Difficult to obtain integration details from Sonarqube API

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube 9.9.0, 9.9.2 Enterprise)
• how is SonarQube deployed: Docker
• what are you trying to achieve
  Attempting to auto-provision repository details for projects missing DevOps integration
• what have you tried so far to achieve this
  Used curl to hit Sonarqube API to obtain alm_integrations; results are useless (0 results returned) for API: api/alm_integrations/list_github_repositories?internal=true&almSetting=github
  and 0 organizations returned for API call: api/alm_integrations/list_github_organizations?internal=true&almSetting=github
  Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hey Jeff.

I would suggest using this guide to make sure you’re passing all the correct query parameters.

I made some attempts based on the suggestion, when I made the request for 'api/alm_integrations/list_github_repositories?internal=true&almSetting=github' including some additional parameters as revealed by the examples, the result came back as {"errors":[{"msg":"No personal access token found"}]}
Any further suggestions?

You’ll need to make the requests with a user that has configured a PAT for project creation in the SonarQube UI, or with after setting it with POST api/alm_integrations/set_pat

No help with that suggestion. I ran this first:

curl -s -w "%{http_code}" -u ${SONAR_TOKEN}: 'https://sonarqube.XXXXXX.com/api/alm_integrations/list_github_repositories?internal=true&almSetting=github&organization=XXXXXX' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'dnt: 1' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: same-origin' \
   -H "Accept: application/json" | jq . | tee projects.list
{
  "paging": {
    "pageIndex": 1,
    "pageSize": 100,
    "total": 0
  },
  "repositories": []
}
200

And then I tried:

curl -s -w "%{http_code}" -u ${SONAR_TOKEN}: 'https://sonarqube.XXXXXX.com/api/alm_integrations/set_pat' \
  -H 'accept: application/json' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'content-type: application/x-www-form-urlencoded' \
  --data-raw 'almSetting=github&organization=XXXXXXX&pat=YYYYYYYYYYYY'

And got this result:
{"errors":[{"msg":"Only Azure DevOps, Bitbucket Server, GitLab and Bitbucket Cloud Settings are supported."}]}400

I did get a successful result from:

curl -s   -u ${SONAR_TOKEN}: https://sonarqube.XXXXXX.com/api/projects/search?ps=400 \
   -H "Accept: application/json" | jq -r ' .components[]|  "\(.key) \(.name)" ' | sort > projects.list

which generates a file containing over 350 projects with key/name pairs.

Trying again using a slightly different syntax for query list_github_organizations, I got a response:

{
  "paging": {
    "pageIndex": 1,
    "pageSize": 100,
    "total": 0
  },
  "organizations": []
}

and when I requested list_github_repositories, it sent:

{
  "paging": {
    "pageIndex": 1,
    "pageSize": 100,
    "total": 0
  },
  "repositories": []
}

But I know there are many already integrated. I am admin user, and should have access to all.

Ah, okay, I understand. I was mixing up how some of the other DevOps Platforms integrate with SonarQube. Sorry about that.

For Github, SonarQube is communicating with GitHub to retrieve an application access token which is provided to the token query parameter when the call is being made from SonarQube.

Since SonarQube itself is negotiating this temporary application access token, I don’t think you’ll be able to mimic this behavior outside of SonarQube just using API calls, although maybe you can do something with these APIs.

Going back to your original use-case:

Is the goal here to fill in this data for existing projects?

@Colin,
No, the goal is to provision new, previously un-analyzed projects. Typically, a branch is created on an existing repository to add Sonarqube analysis, so main/master is NEVER analyzed initially. Unless, of course, a project has been analyzed already, but is missing the integration details (very common use-case for us.)