skip to Main Content

I’m trying to set up SonarQube to have our coding conventions/rules in it. I’m looking for ideas on how to do this best. We’re using C# as our dev language and Visual Studio as our IDE.
We have dozens of projects that should all follow the same coding conventions.

Our tools:

  • C#
  • Visual Studio
  • Azure DevOps
  • SonarQube

Our goals:

  • Have all our code comply to our custom coding conventions/styling rules.
  • We have dozens of projects. All projects should comply to these rules
  • Rules should be configured in a centralized place so that all devs will automatically be using the same rules at all times.
  • A bonus would be if we can automatically do all this in a centralized place. Maybe when pushing code to origin?

Any tips or ideas on how we can achieve our goals?

What I tried

As a test, I installed SonarLint and set it up in Connected Mode. This doesn’t seem to check all SonarQube rules. I found, after some searching, that SonarLint only checks for Sonars own rules. Not for 3rd party rules.

I’ve also looked for what I can use to ‘beautify’ our code by making it match or coding style rules. The suggestions I found mentioning Roslyn analyzers and editorconfigs.

From my understanding, usage of Roslyn analyzers would mean adding the analyzer dlls to each and every project, which I want to avoid.

And editorconfigs are stored locally which means, if we decide to change some rules, everyone would had to manually update their editorconfig files OR we would have to add editorconfig files to each project. Also at first glance, it looks like editorconfig files aren’t very flexible.

2

Answers


  1. I think the best option is to use EditorConfig files and check them into version control for each project / solution.

    Visual Studio and many other code editors support EditorConfig files by default so there is no extra effort required in getting your development environment to read the files and enforce the rules defined in them.

    EditorConfig files are quite powerful when you look into them. If you add one to a project / solution in Visual Studio by right-clicking, hovering over "Add" then clicking "New EditorConfig", you will be able to configure a load of rules via the GUI:

    EditorConfig GUI Configuration

    The only issue with this is any updates to the EditorConfig file will need to be propagated through to every project, but this should not be much of an issue if the updates are communicated to the relevant teams.

    Login or Signup to reply.
  2. We are using Directory.Build.props to customize all project files at once. For example to add analysers:

    <Project>
      <PropertyGroup>
        <Version>93.0.0</Version>
        <AssemblyVersion>93.0.0</AssemblyVersion>
        <FileVersion>93.0.0</FileVersion>
        <Authors>xxxx</Authors>
        <Company>xxxx B.V.</Company>
        <Product>xxxx Demo</Product>
        <LangVersion>12.0</LangVersion>
      </PropertyGroup>
    
      <PropertyGroup>
        <!-- https://github.com/dotnet/reproducible-builds/blob/main/Documentation/Reproducible-MSBuild/Techniques/DisableImplicitNuGetFallbackFolder.md -->
        <DisableImplicitNuGetFallbackFolder>true</DisableImplicitNuGetFallbackFolder>
      </PropertyGroup>
    
      <Choose>
        <When Condition="$(MSBuildProjectName.Contains('Test'))">
          <PropertyGroup>
            <Nullable>enable</Nullable>
            <WarningsAsErrors>NU1605;CS8603</WarningsAsErrors>
            <NoWarn>S6562</NoWarn>
          </PropertyGroup>
        </When>
      </Choose>
    
    
      <ItemGroup>
        <PackageReference Include="Custom.CodeAnalyzer" Version="2.0.1" />
        <PackageReference Include="SonarAnalyzer.CSharp" Version="8.14.0.22654" />
      </ItemGroup>
    </Project>
    

    See Microsoft Learn: https://learn.microsoft.com/en-us/visualstudio/msbuild/customize-by-directory?view=vs-2022

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search