Template for a good new topic, formatted with Markdown:
ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
Azure DevOps
CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
Azure DevOps
Scanner command used when applicable (private details masked)
Generic scanner on Azure Pipelines
Languages of the repository
Mostly java
Only if the SonarCloud project is public, the URL
And if you need help with pull request decoration, then the URL to the PR too
Behavior observed
We want to configure Pull request decoration for our projects. We have several projects (today 57 projects)
All projects are AzureDevOps SCM and pipelines.
So here are my questions:
Is there an Organization option to configure the Azure PAT Token ?
Can I set a Default Organization PR Provider sonar.pullrequest.provider ?
The Azure DevOps experience on SonarCloud doesn’t benefit yet from organization-wide settings, and more globally, from bindings of organizations between it and Azure.
That being said, it’s not possible yet to set a PAT at organization level.
For the sonar.pullrequest.provider property, the Azure DevOps extension is taking care of setting it for you, so there’s no need to worry about it.
No it will not be taken in account as it is an internal property, not a “Scanner” one. And the variable you gave in example is the OAuth token that the agent uses to authenticate against AzDO. I don’t think that the PAT is accessible through a variable.
Thanks for the answer Mickaël.
We found the SonarCloud API where we can set the sonar.pullrequest.vsts.token.secured property before the scan execution. https://sonarcloud.io/api/settings/set
Basically we execute these two request before every scan. It will always set the current build token to sonar post the comments. $(sonar.token) is a sonarCloud token saved as variable group in azure devops.
- script: |
curl --request POST -u $SONARTOKEN: \
--data "component=$(Build.Repository.Name)" \
--data "key=sonar.pullrequest.provider" \
--data "value=Azure DevOps Services" \
https://sonarcloud.io/api/settings/set
displayName: 'Set PR provider for current project in sonarcloud'
env:
SONARTOKEN: $(sonar.token)
- script: |
curl --request POST -u $SONARTOKEN: \
--data "component=$(Build.Repository.Name)" \
--data "key=sonar.pullrequest.vsts.token.secured" \
--data "value=$SYSTEM_ACCESSTOKEN" \
https://sonarcloud.io/api/settings/set
displayName: 'Set PR token for current project in sonarcloud'
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
SONARTOKEN: $(sonar.token)
Our account is already bound to Azure DevOps. However setting the PAT token globally in the organisation settings does not seem to propagate down to the project level.
Only when we manually set the PAT token at the project level does PR decoration work again.
I have worked out the issue. The project level settings seemingly take precedent over the org PAT. Clearing out the project level settings allows us to configure the PAT globally.