From 48d9e10f8a0c9c63a55ab961986769bd8a750032 Mon Sep 17 00:00:00 2001 From: Antonio Aversa Date: Thu, 31 Oct 2024 18:40:29 +0100 Subject: [PATCH] SCSCANGHA-25 Replace the Docker action by a composite action forwarding to the SonarQube action --- .github/workflows/qa.yml | 133 ++++++-------------- Dockerfile | 32 ----- README.md | 11 +- action.yml | 36 ++++-- cleanup.sh | 14 --- entrypoint.sh | 34 ----- test/assertFileDoesntExist | 8 ++ test/gradle-project-kotlin/build.gradle.kts | 0 test/gradle-project/build.gradle | 1 - test/maven-project/pom.xml | 1 - 10 files changed, 79 insertions(+), 191 deletions(-) delete mode 100644 Dockerfile delete mode 100644 cleanup.sh delete mode 100755 entrypoint.sh create mode 100755 test/assertFileDoesntExist delete mode 100644 test/gradle-project-kotlin/build.gradle.kts delete mode 100644 test/gradle-project/build.gradle delete mode 100644 test/maven-project/pom.xml diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index dcf9500..5fc2cbf 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -11,7 +11,10 @@ jobs: argsInputTest: name: > 'args' input - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, windows-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 with: @@ -28,7 +31,10 @@ jobs: projectBaseDirInputTest: name: > 'projectBaseDir' input - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, windows-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 with: @@ -45,118 +51,51 @@ jobs: - name: Assert run: | ./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir" - sonarTokenRequiredTest: + scannerVersionTest: name: > - 'SONAR_TOKEN' env var required - runs-on: ubuntu-latest + 'scannerVersion' input + runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64 steps: - uses: actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - - name: Run action without SONAR_TOKEN + - name: Run action with scannerVersion uses: ./ with: + scannerVersion: 6.1.0.4477 args: -Dsonar.scanner.internal.dumpToFile=./output.properties - continue-on-error: true - - name: Previous should have failed - if: ${{ steps.runTest.outcome == 'success'}} + env: + NO_CACHE: true # force install-sonar-scanner-cli.sh execution + SONAR_HOST_URL: http://not_actually_used + SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' + - name: Assert run: | - echo "Expected previous step to fail" - exit 1 - dontFailGradleTest: + ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.1.0.4477-linux-x64.zip" + scannerBinariesUrlTest: name: > - Don't fail on Gradle project - runs-on: ubuntu-latest + 'scannerBinariesUrl' input with invalid URL + runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64 steps: - uses: actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - - name: Run action on Gradle project + - name: Run action with scannerBinariesUrl id: runTest uses: ./ continue-on-error: true + with: + scannerVersion: 6.2.1.4610 + scannerBinariesUrl: https://invalid_uri/Distribution/sonar-scanner-cli env: - SONAR_TOKEN: FAKE_TOKEN - with: - projectBaseDir: ./test/gradle-project - args: -Dsonar.scanner.internal.dumpToFile=./output.properties - - name: Assert + NO_CACHE: true # force install-sonar-scanner-cli.sh execution + SONAR_HOST_URL: http://not_actually_used + SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' + - name: Fail if action succeeded + if: steps.runTest.outcome == 'success' + run: exit 1 + - name: Assert Sonar Scanner CLI was not downloaded run: | - ./test/assertFileExists ./output.properties - dontFailGradleKotlinTest: - name: > - Don't fail on Kotlin Gradle project - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run action on Kotlin Gradle project - id: runTest - uses: ./ - continue-on-error: true - env: - SONAR_TOKEN: FAKE_TOKEN - with: - projectBaseDir: ./test/gradle-project-kotlin - args: -Dsonar.scanner.internal.dumpToFile=./output.properties - - name: Assert + ./test/assertFileDoesntExist "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip" + - name: Assert Sonar Scanner CLI was not executed run: | - ./test/assertFileExists ./output.properties - dontFailMavenTest: - name: > - Don't fail on Maven project - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run action on Maven project - id: runTest - uses: ./ - continue-on-error: true - env: - SONAR_TOKEN: FAKE_TOKEN - with: - projectBaseDir: ./test/maven-project - args: -Dsonar.scanner.internal.dumpToFile=./output.properties - - name: Assert - run: | - ./test/assertFileExists ./output.properties - runnerDebugUsedTest: - name: > - 'RUNNER_DEBUG' is used - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run action with debug mode - uses: ./ - with: - args: -Dsonar.scanner.internal.dumpToFile=./output.properties - env: - RUNNER_DEBUG: 1 - SONAR_TOKEN: FAKE_TOKEN - - name: Assert - run: | - ./test/assertFileContains ./output.properties "sonar.verbose=true" - overrideSonarcloudUrlTest: - name: > - 'SONARCLOUD_URL' is used - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run action with SONARCLOUD_URL - uses: ./ - with: - args: -Dsonar.scanner.internal.dumpToFile=./output.properties - env: - SONARCLOUD_URL: mirror.sonarcloud.io - SONAR_TOKEN: FAKE_TOKEN - - name: Assert - run: | - ./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io" - ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io" + ./test/assertFileDoesntExist ./output.properties diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 3cc91c6..0000000 --- a/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -FROM sonarsource/sonar-scanner-cli:11.1 - -LABEL version="3.1.0" \ - repository="https://github.com/sonarsource/sonarcloud-github-action" \ - homepage="https://github.com/sonarsource/sonarcloud-github-action" \ - maintainer="SonarSource" \ - com.github.actions.name="SonarCloud Scan" \ - com.github.actions.description="Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells in more than 25 programming languages." \ - com.github.actions.icon="check" \ - com.github.actions.color="green" - -ARG SONAR_SCANNER_HOME=/opt/sonar-scanner -ARG NODEJS_HOME=/opt/nodejs - -ENV PATH=${PATH}:${SONAR_SCANNER_HOME}/bin:${NODEJS_HOME}/bin - -# set up local envs in order to allow for special chars (non-asci) in filenames -ENV LC_ALL="C.UTF-8" - -WORKDIR /opt - -# GitHub actions should be run under ROOT -# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#docker-container-filesystem -USER 0 - -# Prepare entrypoint -COPY entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh -COPY cleanup.sh /cleanup.sh -RUN chmod +x /cleanup.sh - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/README.md b/README.md index c0a4606..99428e9 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,14 @@ In case you need to add additional analysis parameters, you can use the `args` o More information about possible analysis parameters is found in the documentation at: https://docs.sonarcloud.io/advanced-setup/analysis-parameters +In case you need to specify the version of the Sonar Scanner, you can use the `scannerVersion` option: + +```yaml +uses: sonarsource/sonarcloud-github-action@ # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan +with: + scannerVersion: 6.2.0.4584 +``` + See also example configurations at: https://github.com/sonarsource/sonarcloud-github-action-samples/ @@ -114,7 +122,6 @@ Want to see more examples of SonarCloud in action? You can [explore current Open * Your code is built with Gradle: use the SonarQube plugin for Gradle during the build * You want to analyze a .NET solution: Follow our interactive tutorial for GitHub Actions after importing your project directly into SonarCloud * You want to analyze C and C++ code: rely on our [SonarCloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) and look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=) -* You want to analyze Dart code: use [SonarScanner CLI](https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-cli/) during the build ## Have questions or feedback? @@ -122,6 +129,4 @@ To provide feedback (requesting a feature or reporting a bug) please post on the ## License -The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License. - Container images built with this project include third-party materials. diff --git a/action.yml b/action.yml index de11390..9573796 100644 --- a/action.yml +++ b/action.yml @@ -1,20 +1,38 @@ name: SonarCloud Scan description: > - Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells - in 26+ programming languages. + Scan your code with SonarQube Cloud to detect coding issues in 30+ + languages, frameworks, and IaC platforms. + The solution also provides fix recommendations leveraging AI with + Sonar's AI CodeFix capability. (Formerly SonarCloud) branding: icon: check color: green -runs: - using: docker - image: Dockerfile - entrypoint: "/entrypoint.sh" - post-entrypoint: "/cleanup.sh" inputs: args: - description: Additional arguments to the sonarcloud scanner + description: Additional arguments to the Sonar Scanner CLI required: false projectBaseDir: description: Set the sonar.projectBaseDir analysis property required: false - default: . + scannerVersion: + description: Version of the Sonar Scanner CLI to use + required: false + default: 6.2.1.4610 + scannerBinariesUrl: + description: URL to download the Sonar Scanner CLI binaries from + required: false + default: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli +runs: + using: "composite" + steps: + - name: Deprecation warning + shell: bash + run: | + echo "::warning title=SonarScanner::This action is deprecated and will be removed in a future release. Please use the sonarqube-scan-action action instead. The sonarqube-scan-action is a drop-in replacement for this action." + - name: SonarQube Cloud Scan + uses: SonarSource/sonarqube-scan-action@v4.1.0 + with: + args: ${{ inputs.args }} + projectBaseDir: ${{ inputs.projectBaseDir }} + scannerVersion: ${{ inputs.scannerVersion }} + scannerBinariesUrl: ${{ inputs.scannerBinariesUrl }} diff --git a/cleanup.sh b/cleanup.sh deleted file mode 100644 index 8a5e4c9..0000000 --- a/cleanup.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -e - -if [ ! -d "${INPUT_PROJECTBASEDIR}/.scannerwork" ]; then - echo ".scannerwork directory not found; nothing to clean up." - exit -fi - -_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1) -PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file") - -chown -R "$PERM" "${INPUT_PROJECTBASEDIR}/.scannerwork/" - diff --git a/entrypoint.sh b/entrypoint.sh deleted file mode 100755 index d8e59e0..0000000 --- a/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -set -eo pipefail - -declare -a args=() - -if [[ -z "${SONAR_TOKEN}" ]]; then - echo "Set the SONAR_TOKEN env variable." - exit 1 -fi - -if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then - echo "WARNING! Maven project detected. Sonar recommends running the 'org.sonarsource.scanner.maven:sonar-maven-plugin:sonar' goal during the build process instead of using this GitHub Action - to get more accurate results." -fi - -if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" || -f "${INPUT_PROJECTBASEDIR%/}/build.gradle.kts" ]]; then - echo "WARNING! Gradle project detected. Sonar recommends using the SonarQube plugin for Gradle during the build process instead of using this GitHub Action - to get more accurate results." -fi - -if [[ ${SONARCLOUD_URL} ]]; then - args+=("-Dsonar.scanner.sonarcloudUrl=${SONARCLOUD_URL}") -fi - -if [[ "$RUNNER_DEBUG" == '1' ]]; then - args+=("--debug") -fi - -unset JAVA_HOME - -args+=("-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR}") - -sonar-scanner "${args[@]}" ${INPUT_ARGS} diff --git a/test/assertFileDoesntExist b/test/assertFileDoesntExist new file mode 100755 index 0000000..032a07c --- /dev/null +++ b/test/assertFileDoesntExist @@ -0,0 +1,8 @@ +#!/bin/bash + +error() { echo -e "\\e[31m✗ $*\\e[0m"; } + +if [ -f $1 ]; then + error "File '$1' found" + exit 1 +fi \ No newline at end of file diff --git a/test/gradle-project-kotlin/build.gradle.kts b/test/gradle-project-kotlin/build.gradle.kts deleted file mode 100644 index e69de29..0000000 diff --git a/test/gradle-project/build.gradle b/test/gradle-project/build.gradle deleted file mode 100644 index 8b13789..0000000 --- a/test/gradle-project/build.gradle +++ /dev/null @@ -1 +0,0 @@ - diff --git a/test/maven-project/pom.xml b/test/maven-project/pom.xml deleted file mode 100644 index 8b13789..0000000 --- a/test/maven-project/pom.xml +++ /dev/null @@ -1 +0,0 @@ -