So we have open-source a small webhook-receiver that does exactly this:
It puts the quality-gate status as external status check on GitLab (Ultimate):
It works quite well, but we have one problem when we retrieve the quality gate status:
api/project_pull_requests/list does not contains the commit sha (I can’t comment on the old thread)
But given a projectKey and a pullrequest we would like to get:
- The quality Gate Status
- The revision (the value
sonar.scm.revision) where the scanner did run.
We have tried following:
-
/api/qualitygates/project_status?projectKey=<key>&pullRequest=<pr>does not contains the revision information -
/api/project_pull_requests/list?project=<key>contains the information on SonarCloud but not on an on-prem SonarQube server (tested with 9.9)
Even with multiple Web-API call to Sonar, I do not understand how I can access the revision information.
For the flow where the tool respond to a Sonar Webhook Event there is no problem the information is present in the event.
But there is an additional where GitLab request to know the status (this is the “Retry” button on the external status check). In this case the u-sonar-status tool is contacting Sonar to know what is the quality gate status. IMO not checking if the head of the MR matches the sonar revision is a mistake since as soon as you push a commit to the MR, GitLab will request the status to be updated and you can not set the status based on an outdated scan in Sonar.