Publishing SonarQube badges using Azure Functions

We have started to use SonarQube, an awesome tool for static code analysis, and due to several reason we have to use the on-prem version and not the cloud version.

Now that we use SonarQube we want maximum visibility of the metrics that SonarQube produces, there for we want to add badges to our repositories, you probably seen them several places, looks like this:

image.png

So the problem is that SonarQube does not natively support getting these badges when without authentication when hosting SonarQube on-prem. This is a problem when if you want to add the badges to a Github repos's readme file where all you can do is make a HTTP request to get the badge. However, SonarQube does provide these badges via their API so I figured; why not setup a simple Azure Function that acts as a plain old GET HTTP endpoint and then calls the SonarQube API with the required params?

Azure Function Implementation

public static class SonarQubeFunctions
{
    [Function("GetBadge")]
    public static async Task<HttpResponseData> GetBadge([HttpTrigger(AuthorizationLevel.Function, "get", "post")] HttpRequestData req,
        FunctionContext executionContext)
    {
        var logger = executionContext.GetLogger("SoarQubeFunctions");
        var query = System.Web.HttpUtility.ParseQueryString(req.Url.Query);
        var metric= query["metric"];
        var project= query["project"];
        var httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Add("Authorization", "Basic abcd...");

        var sqResponse = await httpClient.GetAsync(
                $"https://on-prem-sonarqube-instance/api/project_badges/measure?metric={metric}&project={project}");

        var response = req.CreateResponse(HttpStatusCode.OK);
        response.Headers.Add("Content-Type", sqResponse.Content.Headers.GetValues("Content-Type").First());
        await response.WriteBytesAsync(await sqResponse.Content.ReadAsByteArrayAsync());

        return response;
    }
}

This is a .net 5 Azure Function which is hosted on Azure using isolation. What we do here is straight forward;

  • Get the parameters that the SonarQube endpoints expects: metric and project
  • Add the Authorization header, see this on how to generate a token
  • Call the endpoint project_badges/measure and pass the parameters
  • Return the response to the caller

Deploy this function to Azure and you will be able to call it like this: https://your-function-app.azurewebsites.net/api/GetBadge?metric=requestedMetric&project=sonarqube-project-key

For a list of metrics to pass, see the API docs at: sonarqube-server/web_api/api/project_badges?query=badge, or here:

  • bugs
  • code_smells
  • coverage
  • duplicated_lines_density
  • ncloc
  • sqale_rating
  • alert_status
  • reliability_rating
  • security_rating
  • sqale_index
  • vulnerabilities image.png

Example readme.md on GitHub

image.png

Here's an example of the markdown to put in the readme:

[![Quality](https://your-function-app.azurewebsites.net/api/GetBadge?metric=alert_status&project=sonarqube-project-key&code=azure-function-key)](https://sonarqube-server/dashboard?id=sonarqube-project-key)

Did you find this article valuable?

Support Nicklas Møller Jepsen by becoming a sponsor. Any amount is appreciated!