Azure DevOps quality gate REST API

Hi community,

I try to set Quality Gates for my yml pipeline in Azure DevOps using REST API. I believe that I have a problem with authentication.

  1. Created service connection with the following parameter:
    Server URL: https://sonarcloud.io/api/qualitygates/project_status
  2. Created REST API check with the following parameters (I tried the same request in PowerShell and it works):
    Method: GET
    Headers: {“Authorization”: “Bearer <sonar_token_value>”}
    URL suffix and parameters: ?projectKey=<sonar_project_key>
  3. Run deployment. Got error:
 2022-02-03T05:29:06.4944665Z GET https://sonarcloud.io/api/qualitygates/project_status?projectKey=<sonar_project_key>
				Response Code: 0
				Response: An error was encountered while processing request. Exception: {"errors":[{"msg":"Insufficient privileges"}]}
Exception Message: The remote server returned an error: (403) Forbidden. (type WebException)

As I said I tried the same request in PowerShell and it works.
Tried different approaches: Authorization token using Basic and base64 encoded token, Bearer and “:” in the end of token, POST instead GET. In some cases I got 401 in some cases 403.

Where is a mistake?

Hey there.

I think it’s worth stepping back and asking why you want to do it this way – when the Publish Quality Gate Result build task and Webhooks already exist. Can you help us understand?

Publish Quality Gate Result task does not prevent deployment in case of failed quality gates.
Webhooks as I understand sends data to the provided URLs. I don’t have any URL which can accept data from webhooks and I need to pass data from webhook accepter to Azure DevOps (sounds pretty complicated).

We have perfect SonarCloud REST API which can be integrated with “Approvals and checks” mechanism of Azure DevOps. So can you help me with that particular problem?

Hey @Saqwel

Thanks for the follow-up. I really believe that when possible, one should try and use the right tool for the job. Now that I understand the context is a release pipeline – were you aware of the release gate that is available for SonarCloud?

In any case – if the same works in Powershell (with the same header) – I would assume you are running against something in Azure DevOps (such as details of the generic service connection overriding the authentication you try and provide as header).

Hi @Colin,

I tried to implement quality gates for yml multistage pipeline. And tried to test similar approach in classic release pipeline, but it does not work. At the moment we decided to fail build stage in case of sonar quality gate failed instead of using “Approval and check” in Azure DevOps environments.

Thank you for your help. I think thread can be closed.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.