I’m working on an integration of SonarCloud into the Gitlab CI pipeline. Previously I was hosting the Sonar server myself, so the scanning looked like this:
sonarqube-check:
stage: security-testing
image: sonarsource/sonar-scanner-cli:latest
except:
- /^release-.*$/
needs: []
variables:
# Defines the location of the analysis task cache
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
# Tells git to fetch all the branches of the project, required by the analysis task
GIT_DEPTH: "0"
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner -Dsonar.projectKey=$CI_PROJECT_NAME -Dsonar.qualitygate.wait=true
The global variables contained the SONAR_HOST and SONAR_TOKEN values, everything was going fine.
Now, moving to the sonarcloud has been a little tricky. This is what I did:
Changed the URL to the sonarcloud and changed the token
Added the sonar.organization value to the CI file (at the end of the sonar-scanner command)
the project is not created under the organization and the error appears:
ERROR: Could not find a default branch to fall back on.
I’ve searched around in the forum, but I don’t really find a solution. I don’t want to define different tokens for different newly created repos. My workflow should be that any repository that is created in Gitlab with the inherited CI file, should be scanned and imported to the SonarCloud.
Thanks for following up. The solution turned out to be onboarding the project to the SonarCloud. Launching the sonarscanner from gitlab onto the non-existing-on-the-cloud repo spits out the above error. When you add it manually, the error goes away.
Even though THIS particular problem is solved with a workaround I still have a question: what happens for the new project repos? Why should I need manual repo onboarding? I don’t wan to keep tabs what new repos development team is creating, all I care that they are scanned and report the results to the sonarscloud.
Any tips on this front?
We are running in to the same problem. Is there a way to enable automatic onboarding of new projects in our Sonarsource Organization?
Right now, every time a new project is created in GitLab, somebody has to manually add this new project in Sonarsource.
I thought about this and in the end I wrote a very small script. It pulls the currently existing projects, greps for the repository in question and if it doesn’t exist — creates one.
# checking if the project exists
- export is_project_existing=$(curl https://{$SONAR_TOKEN}@sonarcloud.io/api/projects/search?organization=myorganization | grep -w $CI_PROJECT_NAME)
- |
if [[ ! -z $is_project_existing ]]; then
echo "Project exists on sonarcloud, proceeding to analysis"
else
# creating new project
curl -X POST https://{$SONAR_TOKEN}@sonarcloud.io/api/projects/create -d "name=$CI_PROJECT_NAME&project=myorganization_$CI_PROJECT_NAME&organization=myorganization"
fi