RestAPI Support for Monorepo Project Import?

Is it possible to use the RestAPI to import a project into a monorepo? Looking at the documentation found at https://sonarcloud.io/documentation/analysis/setup-monorepo/. I would like to be able to do the section " Importing a monorepo" using the API vs doing it manual in the console.

The current API Enpoint for projects (https://sonarcloud.io/web_api/api/projects) seems to be only for standalone repositories, but maybe I’m missing something?

Thanks!

1 Like

Hello @ps-aartread,

Creating a mono-repo is currently not supported by our public API. You can create a new suggestion (Suggest new features - SonarSource Community) and we will consider adding it.

1 Like

Thanks Tom for the information. I’ll add a suggestion. Appreciate the help.

-Aaron

Hi @TomVanBraband Can you please advise if any API is available now for monorepo project import in SonarCloud. If not, kindly let me know if you have ETA on the new feature request which is in place.

1 Like

Found the related issue that was created from this thread: RestAPI support for creating monorepo projects

looks like there hasn’t been any movement on this :frowning: has anyone figured out an automated workaround for this?

Hi Jon!
I was trying to understand how they send the information to create the project from the UI.
It’s a POST request with a JSON payload on this endpoint: https://sonarcloud.io/api/alm_integration/provision_monorepo_projects.

The payload has the following structure:

{
  "newCodeDefinitionValue": "previous_version",
  "newCodeDefinitionType": "previous_version",
  "organization": "vandelayindustries",
  "projects": [
    {
      "projectKey": "vandelayindustries_art_vandelay_project",
      "projectName": "Vandelay Industries - Art Vandelay project",
      "installationKey": "13374321"
    },
    {
      "projectKey": "vandelayindustries_dr_van_nostrand_project",
      "projectName": "Vandelay Industries - Dr. Van Nostrand project",
      "installationKey": "13374321"
    }
  ]
}

The cURL command that could be used to replicate this:

curl "https://sonarcloud.io/api/alm_integration/provision_monorepo_projects" \
	--compressed \
	--request POST \
	--header "Authorization: Bearer YOUR_TOKEN_HERE" \
	--header "Accept: application/json" \
	--header "Accept-Language: en-US,en;q=0.5" \
	--header "Accept-Encoding: gzip, deflate, br" \
	--header "Referer: https://sonarcloud.io/projects/create" \
	--header "Content-Type: application/json" \
	--data-raw "{ ... }"  # This should be a JSON payload like I showed before

The only strange parameter in the JSON payload is the installationKey. I don’t exactly know where that number comes from, but it’s kind of an identifier for the git repository.

And because we are trying to create 2 projects that are bound to the same repository (a monorepo), the installationKey is the same for both projects.

Now, how do we find the installationKey for a git repository?
When the UI loads the repositories list, it sends a GET request more or less like this:

curl "https://sonarcloud.io/api/alm_integration/list_repositories?organization=YOUR_ORGANIZATION" \
		--compressed \
		--request GET \
		--header "Authorization: Bearer YOUR_TOKEN_HERE" \
		--header 'Accept: application/json' \
		--header 'Accept-Language: en-US,en;q=0.5' \
		--header 'Accept-Encoding: gzip, deflate, br' \
		--header 'Referer: https://sonarcloud.io/projects/create'

It returns a JSON with the git repositories that would be listed in the interface. It’s kind of a mess, because it returns the repository “title” (the human-readable repository name) instead of the git repository name (the one from the Github/Gitlab/Bitbucket URL):

{
  "repositories": [
    {
      "label": "George's Project",
      "installationKey": "12341234",
      "linkedProjects": [],
      "private": true
    },
    {
      "label": "Kramer's Project",
      "installationKey": "43214321",
      "linkedProjects": [
        {
          "key": "vandelayindustries_kramers_project",
          "name": "Kramer's Project"
        }
      ],
      "private": true
    }
  ]
}

To make sense of all this:

  • label: the human-readable git repository name
  • installationKey: some kind of “identifier” of the git repository for Sonarcloud
  • linkedProjects: an array with the projects that are already bounded to this git repository (this list is empty when there are no projects bound to the repository)
  • private: if the project’s visibility is public or private

I didn’t scripted it yet, but this information might help someone.