GitLab.com MR decoration (with Azure AD for SSO)

rictorres · November 20, 2020, 6:32pm

Hello, there!

This is a follow up from this topic Gitlab.com merge request decoration - unfortunately I went on vacation and didn’t manage to reply in there before it was closed.

Currently our repos are hosted on GitLab.com and we’re using Sonarcloud for quality analysis.
Our Sonarcloud account is accessed through Azure SSO (Active Directory + DevOps). From what I understood, this implies we can only link projects coming from Azure DevOps but as I mentioned our repos are on GitLab.com.

All our projects on Sonarcloud were created automatically from our GitLab CI setup: we expose the Sonarcloud token which allows the job to run and send the collected data to our Sonarcloud account based on the project key inside the sonar-project.properties file. This part is working fine, by the wat

Moreover, I have checked the docs on how to Import GitLab projects though it requires “Log in with GitLab” however we would like to keep the current SSO setup with Azure.

Given the above, would it be possible to get both? As in signing in to Sonarcloud through Azure - retaining SSO capabilities - but import projects using GitLab.com. If not, is there an alternative? I’m totally open to suggestions

I’d appreciate any help on this

Many thanks in advance!

AlxO · November 24, 2020, 6:46am

Hi @rictorres,

You’re correct in that the ‘import projects’ functionality requires logging with a matching ALM login, hence you can import GitLab projects with a GitLab login only.

Regards,
Alex

rictorres · November 25, 2020, 8:54am

Hey, @AlxO

Thanks for replying!

Do you know if it’s possible to migrate projects to be imported from GitLab while retaining user access to Sonarcloud via Azure SSO?

AlxO · November 26, 2020, 7:11am

I don’t think so @rictorres. As a generality, it is preferable, in order to benefit fully from SonarCloud, that Git repositories and User accounts come from the same provider.

rictorres · November 26, 2020, 1:33pm

Clear!

Unfortunately it’s a requirement for us to keep user access through Azure
I’ll look into decorating GitLab’s MRs with a custom pipeline job which would get the respective scan info from Sonarcloud API.

@AlxO If not too much trouble, may I ask you for pointers on which endpoints I should look into in order to get an output similar to what’s shown below? Also, I’m open to any other ideas!

Thanks again!