Prompt:
In an Azure based project written in C# and using DevOps Repos for code and DevOps Pipelines for releases, is there a way to make sure pull requests pass standards tests in an automated fashion, including specifically “if a method’s signature has parameters added to it, those parameters are used?”
Response:
Yes, in an Azure-based C# project using Azure DevOps Repos for version control and Azure DevOps Pipelines for CI/CD, you can enforce standards, including verifying that newly added parameters in method signatures are actually used. Here’s how you can do it:
1. Use Roslyn Analyzers to Enforce Code Standards
Since your project is in C#, Roslyn analyzers can be used to enforce static code analysis. You can:
- Write a custom Roslyn analyzer that detects method signatures with new parameters that are not used.
- Use built-in .NET analyzers or third-party tools like SonarQube or ReSharper Command Line Tools.
✅ Implementation Steps:
- Install
Microsoft.CodeAnalysis.CSharpNuGet package in a separate analyzer project. - Write an analyzer that checks for:
- Methods where parameters are introduced in a pull request.
- Parameters that are not referenced within the method body.
- Deploy the analyzer as a Roslyn-based NuGet package and integrate it into your CI/CD pipeline.
Example Custom Analyzer (Simplified):
public override void AnalyzeNode(SyntaxNodeAnalysisContext context)
{
var methodDeclaration = (MethodDeclarationSyntax)context.Node;
foreach (var parameter in methodDeclaration.ParameterList.Parameters)
{
var parameterName = parameter.Identifier.Text;
var references = methodDeclaration.DescendantNodes()
.OfType<IdentifierNameSyntax>()
.Count(id => id.Identifier.Text == parameterName);
if (references == 0)
{
context.ReportDiagnostic(Diagnostic.Create(Rule, parameter.GetLocation(), parameterName));
}
}
}
- Enforce it in
Directory.Build.propsoreditorconfig.
2. Enforce Static Code Analysis in DevOps Pipeline
You can configure the Azure DevOps build pipeline to enforce static code analysis during PR validation.
✅ Options:
- Enable Code Analysis in Pipeline
- Use
.NET Buildwith the/warnaserrorflag to enforce Roslyn analyzers. - Example YAML:
- task: DotNetCoreCLI@2 inputs: command: 'build' projects: '**/*.csproj' arguments: '--configuration Release /warnaserror'
- Use
- Use SonarQube or Roslynator
- SonarQube can detect unused parameters.
- Integrate SonarQube scan in your pipeline:
- task: SonarQubePrepare@4 inputs: SonarQube: 'SonarQubeServiceConnection' scannerMode: 'MSBuild' - task: SonarQubeAnalyze@4
3. Configure Pull Request Policies
Set up a branch policy to enforce automated checks before merging:
- Require PR build validation that runs static analysis.
- Reject PRs if violations are found.
✅ Steps in Azure DevOps:
- Navigate to Repos → Branches → Select Branch → Branch Policies.
- Under Build Validation, add a policy requiring:
dotnet buildwith analyzers.dotnet testwith unit test coverage checks.- SonarQube or other static analysis.
4. Require Unit Test Coverage in PRs
Ensure new parameters are tested in unit tests before merging:
- Enforce code coverage requirements (e.g., > 80% coverage).
- Use
coverletto check:- task: DotNetCoreCLI@2 inputs: command: 'test' projects: '**/*.Tests.csproj' arguments: '--configuration Release --collect:"XPlat Code Coverage"'
Conclusion
By combining Roslyn Analyzers, Azure DevOps PR policies, Static Analysis, and Unit Testing, you can automate pull request validation to ensure new method parameters are actually used before merging. Would you like help with setting up a Roslyn analyzer or DevOps YAML pipeline?
Prompt:
Response:
Guide to Enforcing Pull Request Standards in Azure DevOps
Overview
In an Azure-based C# project using Azure DevOps Repos and Pipelines, ensuring that pull requests (PRs) meet coding standards—including verifying that new method parameters are actually used—can be automated through static analysis, build policies, and unit test enforcement. This guide provides a step-by-step approach to setting up these validations.
1. Enforce Static Code Analysis Using Roslyn Analyzers
Roslyn analyzers can detect coding issues, including unused method parameters. You can create a custom analyzer or use built-in ones.
1.1 Install Roslyn Analyzers
In your C# project, install the necessary NuGet packages:
dotnet add package Microsoft.CodeAnalysis.CSharp
1.2 Create a Custom Analyzer for Unused Parameters
- Create a new Analyzer Project in your solution:
dotnet new classlib -n UnusedParameterAnalyzer - Implement the analyzer:
[DiagnosticAnalyzer(LanguageNames.CSharp)] public class UnusedParameterAnalyzer : DiagnosticAnalyzer { private static readonly DiagnosticDescriptor Rule = new DiagnosticDescriptor("UPA001", "Unused Parameter", "Parameter '{0}' is never used", "Usage", DiagnosticSeverity.Warning, isEnabledByDefault: true); public override ImmutableArray<DiagnosticDescriptor> SupportedDiagnostics => ImmutableArray.Create(Rule); public override void Initialize(AnalysisContext context) { context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None); context.EnableConcurrentExecution(); context.RegisterSyntaxNodeAction(AnalyzeMethod, SyntaxKind.MethodDeclaration); } private void AnalyzeMethod(SyntaxNodeAnalysisContext context) { var methodDeclaration = (MethodDeclarationSyntax)context.Node; foreach (var parameter in methodDeclaration.ParameterList.Parameters) { var parameterName = parameter.Identifier.Text; var references = methodDeclaration.DescendantNodes() .OfType<IdentifierNameSyntax>() .Count(id => id.Identifier.Text == parameterName); if (references == 0) { context.ReportDiagnostic(Diagnostic.Create(Rule, parameter.GetLocation(), parameterName)); } } } } - Reference this analyzer in your main C# project.
- Enforce it in .editorconfig:
dotnet_analyzer_diagnostic.severity = warning - Run the analyzer as part of build validation.
2. Enforce Static Code Analysis in Azure DevOps Pipelines
To ensure PRs pass static analysis before merging, configure an Azure DevOps pipeline.
2.1 Modify Your Build Pipeline YAML
Add a step to enforce static code analysis:
- task: DotNetCoreCLI@2
inputs:
command: 'build'
projects: '**/*.csproj'
arguments: '--configuration Release /warnaserror'
This ensures that any warnings (including those from Roslyn analyzers) cause a build failure.
2.2 Integrate SonarQube (Optional)
SonarQube provides additional static analysis.
- task: SonarQubePrepare@4
inputs:
SonarQube: 'SonarQubeServiceConnection'
scannerMode: 'MSBuild'
- task: SonarQubeAnalyze@4
3. Enforce Pull Request Policies in Azure DevOps
Ensure PRs meet validation requirements before merging.
3.1 Configure PR Policies
- Navigate to Azure DevOps → Repos → Branches.
- Select the target branch (e.g.,
mainordevelop). - Click Branch Policies.
- Under Build Validation, add a policy:
- Require
dotnet buildwith Roslyn analyzers. - Require unit test execution.
- Reject PRs with static analysis violations.
- Require
3.2 Enforce Code Coverage
Ensure unit tests cover new changes using Coverlet:
- task: DotNetCoreCLI@2
inputs:
command: 'test'
projects: '**/*.Tests.csproj'
arguments: '--configuration Release --collect:"XPlat Code Coverage"'
4. Automate Testing of New Parameters in PRs
To ensure that added method parameters are tested:
4.1 Use a Code Coverage Threshold
Require a minimum code coverage percentage:
- task: PublishCodeCoverageResults@1
inputs:
codeCoverageTool: 'Cobertura'
summaryFileLocation: '**/coverage.cobertura.xml'
4.2 Enforce Code Review with Test Verification
Ensure that code reviewers check for meaningful tests that use new parameters.
Conclusion
By setting up Roslyn analyzers, Azure DevOps PR policies, static analysis tools, and unit test enforcement, you can automate standards verification in your C# project. This ensures that all PRs comply with best coding practices before merging, improving code quality and maintainability.
Would you like additional integrations such as GitHub Actions or Jenkins for similar enforcement?
