policy-compliance-scan | GitHub action that scans the Azure resources | Continous Integration library

I am working on a online-school where student projects are decentralized on git repositories. When a student wishes to correct a project:

• The student must specify his git-repo-url + private key in order to pull it on the correction-server
• Then several tasks are applied on the project (compilation check, output checks).

I'd like to check the code quality and return a feedback for each user. I guess sonarqube would be a good choice since it supports 28+ languages.

I am familiar with sonarqube used with a continous integration, but I can't find in their documentation how to call sonarqube for my use case. I'd need something like a rest api for requesting a code analysis by giving the git url & its key and get a response with the code quality output.

Would it be possible?

I'm building a continous integration pipeline based on a git repository.

I have 3 branch:

• master branch for the dev environment
• test branch for the test environment
• prod branch for the prod environment

Any time a branch is updated, a pipeline update my website, eg:

• when a push on master branch is made, a pipeline update https://dev.website.com
• when a push on test branch is made, a pipeline update https://test.website.com
• when a push on prod branch is made, a pipeline update https://prod.website.com

Everytime I release a new version, I update the master branch and tag the commit whit the version number:

when closing a branch in a continous integration environment my scripts are also supposed to delete associated sonarqube projects.

To achieve this I am using the sonarqube API as described in the WebAPI documentation. I am adressing the endpoint api/projects/delete with corresponding project-key. If the deletion is successful the http request is answered with 204 - No content if the project was not created in sonarqube or was deleted already I get 404 - Not found which makes sense and can be handled programmatically.

Since a few weeks the responses are inconsistent and it can happen that I get the response 200 - Ok for a ressource that is not in Sonarqube. The results are different per day, time or project I try to delete.

Does anyone has an idea where this could come from? The Sonarqube API documentation lacks some detail regarding to the expected status codes.

It is obvious that I could handle this in my code as well. But since the solution worked like this for ages I am wondering where this did come from.

I am running Sonarqube 6.7.5.38563.

Thanks in advance.

Max

I am trying to create a build pipeline in Azure DevOps to deploy an Azure Function Application automatically as part of a continous integration pipeline. When the Function App Deploy step is run, the step fails with 'credentials' cannot be null.

Does anyone know why this happens?

My Build Pipeline:

The Log output when the step runs:

The only thing that I think that it can be is the Azure Resource Manager subscription which I am using Publish Profile Based Authentication however I have managed to create a similar pipeline for a web application with a deploy option using this authentication and it worked successfully. I just cannot deploy the function application.