In my previous blog post on DevSecOps with Azure DevOps, I’ve explained about how we can integrate various security tools in Azure DevOps. SonarCloud is one of them. I’ve also mentioned that we can use SonarCloud quality gates as one of the pre-checks for deployment to any of the stages.
In this blog post, we’ll see how we can add SonarCloud as one of the Pre-deployment Gate checks before we deploy it to any of the environments.
There are three types of checks that can be used to control our release deployment in Azure DevOps.
Lets quickly recap on what those are:
Pre-Deployment Approvals: We add someone from our team as an approver for the release to be promoted and deployed to a specific stage. Once the deployment is approved, the release is processed. This is helpful when you would someone from your team to do a review of the deployment that is about to be performed. A good example would be, a test engineer needs to approve the deployment to Production only after all the bugs in Pre-Prod are remediated. You can add more than one approver for a release.
Pre-deployment gates: We can perform some pre-checks to make sure that the defined requirement(s) are met prior to the deployment of the code into your infrastructure. These are mainly used when you need to connect to external services and get health signal from external services and then promote the release only after the desired health check is met. Typically, gates are used in connection with incident management, problem management, change management, monitoring, and external approval systems.
Manual Intervention: Sometimes, you may need to introduce manual intervention into a release pipeline. For example, there may be tasks that cannot be accomplished automatically such as confirming network conditions are appropriate, or that specific hardware or software is in place, before you approve a deployment. You can do this by using the Manual Intervention task in your pipeline.
To know more about these, follow the below link from Microsoft documentation
SonarCloud Quality gate check:
We have configured SonarCloud analysis in our previous blog post and here is how it looks like.
We need to install SonarCloud extension from market place, configure it in Azure DevOps and add above tasks.
Publish Quality Gate Result would query the rest api of SonarCloud and get the code analysis and show it in the results section.
To see how to add and configure SonarCloud, please follow my previous blog post here
Once the build is triggered and successfully run, it would show the results in the extensions tab.
Now on to how we setup Pre-Deployment Gates, click on release pipelines and then
- Click on the Pre-deployment actions button
- Click on gates and enable it.
- Select ‘Check SonarCloud Quality Gate status’ and enable it.
Here is how it would look like once its enabled.
Go-ahead and create a new release and you can observe that its executing the Pre-Deployment gates.
It’s going wait on the default delay of 5 mints before evaluating the gates. You can change the default evaluation time out in the ‘evaluation options’ part of the Pre-deployment conditions.
Once it’s done, it will start deploying to your stage.
With Pre-Deployment gates, you not only have option to check ‘SonarCloud Quality’ status, but also it lets you choose other options like checking if your deployment Azure Policies are met and compliant and also many more like invoking a custom azure function you can code, check for alerts, etc. You can see the other options in the below screenshot.
In this blog post, we have learnt about what Pre-deployment gates are and how to integrate SonarCloud quality checks in your release pipeline.
I hope you enjoyed reading this post.