonarqube.
You can run other things on that server, like unit test, auto deployment, complexity report, commenting, etc.
Related
I have a new project on SonarCloud which is analyzing a fairly new C# solution which contains a tiny amount of code at present. I have installed the latest version of SonarLint and successfully connected the project to the SonarCloud project I have set up. The SonarCloud tasks are part of the VSTS build definition and the analysis is running on build with results being reported to SonarCloud.
Some issues - such as "S2933 - Fields that are only assigned in the constructor should be readonly" are reported in SonarCloud and reported in the VS IDE warnings window when code analysis is run locally. This is what I was expecting.
Other issues, such as "S1451 - Add or update the header of this file" are only reported in the IDE.
Some other issues, such as "common-cs:InsufficientCommentDensity" are only reported on SonarCloud, and not in the IDE.
I would like the IDE and SonarCloud to report the same issues as each other; my understanding is that that is the whole point of SonarLint connected mode.
I have created a custom Quality Profile on SonarCloud that inherits from "C# - Sonar way" and activated every rule, which now total 330, although bizarrely when I view anything beyond the first 100 rules on the website I am always presented with the "Activate" button nomatter how many times I click it and refresh the page.
If I look at the ruleset file that SonarQube has added to the project in VS, it contains the 330 rules that are in the server quality profile and has ticks next to all of them. There are a further 10 or so rules in this ruleset file that are deactivated and do not appear at all on SonarCloud.
What do I have to do to make the IDE and VSTS analyses consistent?
Some rules act a bit weird indeed.
S1451 has parameter (the expected file header) and is thus disabled unless you manually configure it. Even in connected mode SonarLint for Visual Studio does not support synchronization of parameters. This feature is in our backlog and most probably we will be working on it soon.
common-cs:* is a server-side rule (e.g. it runs on SonarQube/SonarCloud) and cannot be executed in SonarLint for Visual Studio.
You could configure the S1451 and the other parametrized rules by adding a new XML file with content similar to this file (link), then reference the file in your project like we do (link).
I was unable to reproduce the QualityProfile Active/Inactive status problem, it would be helpful to share what browser/version are you using and perhaps a short screen capture video of the behavior would be a nice way to demonstrate the problem.
Update: Apparently one of our SonarQube devs managed to reproduce the problem with the QP rule activation/deactivation and created a ticket:
https://jira.sonarsource.com/browse/SONAR-10685
So what I need is some why to write a solution analyzer for Visual Studio, that can:
detect move class and move method refactorings.
display the recommended refactorings in Visual Studio.
apply the refactorings.
I have a console application that can do this (using the Roslyn compiler), but I want to integrate the logic inside Visual Studio. From what I have read, the current code fix/refactoring/analyzers support only document level of refactoring, but for me that is not enough information to recommend one of the mentioned refactorings. I need information about the whole solution.
So my question is what is the best way to do this? Can you recommend a starting point? Some articles related to the topic? Any advice would help me a lot.
Short Answer: There is no reasonable way to do this with the Roslyn API
Long Answer:
The api as it is currently implemented only allows analyzers to know about things in the current compilation (a project in Visual Studio). If you call RegisterCompilationAction from within the Initalize method in your analyzer, you will be able to look at all the symbols within the compilation.
Why can't analyzers see the scope for an entire solution? The simplest answer is: because the compiler can't, and analyzers run inside the compiler. This is done so that analyzers can be run on continuous integration servers without Visual Studio installed. MSBuild reads the solution file and then invokes the compiler once for each project. The compiler is never aware of project dependencies and the compiler team does not want to be in that business, they are happy to leave it to MSBuild.
People have tried to work around this by loading their solution using MSBuildWorkspace and attempting to look at documents across projects that way. This will fail occasionally because MSBuildWorkspace is not thread-safe. It will also cause memory usage to skyrocket. People have tried to cache MSBuildWorkspace instances to partially resolve this problem but the cache needs to be invalidated every time a new compilation is created (essentially in the event of all but the most trivial changes). Basically, going down this path is rife with pain and is unsupported.
Enough people have asked for this feature that its something we think we need to do eventually. There is no reasonable way to accomplish it today unless you are willing to write a Visual Studio extension that imports the Visual Studio Workspace and attempts to run its own analysis engine. Please file feature request on https://github.com/dotnet/roslyn
I have a build machine setup with Visual Studio 2015 Update 3 and sonnarqube msbuild scanner 2.2.0.24. On the sonar server side (6.2), I have c# plug-in version 5.5.2.537.
Upon analysing projects, some code smells are not found in the c# files.
I have verified that :
Sonar project is using appropriate quality profile.
Quality profile
contains the rule and said rule is correcly activated.
I have deleted the whole project in sonarqube and re-run the analysis multiple times. For example in a particular .cs file I have the comment density code smell working correcly. However, the rule about handling TODO (s1135) is not working even though I have multiple TODO in the file. Same goes for the rule "Boolean checks should not be inverted" (S1940) that I introduced in the code for testing purpose.
What could cause those issues to not be reported?
I have moved everything to a new build server. Using the same setup and project, all the issues are now correctly reported.
Background
I am running Visual Studio 2015 Enterprise (RTM) and have enabled the SonarLint extension for code analysis of my multi-project ASP.NET 4.5 MVC solution.
Problem
SonarLint analysis seems to be ignoring the project setting for Code Analysis "Suppress results from generated code (managed only)"
That is, I'm getting a lot of Sonar errors reported back for a couple of *.designer.cs files generated from some .aspx pages. (Most of the project is MVC, for what it's worth.) I don't care about these errors, and don't think I have a decent path for fixing them...
More Details
I have SonarQube integrated with our TFS 2013 environment, and it is correctly ignoring these issues on the TFS server analysis. This problem is just showing up in Visual Studio, using the Roslyn analysis.
Any ideas how I can set up the equivalent of an .ignore file or otherwise fix this?
There is no built-in way of ignoring files in Roslyn at the moment, so you can't do it. Each analyzer needs to decide if the analyzed file needs to be checked or not. Specifically for SonarLint, I've created an issue on GitHub: https://github.com/SonarSource/sonarlint-vs/issues/85. You can track its progress.
OK first some background. I am busy automating our build process. We run a mixture of Vs 2005 and VS 2008 both targeting platform 2.0. We use Nant to do our builds using the MSBUILD task to do the compile and Cruise Control .net to do our CI. Currently we treat all warnings as errors, fail the build if any FxCop rules fail (except a small subset that we disabled), fail the build if Simian detects any code duplication of more than 5 lines across all projects.
I have written NDepend CQL query to enforce a few rules that are hard to implement in FxCop. I want to fail the build if the number of lines in a method/class breach a certain limit. I also want to fail if the cyclomatic complexity of a method is too high.
I can easily run NDepend as part of my build. But I can't get the build to fail if my CQL queries return results > 0
So this is the question:
Has anybody tried something
similar?
Is there a Nant task
that supports this?
If there is
a Nant task that calls NDepend, but
doesn't fail the build is the source
available so I can add this feature?
Thanks,
Stephen
What we do is actually have a powershell script run right after that parses through the output file, and throws a series of errors with an appropriate message depending on which condition it found. As soon as powershell throws an error the build fails.
See documentation about NDepend Critical Rules and Build Failure:
http://www.ndepend.com/Doc_CI_CriticalRule.aspx