Unable to set token from Azure DevOps

BasilFX · November 27, 2018, 8:59am

From the Azure DevOps prepare task, I set sonar.pullrequest.vsts.token.secured to a working value. However, once the scan is completed, it doesn’t decorate a pull-request.

Looking at the Background Tasks -> Scanner Context, I do see sonar.pullrequest.vsts.token.secured=*******, but Background Tasks -> Show Warnings tells me ‘Pull request decoration did not happen because the token is missing. Please set it in the project settings.’

I expect this to work via Azure DevOps, since I don’t want to set this key via the project settings, as it requires me to set this key for 100+ project (I can create a task group in Azure DevOps to simplify a lot of work so others don’t have to).

Any idea on how to get this working?

Colin · November 27, 2018, 9:14am

Bas,

This value needs to be set in the project settings, rather than through an analysis parameter.

If you need to automate this somehow, you might find the POST api/settings/set Web API useful.

You might also want to vote on MMF-1478 to have settings available at the organization level.

Colin

BasilFX · November 27, 2018, 9:22am

Thanks Colin, I already suspected that.

However, from the UI it isn’t really clear: it lists sonar.pullrequest.vsts.token.secured in the project settings, so I suspected this to work.

I’ll take a look at the API approach.

SailingYYC · March 26, 2020, 12:52am

Hi Bas,

Did you ever find a method to automatically set sonar.pullrequest.vsts.token.secured from a pipeline, based on the ephemeral build AccessToken?

I would greatly appreciate any advice on how you solved this.

Colin

BasilFX · March 28, 2020, 12:40pm

I wrote a small program that (re)sets the token using the API.

Alexandre_L_F · April 22, 2020, 8:56pm

Hi Bas,

I trying post something like https://sonarcloud.io/api/settings/values?component=Sonar.Scanning.Examples&keys=sonar.pullrequest.vsts.token.secured&value=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, but I get an error, could post your solution? Regards

BasilFX · April 23, 2020, 7:04am

Sure, something like this (Python 3, Requests).

Alexandre_L_F · April 23, 2020, 12:21pm

Tks Bas, I using Azure DevOps, so I make one with powershell, let me show…

$SonarToken = “XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”
$token = [System.Text.Encoding]::UTF8.GetBytes($SonarToken + “:”)
$base64 = [System.Convert]::ToBase64String($token)
$basicAuth = [string]::Format(“Basic {0}”, $base64)
$headers = @{ Authorization = $basicAuth }

$URL = "https://sonarcloud.io/api/settings/set?"
$Param = “key=sonar.pullrequest.provider&value=Azure%20DevOps%20Services&component=”
$Param2 = “key=sonar.pullrequest.vsts.token.secured&value=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&component=”

$URI = $URL + $Param + $env:Build.Repository.Name
$URI2 = $URL + $Param2 + $env:Build.Repository.Name

Invoke-RestMethod -Method Post -Uri $URI -Headers $headers
Invoke-RestMethod -Method Post -Uri $URI2 -Headers $headers

I will make more improvements in the code code, but works… tks