Hi, I’m running SonarQube 6.7.1 (build 35068) and I think I found an issue with the “api/qualityprofiles/projects” endpoint.
I need to retrieve all projects that are using a specific Quality Profile. The Quality Profiles can be a specific profile, or the default one. Image top part.
When I retrieve the QualtiyProfiles via “api/qualityprofiles/search” I do get back the default profile.
When I then try to retrieve all projects that are linked to a Quality Profile via “api/qualityprofiles/projects?key=…”
The return for the specifically linked Quality Profiles (E.g. MultiOne High/Medium/Low) return a list of projects associated with the Quality Profile.
When I try to do the same with the default Quality Profile no projects are returned. However when I go to specific projects that do use the default Quality Profile, I can see that it is linked. Image lower part
I would expect that all projects that are linked to the default Quality Profile are being retrieved.
So far I have not been able to work around this issue. I tried to use the selected parameter, but then I would get back all projects also not related the the Quality Gate.
I merged the two images together since I was only allowed to upload one…
The goal of api/qualityprofiles/projects is to returned the list of projects that have been explicitly associated to a given quality profile.
By definition, a quality profile set as default on a language have no associated project.
So, as your need is to
retrieve all projects that are using a specific Quality Profile
If this quality profile is not set as default, then the list of projects returned by api/qualityprofiles/projects is exactly what you need !
In this case, it will not be easy indeed to get the list of projects that will use the default quality profile…
May I ask you which use case is requiring to get this information ?
We are working on a tool that contains a lot of legacy code, which has lower code coverage.
We identified via PRISMA which components are most important for our customer and then decided on 3 different quality profiles based on the outcome… (High Medium Low) These profiles have for example different requirements for code coverage. High at least 60% vs Low at least 20%. All new components that we develop are linked to the “default profile” which has a minimum coverage of 70%.
The quality department of the customer now wants to know how many of the components reach the intended coverage target.
Since I do not want to figure this out manually for over 100 projects. I tried to lookup which projects are in which quality profile and then for each project retrieve the line_coverage metric.
This works for all the non default quality profiles, however I now mis about 40 projects because they are linked to the default profile.
I’m sorry, but the use case you’re describing is not a common use cases, so except if we receive other feedbacks about this, nothing will be done on our side.
The only thing I could see is that you could use tags to categorize your projects.
Thats unfortunate.
I still find it strange you can’t retrieve the quality profiles used for all projects but only for a specific set. In my opinion that makes no sense. If you can’t do it for all then why can you do it for some.
Regarding your suggestion
The only thing I could see is that you could use tags to categorize your projects.
I guess in essence that is the same as assigning the projects that use the default quality profile a specific one. Which would mean a manual action anyway. So I’ll guess I’ll assign all projects a non default quality profile.
Explicitly, the nature of a default is that it’s what you get when you don’t make a choice. So there’s no good way to retrieve the list of projects where no choice was made.
Still, if you really want to do this, start with a list of all projects. Then get a list of profiles, and on a per-profile basis you can remove from the “all projects” list the ones that are specifically assigned to profiles. When you’ve iterated all the profiles, what’s left in “all projects” are the ones using the default profile.
All that said, I really don’t understand why you’re talking about managing coverage requirements using profiles. It seems to me that you should be using Quality Gates for this instead. Of course, the same default/specific assignment setup exists there too.
All that said, I really don’t understand why you’re talking about managing coverage requirements using profiles. It seems to me that you should be using Quality Gates for this instead. Of course, the same default/specific assignment setup exists there too
I completely agree with you on the fact that we should check if a project matches the code coverage with a quality gate. We have made one for each of our projects and our builds also fail if a quality gate is not met.
However we also implemented the “water leak principle” and therefor if we say the minimum should be 60% and a project has already 65% coverage the quality gate minimum coverage is set to 65% otherwise we would allow new code to lower the overall coverage.
The 60% is defined in the Quality Profile. Hence for me to check if the code coverage is high enough for a profile, I need to know to which profile the project belongs.
Maybe we are abusing the Quality Profiles for something that they are not meant to be used for. That is also a possibility.
The problem is that you are misunderstanding the question the API is supposed to be answering. For Users like @Hubert, myself, and pretty much anyone else, the expectation is that the API returns all projects that will be using the named quality profile on their analyses.
The use case where someone wants to know which projects have an explicit selection for a quality profile instead of the set described previously is a rare and very specific need (probably something the person who made the admin UI cares to know about). If you really meant to build the API to serve this data, that does not mean its a choice that is still worth defending. Its better to just fix the API to work as expected or provide the data in some other way (like attached to the project record).
When a project has a selection for a QP, and later that QP becomes the default, this API returns that project when queried for a specific QP, but not other projects that are also going to use the same QP
The APIs exposed in SonarQube are explicitly designed to provide the data required to paint the interface. Period. Beyond that, they’re exposed in case they can be useful.
If you have an additional need, feel free to open a ‘New feature’ thread, but don’t expect much. We have explicitly made the decision not to build APIs we don’t use ourselves. We haven’t built any APIs designed to facilitate data mining. The fact that some of them happen to be useful in that context is, for you, a happy accident.
If you have a need that isn’t covered, feel free to create a ‘New feature’ thread but be aware that we remain unlikely to implement APIs we don’t directly use ourselves.
Nothing in the SonarCloud docs mention the WebAPI to back or refute your statement. If we take the usual course of action when the sonarcloud docs are missing a section, we would fall back to the official docs for SonarQube. Web API
SonarQube provides web API to access its functionalities from applications.
Which seems to disagree with your assertion. If you are really going to take that position as official it would be fair and reasonable to update your public documentation to state that.
I dont know where you got the idea that I’m looking to do something unsavory like data mine. We just need to manage. Our org has 670+ projects loaded to Sonar (and ~1K GH repos that havent been setup as sonar projects yet) to keep tabs on and your user interfaces just dont scale. They are too focused on individual changes and monitoring at the project level.
As the OP already writes in his headline, we have the same problem. Our organization wants to know which quality profiles are used by each team as part of the q-process.
The non-automated way is via the sonarqube web-ui and for each project under project/project settings/quality profile (EXACTLY this data we need) look it up. Now we have well over a hundred projects in our organization and we really need to pull this information often.
The question is, how do I get this data via the REST APIs? Can anyone help with this?
