When using SonarQube’s SonarScanner CLI in GitHub Actions it may not always be possible to use the official public action, perhaps your organisation doesn’t permit public actions, or only approves specific ones.
In such cases you may look to create your own internal action and SonarQube provide their SonarScanner CLI tool in a Docker image for easy consumption. The documentation gives you an example on how to create a container using their image:
Warning: this post contains unsupported API calls, so use at your own risk
Similar to the situation in Part 2 for onboarding a project into SonarCloud, onboarding a user into an organization is also not supported via the public API.
In the API documentation there is no entry for api/organizations
This was confirmed by a community posting and unfortunately did not appear on the roadmap:
Back to Chrome Developer Tools So in the same way as in Part 2 I used Chrome Developer Tools to monitor what happens in the SonarCloud UI when adding a member to an organization:
Warning: this post contains unsupported API calls, so use at your own risk
One of the main reasons I started looking at the SonarCloud api was to be able to automate the onboarding of new GitLab projects into SonarCloud. We didn’t want to have to do that manually via the UI, rather via a pipeline job. In part 1 of this series I demonstrated the basics of the API and the PSSonarCloud PowerShell module, in part 2 we’ll look at how to onboard a project into SonarCloud.
SonarCloud is the SaaS version of SonarQube, a tool to detect and fix issues in your code by examining code quality and security vulnerabilities. I needed to automate the onboarding of both users and code projects into SonarCloud to take away the need to manually provision these items into the system.
SonarCloud has a Web API which facilitated a lot of what I needed to achieve, however with some significant gaps which initially appeared to mean some of the onboarding would need to still be manual.