We have started to use SonarQube, an awesome tool for static code analysis, and due to several reason we have to use the on-prem version and not the cloud version.
Now that we use SonarQube we want maximum visibility of the metrics that SonarQube produces, there for we want to add badges to our repositories, you probably seen them several places, looks like this:
So the problem is that SonarQube does not natively support getting these badges when without authentication when hosting SonarQube on-prem. This is a problem when if you want to add the badges to a Github repos's readme file where all you can do is make a HTTP request to get the badge. However, SonarQube does provide these badges via their API so I figured; why not setup a simple Azure Function that acts as a plain old GET HTTP endpoint and then calls the SonarQube API with the required params?
Azure Function Implementation
public static class SonarQubeFunctions
{
[Function("GetBadge")]
public static async Task<HttpResponseData> GetBadge([HttpTrigger(AuthorizationLevel.Function, "get", "post")] HttpRequestData req,
FunctionContext executionContext)
{
var logger = executionContext.GetLogger("SoarQubeFunctions");
var query = System.Web.HttpUtility.ParseQueryString(req.Url.Query);
var metric= query["metric"];
var project= query["project"];
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", "Basic abcd...");
var sqResponse = await httpClient.GetAsync(
$"https://on-prem-sonarqube-instance/api/project_badges/measure?metric={metric}&project={project}");
var response = req.CreateResponse(HttpStatusCode.OK);
response.Headers.Add("Content-Type", sqResponse.Content.Headers.GetValues("Content-Type").First());
await response.WriteBytesAsync(await sqResponse.Content.ReadAsByteArrayAsync());
return response;
}
}
This is a .net 5 Azure Function which is hosted on Azure using isolation. What we do here is straight forward;
- Get the parameters that the SonarQube endpoints expects:
metric
andproject
- Add the
Authorization
header, see this on how to generate a token - Call the endpoint
project_badges/measure
and pass the parameters - Return the response to the caller
Deploy this function to Azure and you will be able to call it like this:
https://your-function-app.azurewebsites.net/api/GetBadge?metric=requestedMetric&project=sonarqube-project-key
For a list of metrics to pass, see the API docs at: sonarqube-server/web_api/api/project_badges?query=badge, or here:
- bugs
- code_smells
- coverage
- duplicated_lines_density
- ncloc
- sqale_rating
- alert_status
- reliability_rating
- security_rating
- sqale_index
- vulnerabilities
Example readme.md on GitHub
Here's an example of the markdown to put in the readme:
[![Quality](https://your-function-app.azurewebsites.net/api/GetBadge?metric=alert_status&project=sonarqube-project-key&code=azure-function-key)](https://sonarqube-server/dashboard?id=sonarqube-project-key)