Azure + SonarCloud — Block Pull Requests for every code merge.

3 min readOct 23, 2022

2022 has brought a lot of changes in how Cloud users seek new SaaS solutions. They are scaling cloud infrastructures and transforming their products toward new, upcoming tech.
As cloud adoption continues to increase, more and more companies are looking for a migration plan toward a cloud environment.

With this post, I seek to show how getting cloud solutions is not so hard. You just need to get over high geeky term requirements and then you’ll feel easier. In fact, it works without you even having to think about it.

Inside my Azure DevOps Team Project, I added a new Git File sonarQube with multiple configs.

on the branch, I added a branch policy with build validation enabled so that code changes can only be merged via a Pull Request to my Master branch after a successful build was run with the latest code changes in the Pull Request and the sources of the master branch.
The build which is coupled to the branch policy also executes a SonarCloud scan in the build process. The build uses a pipeline how get the result scan from sonarqube via API

You can run a scan only on the code changes that have been made to a feature/bugfix branch with the latest master scan analysis.
However, this incremental scan will not result in a separate branch but will only build on the master project and will only upload the results to a test branch.
The test branch can be set up on each pull request.

the additional benefit will be that code violations in the code changes appearing in the feature/bugfix branch can be registered and blocked with Azure DevOps if they have been detected by Sonar.
With this integration, SonarQube offers the capability to allow or insure a feature/bugfix for a feature/bugfix code branch may be merged to the feature/bugfix branch only if the code will not violate any manual defined policies.

The Pull Request now clearly shows the violations which were discovered by SonarCloud and provides the link to the SonarCloud project and the infected branch.

It’s up to the team now how to deal with the different code violations to unblock the Pull Request and to complete the final merge back to the master branch.

This simple scenario shows you the automatic workflow which can be used between Azure DevOps and Sonarqube to focus on code quality at an early stage in the development process before merging new features into a stable master branch. Pull Requests are a perfect match for this type of code analysis.