We’re trying to develop a SonarQube web API integration with some internal tools, and would like to be able to extract quality gate results for a specific Sonar analysis given a specific Git commit SHA that was previously successfully analysed (project key and branch name are known, but the Git SHA is the real key). Searching by the SHA directly is not needed, as long as I could iterate over a couple project analyses until I find a match.
Given that SonarQube can extract Git information (like blame), I was expecting that an analysis could inform the Git SHA of the analysed code, but I couldn’t find such info, not even in internal APIs. Among my web API investigations I found the Compute Engine task scannerContext field, which contains a lot of text info where maybe I could inject Git SHA info for later extraction, but that is a very hacky way to solve things.
So, is this information exposed somehow by SonarQube? If not, is there a way I can store it along with the analysis and retrieve it directly from the web API (that is, without storing the SHA-analysisId mapping somewhere else)?
SonarQube version 7.2.1 (build 14109)
Sonar Maven plugin 188.8.131.523 (this solution might be applied to non JVM projects in the future)