Gendarme & FXCop Prerequisites

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Gendarme & FXCop Prerequisites

Loomos, Ted


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  630-562-8007

F:  866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.
Reply | Threaded
Open this post in threaded view
|

Re: Gendarme & FXCop Prerequisites

Fabrice Bellingard-4
Hi Ted,

FxCop and Gendarme plugin work this way to find assemblies to scan:
  • if nothing special is configured, they use the info found on the CSPROJ files to locate the assemblies (along with a potential "sonar.dotnet.buildConfigurations" parameter that can be specified)
  • if you have specified "sonar.dotnet.assemblies" paremeter, then they try to find assemblies that match what you have set

Can you send us the parmeters that you use?



Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Apr 30, 2012 at 11:42 PM, Loomos, Ted <[hidden email]> wrote:


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  <a href="tel:630-562-8007" value="+16305628007" target="_blank">630-562-8007

F:  <a href="tel:866-265-8208" value="+18662658208" target="_blank">866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

Reply | Threaded
Open this post in threaded view
|

RE: Gendarme & FXCop Prerequisites

Loomos, Ted

I’m trying my best to keep it simple, but my use of a TFS Team Build environment seems to be complicating things because it does not put the generated assemblies into he same location where they would be placed for a standard desktop build. 

 

Using the sonar.dotnet.assemblies parameter is one option I tried, but it gets cumbersome to configure for each project, even with the wildcards. 

 

My next attempt was to add a step into my build flow to invoke mklink.exe to create a linked folder – essentially trying to point the “expected” \bin\debug output path to the location where the assemblies are actually being placed by the team build.  That didn’t seem to work.

 

Now I’m trying to go back to a very simple scenario and adding a second msbuild task to my team builds that will build the projects into the standard desktop build locations – still working on that one.

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: (630) 562-8007

Fax: (866) 265-8208

Email: [hidden email]


 

 

From: Fabrice Bellingard [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 9:38 AM
To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

Hi Ted,

 

FxCop and Gendarme plugin work this way to find assemblies to scan:

  • if nothing special is configured, they use the info found on the CSPROJ files to locate the assemblies (along with a potential "sonar.dotnet.buildConfigurations" parameter that can be specified)
  • if you have specified "sonar.dotnet.assemblies" paremeter, then they try to find assemblies that match what you have set

 

Can you send us the parmeters that you use?

 


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Apr 30, 2012 at 11:42 PM, Loomos, Ted <[hidden email]> wrote:


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  <a href="tel:630-562-8007" target="_blank">630-562-8007

F:  <a href="tel:866-265-8208" target="_blank">866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.
Reply | Threaded
Open this post in threaded view
|

Re: Gendarme & FXCop Prerequisites

Fabrice Bellingard-4
OK Ted, feel free to keep us posted on your works. 

If you have some time, I'd be happy to get your feedback/ideas on how we could improve the support of TFS Team Build environment for the C# Plugins.


Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Wed, May 2, 2012 at 5:11 PM, Loomos, Ted <[hidden email]> wrote:

I’m trying my best to keep it simple, but my use of a TFS Team Build environment seems to be complicating things because it does not put the generated assemblies into he same location where they would be placed for a standard desktop build. 

 

Using the sonar.dotnet.assemblies parameter is one option I tried, but it gets cumbersome to configure for each project, even with the wildcards. 

 

My next attempt was to add a step into my build flow to invoke mklink.exe to create a linked folder – essentially trying to point the “expected” \bin\debug output path to the location where the assemblies are actually being placed by the team build.  That didn’t seem to work.

 

Now I’m trying to go back to a very simple scenario and adding a second msbuild task to my team builds that will build the projects into the standard desktop build locations – still working on that one.

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: <a href="tel:%28630%29%20562-8007" value="+16305628007" target="_blank">(630) 562-8007

Fax: <a href="tel:%28866%29%20265-8208" value="+18662658208" target="_blank">(866) 265-8208

Email: [hidden email]


 

 

From: Fabrice Bellingard [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 9:38 AM
To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

Hi Ted,

 

FxCop and Gendarme plugin work this way to find assemblies to scan:

  • if nothing special is configured, they use the info found on the CSPROJ files to locate the assemblies (along with a potential "sonar.dotnet.buildConfigurations" parameter that can be specified)
  • if you have specified "sonar.dotnet.assemblies" paremeter, then they try to find assemblies that match what you have set

 

Can you send us the parmeters that you use?

 


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Apr 30, 2012 at 11:42 PM, Loomos, Ted <[hidden email]> wrote:


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  <a href="tel:630-562-8007" target="_blank">630-562-8007

F:  <a href="tel:866-265-8208" target="_blank">866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

Reply | Threaded
Open this post in threaded view
|

Re: Gendarme & FXCop Prerequisites

Richard Mayes
I personally just use a PowerShell script to download all the source required and then build and analyse on my local machine. This is setup as a nightly task and works quite well. Only issue is if the build or analysis fails for some reason I don't get any notification and I just have to check the last build date for the project.

Richard Mayes


---------- Forwarded message ----------
From: Fabrice Bellingard <[hidden email]>
Date: 2 May 2012 16:19
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites
To: [hidden email]


OK Ted, feel free to keep us posted on your works. 

If you have some time, I'd be happy to get your feedback/ideas on how we could improve the support of TFS Team Build environment for the C# Plugins.


Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Wed, May 2, 2012 at 5:11 PM, Loomos, Ted <[hidden email]> wrote:

I’m trying my best to keep it simple, but my use of a TFS Team Build environment seems to be complicating things because it does not put the generated assemblies into he same location where they would be placed for a standard desktop build. 

 

Using the sonar.dotnet.assemblies parameter is one option I tried, but it gets cumbersome to configure for each project, even with the wildcards. 

 

My next attempt was to add a step into my build flow to invoke mklink.exe to create a linked folder – essentially trying to point the “expected” \bin\debug output path to the location where the assemblies are actually being placed by the team build.  That didn’t seem to work.

 

Now I’m trying to go back to a very simple scenario and adding a second msbuild task to my team builds that will build the projects into the standard desktop build locations – still working on that one.

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: <a href="tel:%28630%29%20562-8007" value="+16305628007" target="_blank">(630) 562-8007

Fax: <a href="tel:%28866%29%20265-8208" value="+18662658208" target="_blank">(866) 265-8208

Email: [hidden email]


 

 

From: Fabrice Bellingard [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 9:38 AM
To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

Hi Ted,

 

FxCop and Gendarme plugin work this way to find assemblies to scan:

  • if nothing special is configured, they use the info found on the CSPROJ files to locate the assemblies (along with a potential "sonar.dotnet.buildConfigurations" parameter that can be specified)
  • if you have specified "sonar.dotnet.assemblies" paremeter, then they try to find assemblies that match what you have set

 

Can you send us the parmeters that you use?

 


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Apr 30, 2012 at 11:42 PM, Loomos, Ted <[hidden email]> wrote:


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  <a href="tel:630-562-8007" target="_blank">630-562-8007

F:  <a href="tel:866-265-8208" target="_blank">866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.


Reply | Threaded
Open this post in threaded view
|

RE: Gendarme & FXCop Prerequisites

Loomos, Ted

I think I finally have this working the way I want it to.  I have it completely integrated into my TFS Build environment so that any project we want to run through Sonar, we just turn a flag on and give it a project name.  You can also specify the language (defaults to cs) a project properties path (in case a team wants to control some advanced settings within source control) and a free form parameters field where any overrides can be placed directly on the build definition.  Here’s what that looks like in the build definition:

 

 

Then I invoke Sonar from within the build workflow.   I ended up running an additional msbuild task so that I wouldn’t have to modify any of the default build environment behaviors or our existing release processes.  This adds a little overhead, but we do the analysis on our nightly builds, so that’s not a big deal for me.  Here’s what that looks like in the build output…

 

 

 

The only other thing I found was that I have to run Debug builds if I want NDeps to work.  Otherwise I add a parameter to the sonar parameters on the build to disable ndeps.

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: (630) 562-8007

Fax: (866) 265-8208

Email: [hidden email]


 

 

From: Richard Mayes [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 11:23 AM
To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

I personally just use a PowerShell script to download all the source required and then build and analyse on my local machine. This is setup as a nightly task and works quite well. Only issue is if the build or analysis fails for some reason I don't get any notification and I just have to check the last build date for the project.


Richard Mayes



---------- Forwarded message ----------
From: Fabrice Bellingard <[hidden email]>
Date: 2 May 2012 16:19
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites
To: [hidden email]


OK Ted, feel free to keep us posted on your works. 

 

If you have some time, I'd be happy to get your feedback/ideas on how we could improve the support of TFS Team Build environment for the C# Plugins.


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Wed, May 2, 2012 at 5:11 PM, Loomos, Ted <[hidden email]> wrote:

I’m trying my best to keep it simple, but my use of a TFS Team Build environment seems to be complicating things because it does not put the generated assemblies into he same location where they would be placed for a standard desktop build. 

 

Using the sonar.dotnet.assemblies parameter is one option I tried, but it gets cumbersome to configure for each project, even with the wildcards. 

 

My next attempt was to add a step into my build flow to invoke mklink.exe to create a linked folder – essentially trying to point the “expected” \bin\debug output path to the location where the assemblies are actually being placed by the team build.  That didn’t seem to work.

 

Now I’m trying to go back to a very simple scenario and adding a second msbuild task to my team builds that will build the projects into the standard desktop build locations – still working on that one.

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: <a href="tel:%28630%29%20562-8007" target="_blank">(630) 562-8007

Fax: <a href="tel:%28866%29%20265-8208" target="_blank">(866) 265-8208

Email: [hidden email]


 

 

From: Fabrice Bellingard [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 9:38 AM
To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

Hi Ted,

 

FxCop and Gendarme plugin work this way to find assemblies to scan:

  • if nothing special is configured, they use the info found on the CSPROJ files to locate the assemblies (along with a potential "sonar.dotnet.buildConfigurations" parameter that can be specified)
  • if you have specified "sonar.dotnet.assemblies" paremeter, then they try to find assemblies that match what you have set

 

Can you send us the parmeters that you use?

 


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com

 

On Mon, Apr 30, 2012 at 11:42 PM, Loomos, Ted <[hidden email]> wrote:


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  <a href="tel:630-562-8007" target="_blank">630-562-8007

F:  <a href="tel:866-265-8208" target="_blank">866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.
Reply | Threaded
Open this post in threaded view
|

Re: Gendarme & FXCop Prerequisites

Fabrice Bellingard-4
In reply to this post by Richard Mayes
Thanks for your feedback Richard, you've set up what we call a "continuous inspection" process, cool! :-) That's exactly what we also do here at SonarSource for all our products (but we have a dedicated infrastructure for that, we don't do this on our own computers): this process is aside of the regular continuous integration process (which builds for every commit). It seems that in the .NET world, setting up such a separate process makes things simpler.

Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Wed, May 2, 2012 at 6:23 PM, Richard Mayes <[hidden email]> wrote:
I personally just use a PowerShell script to download all the source required and then build and analyse on my local machine. This is setup as a nightly task and works quite well. Only issue is if the build or analysis fails for some reason I don't get any notification and I just have to check the last build date for the project.

Richard Mayes


---------- Forwarded message ----------
From: Fabrice Bellingard <[hidden email]>
Date: 2 May 2012 16:19
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites
To: [hidden email]


OK Ted, feel free to keep us posted on your works. 

If you have some time, I'd be happy to get your feedback/ideas on how we could improve the support of TFS Team Build environment for the C# Plugins.


Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Wed, May 2, 2012 at 5:11 PM, Loomos, Ted <[hidden email]> wrote:

I’m trying my best to keep it simple, but my use of a TFS Team Build environment seems to be complicating things because it does not put the generated assemblies into he same location where they would be placed for a standard desktop build. 

 

Using the sonar.dotnet.assemblies parameter is one option I tried, but it gets cumbersome to configure for each project, even with the wildcards. 

 

My next attempt was to add a step into my build flow to invoke mklink.exe to create a linked folder – essentially trying to point the “expected” \bin\debug output path to the location where the assemblies are actually being placed by the team build.  That didn’t seem to work.

 

Now I’m trying to go back to a very simple scenario and adding a second msbuild task to my team builds that will build the projects into the standard desktop build locations – still working on that one.

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: <a href="tel:%28630%29%20562-8007" value="+16305628007" target="_blank">(630) 562-8007

Fax: <a href="tel:%28866%29%20265-8208" value="+18662658208" target="_blank">(866) 265-8208

Email: [hidden email]


 

 

From: Fabrice Bellingard [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 9:38 AM
To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

Hi Ted,

 

FxCop and Gendarme plugin work this way to find assemblies to scan:

  • if nothing special is configured, they use the info found on the CSPROJ files to locate the assemblies (along with a potential "sonar.dotnet.buildConfigurations" parameter that can be specified)
  • if you have specified "sonar.dotnet.assemblies" paremeter, then they try to find assemblies that match what you have set

 

Can you send us the parmeters that you use?

 


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Apr 30, 2012 at 11:42 PM, Loomos, Ted <[hidden email]> wrote:


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  <a href="tel:630-562-8007" target="_blank">630-562-8007

F:  <a href="tel:866-265-8208" target="_blank">866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.



Reply | Threaded
Open this post in threaded view
|

Re: Gendarme & FXCop Prerequisites

Fabrice Bellingard-4
In reply to this post by Loomos, Ted
Thanks Ted for your feedback! Happy to see that you managed to make your way through this :-)

I think I will link this thread on the Wiki for people who search for information on TFS Build env.


Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Wed, May 2, 2012 at 6:41 PM, Loomos, Ted <[hidden email]> wrote:

I think I finally have this working the way I want it to.  I have it completely integrated into my TFS Build environment so that any project we want to run through Sonar, we just turn a flag on and give it a project name.  You can also specify the language (defaults to cs) a project properties path (in case a team wants to control some advanced settings within source control) and a free form parameters field where any overrides can be placed directly on the build definition.  Here’s what that looks like in the build definition:

 

 

Then I invoke Sonar from within the build workflow.   I ended up running an additional msbuild task so that I wouldn’t have to modify any of the default build environment behaviors or our existing release processes.  This adds a little overhead, but we do the analysis on our nightly builds, so that’s not a big deal for me.  Here’s what that looks like in the build output…

 

 

 

The only other thing I found was that I have to run Debug builds if I want NDeps to work.  Otherwise I add a parameter to the sonar parameters on the build to disable ndeps.

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: <a href="tel:%28630%29%20562-8007" value="+16305628007" target="_blank">(630) 562-8007

Fax: <a href="tel:%28866%29%20265-8208" value="+18662658208" target="_blank">(866) 265-8208

Email: [hidden email]


 

 

From: Richard Mayes [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 11:23 AM


To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

I personally just use a PowerShell script to download all the source required and then build and analyse on my local machine. This is setup as a nightly task and works quite well. Only issue is if the build or analysis fails for some reason I don't get any notification and I just have to check the last build date for the project.


Richard Mayes



---------- Forwarded message ----------
From: Fabrice Bellingard <[hidden email]>
Date: 2 May 2012 16:19
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites
To: [hidden email]


OK Ted, feel free to keep us posted on your works. 

 

If you have some time, I'd be happy to get your feedback/ideas on how we could improve the support of TFS Team Build environment for the C# Plugins.


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Wed, May 2, 2012 at 5:11 PM, Loomos, Ted <[hidden email]> wrote:

I’m trying my best to keep it simple, but my use of a TFS Team Build environment seems to be complicating things because it does not put the generated assemblies into he same location where they would be placed for a standard desktop build. 

 

Using the sonar.dotnet.assemblies parameter is one option I tried, but it gets cumbersome to configure for each project, even with the wildcards. 

 

My next attempt was to add a step into my build flow to invoke mklink.exe to create a linked folder – essentially trying to point the “expected” \bin\debug output path to the location where the assemblies are actually being placed by the team build.  That didn’t seem to work.

 

Now I’m trying to go back to a very simple scenario and adding a second msbuild task to my team builds that will build the projects into the standard desktop build locations – still working on that one.

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    

Phone: <a href="tel:%28630%29%20562-8007" target="_blank">(630) 562-8007

Fax: <a href="tel:%28866%29%20265-8208" target="_blank">(866) 265-8208

Email: [hidden email]


 

 

From: Fabrice Bellingard [mailto:[hidden email]]
Sent: Wednesday, May 02, 2012 9:38 AM
To: [hidden email]
Subject: Re: [sonar-user] Gendarme & FXCop Prerequisites

 

Hi Ted,

 

FxCop and Gendarme plugin work this way to find assemblies to scan:

  • if nothing special is configured, they use the info found on the CSPROJ files to locate the assemblies (along with a potential "sonar.dotnet.buildConfigurations" parameter that can be specified)
  • if you have specified "sonar.dotnet.assemblies" paremeter, then they try to find assemblies that match what you have set

 

Can you send us the parmeters that you use?

 


 

Best regards,

 

Fabrice BELLINGARD | SonarSource
http://sonarsource.com

 

On Mon, Apr 30, 2012 at 11:42 PM, Loomos, Ted <[hidden email]> wrote:


I was wondering how Gendarme and FxCop determine whether or not there is an assembly to scan.  I’m using TFS with Team Builds and it places the output into a Binaries folder instead of the default \bin\Debug folder and the tools indicate they can’t find anything to scan.  I’m trying to identify a better alternative to using the sonar.dotnet.assemblies parameter and I thought I was on to something – I’ve been able to incorporate the creation of a symbolic link (mklink.exe) into my build process such that before Sonar runs, it creates a link under the project so that bin\debug points to the Binaries folder.  However, the log still indicates there aren’t any assemblies to scan.

 

Does anyone know exactly what method these two utilities use to determine if there are any assemblies to scan?

 

 

 


TED LOOMOS  |   VP, ARCHITECTURE & DEVELOPMENT    


1240 NORTH AVENUE

WEST CHICAGO, IL 60185

P:  <a href="tel:630-562-8007" target="_blank">630-562-8007

F:  <a href="tel:866-265-8208" target="_blank">866-265-8208

E:  [hidden email]

Description: http://intranet/resourcecenter/Aspen%20Branding/AspenEmailSignature.jpg

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.

 

 


E-MAIL CONFIDENTIALITY NOTICE:
This e-mail and any attachments are intended only for the use of the individual or entity to whom or to which such are addressed and may contain information that is confidential, proprietary, a trade secret or protected by legal privilege. If you are not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail or any attachment is strictly prohibited. If you received this e-mail in error, please notify Aspen Marketing Services, Inc. immediately by returning it to the sender and destroy and delete this copy and attachment(s) from your system. Thank you for your cooperation.