- ALM used: Azure DevOps
- CI system used: Azure DevOps
- Scanner command used when applicable (private details masked):
- task: SonarCloudPrepare@1
inputs:
SonarCloud: 'Sonarcloud code police'
organization: '***'
scannerMode: 'CLI'
configMode: 'manual'
cliProjectKey: '***'
cliProjectName: '***'
cliSources: '.'
extraProperties: |
# Additional properties that will be passed to the scanner,
# Put one key=value per line, example:
sonar.sources=/absolute/path/to/project/src
sonar.tests=/absolute/path/to/project/tests
sonar.exclusions=**/tests/*.py,**/*.xml,setup.py
sonar.python.coverage.reportPaths=/absolute/path/to/project/coverage.xml
sonar.python.version=3
- Languages of the repository: python
I have an azure pipeline in which I run SonarCloudPrepare@1 followed by SonarCloudAnalyze@1. For those projects that do not yet exist on the default branch (which for me is master), when a PR is created to master that contains the new code to be analyzed by SonarCloud, SonarCloudAnalyze@1 step fails with the following message:
‘ERROR: Could not find a default branch for project with key ‘***’. Make sure project exists.’
Once I merge the PR and it runs on master, then SonarCloud automatically creates that project for me without problems.
Now I would like to add a step to before SonarCloudAnalyze@1 to check if the project exists on SonarCloud using SonarCloud Web Api, and if so, then do not run SonarCloudAnalyze (except if it is running on the default branch, master).
I have made the following powershell script which checks for existence of the project, and sets a boolean variable which will then be used in the condition for SonarCloudAnalyze@1:
$projects_found = curl --request GET --url 'https://sonarcloud.io/api/projects/search?organization=***&projects=***' --header "Authorization: Bearer ***" | ConvertFrom-Json
if ($projects_found.components.Count -gt 0) {
Write-Host "project found"
echo "##vso[task.setVariable variable=PROJECT_EXISTS]true"
}
Now the problem is, the token given after Authorization: Bearer as part of the GET request, is a user-dependent token, meaning if I leave the company that I am working for now, and my user account gets deleted from SonarCloud, this would stop working.
Do you have a suggestion for how to avoid hardcoding a user-dependent token like this, and somehow make the GET request to authenticate in a better way?