Create a SonarQube project that does not use global settings from pipeline

Must-share information:

• SonarQube Server Enterprise Edition v10.7 and Visual studio IDE Version: 8.9.0.11507.
• I want to create SonarQube project that does not use global settings.
• Read doc and create API calls

I have a Azure DevOps yaml pipeline with:

  - task: SonarQubePrepare@7
    displayName: 'Prepare SonarQube Analysis Configuration'
    inputs:
      SonarQube: 'SonarQube'
      scannerMode: 'cli'
      configMode: 'manual'
      cliProjectKey: "$(System.TeamProject)_$(Build.Repository.Name)"
      ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
        extraProperties:  |
          sonar.cfamily.compile-commands=bw_output/compile_commands.json
          sonar.projectName=$(System.TeamProject)_$(Build.Repository.Name)
      ${{ if not(eq(variables['Build.SourceBranch'], 'refs/heads/main')) }}:
        extraProperties:  |
          sonar.cfamily.compile-commands=bw_output/compile_commands.json
          sonar.projectName=$(System.TeamProject)_$(Build.Repository.Name)
          sonar.verbose=true
          sonar.newCode.referenceBranch=main

# more stuff 

  - task: SonarQubeAnalyze@7
    displayName: 'SonarQube Analyze'

  - task: SonarQubePublish@7
    displayName: 'SonarQube Publish'

When I run this without having created the project in SonarQube it will create the project.
This is OK but it will create the project with default parameters for new code definition and QualityGate etc. The “DevOps Platform Integration” setting will also not be configured so the quality gate reporting back to azure DevOps is not possible.

Questions:

1. Is it possible to configure default parameters for the creation in the pipeline ?
2. Is there a way to execute API calls to the SonarQube server from the pipeline that use the access token provided in the service connection ?
3. Prevent the project from being created automatically ? I already have a powershell script that can setup the project

Thanks
/Kennet

Hi Kennet,

Your global configs in SonarQube Server are your “default parameters for the creation in the pipeline”.

Uhm… you can certainly script API calls.

It’s not clear to me what you mean by this part, though:

The only way to do this is to create it preemptively.

 
HTH,
Ann

Ok, but this would not include “DevOps Platform Integration” settings for “Configuration name”, " Project name" and “Repository name” because that configuration is special for each project.
So this solution does not work.

When I create a service connection in DevOps. I will enter a authentication token.
This token has access to create projects. But how can I access that token in a Powershell script inside a yaml pipeline.

$headers = @{
	 "Authorization" = "Bearer $SonarQubeAccessToken"
}
$uri = $uriServer + "api/projects/search?projects=TestProject"
$response = Invoke-RestMethod -Uri $uri -Method Get -Headers $headers

How do I get $SonarQubeAccessToken
I would like to get the token from the service connection but can I do that ?

The problem with that is that other developers are allow to create new DevOps repos that will then create new SonarQube projects with the name they select. So I do not know what names they will use.
Maybe I can change the access token to only allow “Execute Analysis”, I guess then it would not allow creating projects?

Hi,

You’re looking to set “default parameters for the creation in the pipeline” for project-specific values such as key and name? That’s … only available (for legacy reasons) for Maven projects.

Ah. Well, that’s really more an ADO question. I suspect the answer is “you can’t”. You would need to re-provide that token to the script.

I suppose you’re talking about a ‘Global analysis’ token here? If so you’re not going to be able to control its permissions granularly.

I suppose you could manage this by using a user token from a technical account that has analyze globally, but not create.

 
HTH,
Ann

Yes that was what I was trying to do.

Was hoping for a DevOps task like (SonarQubeSetup@7) that would allow custom commands to the SonarQube server.
But OK if I go that this solution I will need to maintain the token in two locations.