Create a new SonarCloud Project with CI/CD

Hi Guys,

right now we’re facing a problem with the CI/CD Integration.
We are an unbound organization.

We are trying to create a new project in Sonarcloud if it is not already there as a part of the script in our gitlab-ci.yml.
The script looks like this:

script:
    - |
      GROUP_ID=$(mvn help:evaluate -Dexpression=project.groupId -q -DforceStdout)
      ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
      SONAR_BASIC_AUTH_HEADER=$(echo -n $SONAR_BASIC_AUTH_TOKEN | base64)
      SONAR_API_URL='https://sonarcloud.io/api/project_analyses/search?project='$GROUP_ID':'$ARTIFACT_ID
      HTTP_STATUS=$(curl -o /dev/null -w '%{http_code}' -s -H "Authorization: Basic $SONAR_BASIC_AUTH_HEADER" $SONAR_API_URL)
      echo $HTTP_STATUS
      if [ "$HTTP_STATUS" -eq "404" ]
      then mvn clean verify -X org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.login=$SONAR_CLOUD_TOKEN -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=CompanyName -Dsonar.projectKey=$GROUP_ID:$ARTIFACT_ID
      elif [ "$HTTP_STATUS" -eq "200" ]
      then mvn -X sonar:sonar -P sonar -Dsonar.login="$SONAR_CLOUD_TOKEN" -Dsonar.links.scm="$CI_PROJECT_URL" -Dsonar.branch.name=$CI_COMMIT_REF_NAME
      fi

now the part that is not working is the following:
then mvn clean verify -X org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.login=$SONAR_CLOUD_TOKEN -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=CompanyName -Dsonar.projectKey=$GROUP_ID:$ARTIFACT_ID

which is kinda odd because in a local shell the same command is working and creating a new Project in SonarCloud.
The Command it self is from the SonarCloud dokumentation:
SonarScanner for Maven | SonarCloud Docs

As said, locally on any desktop/Laptop it works but in Gitlab the sonar job fails and we get the following error code(s):

[DEBUG] 09:46:41.498 GET 200 https://scanner.sonarcloud.io/plugins/xml/versions/e87a777f80cf384d07400e1b1e3a8cee.jar | time=5ms
[INFO] 09:46:41.653 Load/download plugins (done) | time=16304ms
[DEBUG] 09:46:41.942 Plugins:
[DEBUG] 09:46:41.942   * IaC Code Quality and Security 1.12.0.3222 (iac)
[DEBUG] 09:46:41.942   * PL/SQL Code Quality and Security 3.8.0.4948 (plsql)
[DEBUG] 09:46:41.942   * Scala Code Quality and Security 1.11.0.3905 (sonarscala)
[DEBUG] 09:46:41.942   * C# Code Quality and Security 8.53.0.62665 (csharp)
[DEBUG] 09:46:41.943   * Vulnerability Analysis 10.0.0-M1.19607 (security)
[DEBUG] 09:46:41.943   * Java Code Quality and Security 7.17.0.31219 (java)
[DEBUG] 09:46:41.943   * HTML Code Quality and Security 3.7.1.3306 (web)
[DEBUG] 09:46:41.943   * Flex Code Quality and Security 2.8.0.3166 (flex)
[DEBUG] 09:46:41.943   * XML Code Quality and Security 2.7.0.3820 (xml)
[DEBUG] 09:46:41.943   * Text Code Quality and Security 2.0.1.611 (text)
[DEBUG] 09:46:41.943   * VB.NET Code Quality and Security 8.53.0.62665 (vbnet)
[DEBUG] 09:46:41.943   * Swift Code Quality and Security 4.8.0.5759 (swift)
[DEBUG] 09:46:41.943   * CFamily Code Quality and Security 6.42.0.61084 (cpp)
[DEBUG] 09:46:41.943   * Python Code Quality and Security 4.0.0.11155 (python)
[DEBUG] 09:46:41.943   * Dataflow Bug Detection Rules for Python 1.11.0.3183 (dbdpythonfrontend)
[DEBUG] 09:46:41.943   * Dataflow Bug Detection 1.11.0.3183 (dbd)
[DEBUG] 09:46:41.943   * Go Code Quality and Security 1.11.0.3905 (go)
[DEBUG] 09:46:41.943   * JaCoCo 1.3.0.1538 (jacoco)
[DEBUG] 09:46:41.943   * Kotlin Code Quality and Security 2.13.0.2116 (kotlin)
[DEBUG] 09:46:41.943   * Dataflow Bug Detection Rules for Java 1.11.0.3183 (dbdjavafrontend)
[DEBUG] 09:46:41.944   * T-SQL Code Quality and Security 1.8.0.5601 (tsql)
[DEBUG] 09:46:41.944   * Apex Code Quality and Security 1.11.0.3905 (sonarapex)
[DEBUG] 09:46:41.944   * JavaScript/TypeScript/CSS Code Quality and Security 10.0.1.20755 (javascript)
[DEBUG] 09:46:41.944   * Ruby Code Quality and Security 1.11.0.3905 (ruby)
[DEBUG] 09:46:41.944   * Vulnerability Rules for C# 10.0.0-M1.19607 (securitycsharpfrontend)
[DEBUG] 09:46:41.944   * Vulnerability Rules for Java 10.0.0-M1.19607 (securityjavafrontend)
[DEBUG] 09:46:41.944   * License for SonarLint 8.0.0.38480 (license)
[DEBUG] 09:46:41.944   * Vulnerability Rules for JS 10.0.0-M1.19607 (securityjsfrontend)
[DEBUG] 09:46:41.944   * COBOL Code Quality 5.2.0.5949 (cobol)
[DEBUG] 09:46:41.944   * Vulnerability Rules for Python 10.0.0-M1.19607 (securitypythonfrontend)
[DEBUG] 09:46:41.944   * PHP Code Quality and Security 3.27.1.9352 (php)
[DEBUG] 09:46:41.944   * ABAP Code Quality and Security 3.11.0.4030 (abap)
[DEBUG] 09:46:41.944   * Configuration detection fot Code Quality and Security 1.2.0.267 (config)
[DEBUG] 09:46:41.944   * Vulnerability Rules for PHP 10.0.0-M1.19607 (securityphpfrontend)
[DEBUG] 09:46:41.959 GET 200 https://sonarcloud.io/api/server/version | time=15ms
[DEBUG] 09:46:41.961 Updated analysis started with a difference of -2 milliseconds
[DEBUG] 09:46:41.961 Started at Fri Mar 03 09:46:25 CET 2023
[INFO] 09:46:41.980 Loaded core extensions: developer-scanner
[DEBUG] 09:46:42.022 Installed core extension: com.sonarsource.branch.DeveloperScannerCoreExtension@28996e52
[INFO] 09:46:42.421 Found an active CI vendor: 'Gitlab CI'
[INFO] 09:46:42.429 Load project settings for component key: 'de.company.Team.components.ProjectID:ProjectID'
[DEBUG] 09:46:42.447 GET 404 https://sonarcloud.io/api/settings/values.protobuf?component=de.company.Team.components.ProjectID%3AProjectID | time=18ms
[INFO] 09:46:42.451 Process project properties
[DEBUG] 09:46:42.458 Process project properties (done) | time=7ms
[INFO] 09:46:42.459 Execute project builders
[DEBUG] 09:46:42.459 Execute project builder: org.sonar.plugins.csharp.CSharpGlobalProtobufFileProcessor
[DEBUG] 09:46:42.460 Execute project builder: org.sonar.plugins.vbnet.VbNetGlobalProtobufFileProcessor
[INFO] 09:46:42.461 Execute project builders (done) | time=2ms
[INFO] 09:46:42.462 Project key: de.company.Team.components.ProjectID:ProjectID
[INFO] 09:46:42.462 Base dir: /builds/Team/components/ProjectID
[INFO] 09:46:42.462 Working dir: /builds/Team/components/ProjectID/target/sonar
[DEBUG] 09:46:42.462 Project global encoding: UTF-8, default locale: en_US
[DEBUG] 09:46:42.464 Creating module hierarchy
[DEBUG] 09:46:42.464   Init module 'BelegTrnConsumer Service'
[DEBUG] 09:46:42.465     Base dir: /builds/Team/components/ProjectID
[DEBUG] 09:46:42.465     Working dir: /builds/Team/components/ProjectID/target/sonar
[DEBUG] 09:46:42.465     Module global encoding: UTF-8, default locale: en_US
[INFO] 09:46:42.525 Load project branches
[DEBUG] 09:46:42.542 GET 404 https://sonarcloud.io/api/project_branches/list?project=de.company.Team.components.ProjectID%3AProjectID | time=17ms
[DEBUG] 09:46:42.542 Could not process project branches - continuing without it
[INFO] 09:46:42.543 Load project branches (done) | time=18ms
[INFO] 09:46:42.546 Check ALM binding of project 'de.company.Team.components.ProjectID:ProjectID'
[DEBUG] 09:46:42.564 GET 404 https://sonarcloud.io/api/alm_integration/is_project_bound?project=de.company.Team.components.ProjectID%3AProjectID | time=18ms
[INFO] 09:46:42.564 Detected project binding: NONEXISTENT
[INFO] 09:46:42.565 Check ALM binding of project 'de.company.Team.components.ProjectID:ProjectID' (done) | time=19ms
[INFO] 09:46:42.567 Load project pull requests
[DEBUG] 09:46:42.586 GET 404 https://sonarcloud.io/api/project_pull_requests/list?project=de.company.Team.components.ProjectID%3AProjectID | time=19ms
[DEBUG] 09:46:42.586 Could not process project pull requests - continuing without it
[INFO] 09:46:42.587 Load project pull requests (done) | time=20ms
[INFO] 09:46:42.591 Load branch configuration
[INFO] 09:46:42.593 Auto-configuring branch feature/TIBCO-23668-SonarCloudTesting
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  03:17 min
[INFO] Finished at: 2023-03-03T09:46:42+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project ProjectID: Unable to load component class org.sonar.scanner.scan.filesystem.InputComponentStore: Unable to load component interface org.sonar.scanner.scan.branch.BranchConfiguration: Could not find a default branch to fall back on. -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project ProjectID: Unable to load component class org.sonar.scanner.scan.filesystem.InputComponentStore

We appreciate ur help.

Best Regards,
Lucas

Hi @LucasKrannich

Sadly, the automatic creation of projects from CI systems is not supported as of today.
Making the onboarding of big organizations with many projects is one of our roadmap items for this year. I’ll add a note to include this in the feature design.

Have a nice day,
Claire