Hi Jon!
I was trying to understand how they send the information to create the project from the UI.
It’s a POST
request with a JSON
payload on this endpoint: https://sonarcloud.io/api/alm_integration/provision_monorepo_projects
.
The payload has the following structure:
{
"newCodeDefinitionValue": "previous_version",
"newCodeDefinitionType": "previous_version",
"organization": "vandelayindustries",
"projects": [
{
"projectKey": "vandelayindustries_art_vandelay_project",
"projectName": "Vandelay Industries - Art Vandelay project",
"installationKey": "13374321"
},
{
"projectKey": "vandelayindustries_dr_van_nostrand_project",
"projectName": "Vandelay Industries - Dr. Van Nostrand project",
"installationKey": "13374321"
}
]
}
The cURL
command that could be used to replicate this:
curl "https://sonarcloud.io/api/alm_integration/provision_monorepo_projects" \
--compressed \
--request POST \
--header "Authorization: Bearer YOUR_TOKEN_HERE" \
--header "Accept: application/json" \
--header "Accept-Language: en-US,en;q=0.5" \
--header "Accept-Encoding: gzip, deflate, br" \
--header "Referer: https://sonarcloud.io/projects/create" \
--header "Content-Type: application/json" \
--data-raw "{ ... }" # This should be a JSON payload like I showed before
The only strange parameter in the JSON
payload is the installationKey
. I don’t exactly know where that number comes from, but it’s kind of an identifier for the git repository.
And because we are trying to create 2 projects that are bound to the same repository (a monorepo), the installationKey
is the same for both projects.
Now, how do we find the installationKey
for a git repository?
When the UI loads the repositories list, it sends a GET
request more or less like this:
curl "https://sonarcloud.io/api/alm_integration/list_repositories?organization=YOUR_ORGANIZATION" \
--compressed \
--request GET \
--header "Authorization: Bearer YOUR_TOKEN_HERE" \
--header 'Accept: application/json' \
--header 'Accept-Language: en-US,en;q=0.5' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'Referer: https://sonarcloud.io/projects/create'
It returns a JSON
with the git repositories that would be listed in the interface. It’s kind of a mess, because it returns the repository “title” (the human-readable repository name) instead of the git repository name (the one from the Github/Gitlab/Bitbucket URL):
{
"repositories": [
{
"label": "George's Project",
"installationKey": "12341234",
"linkedProjects": [],
"private": true
},
{
"label": "Kramer's Project",
"installationKey": "43214321",
"linkedProjects": [
{
"key": "vandelayindustries_kramers_project",
"name": "Kramer's Project"
}
],
"private": true
}
]
}
To make sense of all this:
label
: the human-readable git repository name
installationKey
: some kind of “identifier” of the git repository for Sonarcloud
linkedProjects
: an array with the projects that are already bounded to this git repository (this list is empty when there are no projects bound to the repository)
private
: if the project’s visibility is public or private
I didn’t scripted it yet, but this information might help someone.