SCSCANGHA-25 Replace the Docker action by a composite action forwarding to the SonarQube action

.github/workflows/qa.yml

@@ -11,7 +11,10 @@ jobs:
   argsInputTest:
     name: >
       'args' input
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -28,7 +31,10 @@ jobs:
   projectBaseDirInputTest:
     name: >
       'projectBaseDir' input
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -45,118 +51,51 @@ jobs:
       - name: Assert
         run: |
           ./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir"
-  sonarTokenRequiredTest:
+  scannerVersionTest:
     name: >
-      'SONAR_TOKEN' env var required
+      'scannerVersion' input
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action without SONAR_TOKEN
+      - name: Run action with scannerVersion
         uses: ./
         with:
+          scannerVersion: 6.1.0.4477
           args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        continue-on-error: true
+        env:
-      - name: Previous should have failed
+          NO_CACHE: true # force install-sonar-scanner-cli.sh execution
-        if: ${{ steps.runTest.outcome == 'success'}}
+          SONAR_HOST_URL: http://not_actually_used
+          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
+      - name: Assert
         run: |
-          echo "Expected previous step to fail"
+          ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.1.0.4477-linux-x64.zip"
-          exit 1
+  scannerBinariesUrlTest:
-  dontFailGradleTest:
     name: >
-      Don't fail on Gradle project
+      'scannerBinariesUrl' input with invalid URL
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Gradle project
+      - name: Run action with scannerBinariesUrl
         id: runTest
         uses: ./
         continue-on-error: true
+        with:
+          scannerVersion: 6.2.1.4610
+          scannerBinariesUrl: https://invalid_uri/Distribution/sonar-scanner-cli
         env:
-          SONAR_TOKEN: FAKE_TOKEN
+          NO_CACHE: true # force install-sonar-scanner-cli.sh execution
-        with:
+          SONAR_HOST_URL: http://not_actually_used
-          projectBaseDir: ./test/gradle-project
+          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
+      - name: Fail if action succeeded
-      - name: Assert
+        if: steps.runTest.outcome == 'success'
+        run: exit 1
+      - name: Assert Sonar Scanner CLI was not downloaded
         run: |
-          ./test/assertFileExists ./output.properties
+          ./test/assertFileDoesntExist "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip"
-  dontFailGradleKotlinTest:
+      - name: Assert Sonar Scanner CLI was not executed
-    name: >
-      Don't fail on Kotlin Gradle project
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Kotlin Gradle project
-        id: runTest
-        uses: ./
-        continue-on-error: true
-        env:
-          SONAR_TOKEN: FAKE_TOKEN
-        with:
-          projectBaseDir: ./test/gradle-project-kotlin
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-      - name: Assert
         run: |
-          ./test/assertFileExists ./output.properties
+          ./test/assertFileDoesntExist ./output.properties
-  dontFailMavenTest:
-    name: >
-      Don't fail on Maven project
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Maven project
-        id: runTest
-        uses: ./
-        continue-on-error: true
-        env:
-          SONAR_TOKEN: FAKE_TOKEN
-        with:
-          projectBaseDir: ./test/maven-project
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-      - name: Assert
-        run: |
-          ./test/assertFileExists ./output.properties
-  runnerDebugUsedTest:
-    name: >
-      'RUNNER_DEBUG' is used
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with debug mode
-        uses: ./
-        with:
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        env:
-          RUNNER_DEBUG: 1
-          SONAR_TOKEN: FAKE_TOKEN
-      - name: Assert
-        run: |
-          ./test/assertFileContains ./output.properties "sonar.verbose=true"
-  overrideSonarcloudUrlTest:
-    name: >
-      'SONARCLOUD_URL' is used
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with SONARCLOUD_URL
-        uses: ./
-        with:
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        env:
-          SONARCLOUD_URL: mirror.sonarcloud.io
-          SONAR_TOKEN: FAKE_TOKEN
-      - name: Assert
-        run: |
-          ./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io"
-          ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"

Dockerfile

@@ -1,32 +0,0 @@
-FROM sonarsource/sonar-scanner-cli:11.1
-
-LABEL version="3.1.0" \
-      repository="https://github.com/sonarsource/sonarcloud-github-action" \
-      homepage="https://github.com/sonarsource/sonarcloud-github-action" \
-      maintainer="SonarSource" \
-      com.github.actions.name="SonarCloud Scan" \
-      com.github.actions.description="Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells in more than 25 programming languages." \
-      com.github.actions.icon="check" \
-      com.github.actions.color="green"
-
-ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
-ARG NODEJS_HOME=/opt/nodejs
-
-ENV PATH=${PATH}:${SONAR_SCANNER_HOME}/bin:${NODEJS_HOME}/bin
-
-# set up local envs in order to allow for special chars (non-asci) in filenames
-ENV LC_ALL="C.UTF-8"
-
-WORKDIR /opt
-
-# GitHub actions should be run under ROOT
-# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#docker-container-filesystem
-USER 0
-
-# Prepare entrypoint
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-COPY cleanup.sh /cleanup.sh
-RUN chmod +x /cleanup.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -81,6 +81,14 @@ In case you need to add additional analysis parameters, you can use the `args` o
 More information about possible analysis parameters is found in the documentation at:
 https://docs.sonarcloud.io/advanced-setup/analysis-parameters
 
+In case you need to specify the version of the Sonar Scanner, you can use the `scannerVersion` option:
+
+```yaml
+uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
+with:
+  scannerVersion: 6.2.0.4584
+```
+
 See also example configurations at:
 https://github.com/sonarsource/sonarcloud-github-action-samples/
 
@@ -114,7 +122,6 @@ Want to see more examples of SonarCloud in action? You can [explore current Open
 * Your code is built with Gradle: use the SonarQube plugin for Gradle during the build
 * You want to analyze a .NET solution: Follow our interactive tutorial for GitHub Actions after importing your project directly into SonarCloud
 * You want to analyze C and C++ code: rely on our [SonarCloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) and look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=)
-* You want to analyze Dart code: use [SonarScanner CLI](https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-cli/) during the build
 
 ## Have questions or feedback?
 
@@ -122,6 +129,4 @@ To provide feedback (requesting a feature or reporting a bug) please post on the
 
 ## License
 
-The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License.
-
 Container images built with this project include third-party materials.

action.yml

@@ -1,20 +1,38 @@
 name: SonarCloud Scan
 description: >
-  Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells
+  Scan your code with SonarQube Cloud to detect coding issues in 30+ 
-  in 26+ programming languages.
+  languages, frameworks, and IaC platforms. 
+  The solution also provides fix recommendations leveraging AI with 
+  Sonar's AI CodeFix capability. (Formerly SonarCloud)
 branding:
   icon: check
   color: green
-runs:
-  using: docker
-  image: Dockerfile
-  entrypoint: "/entrypoint.sh"
-  post-entrypoint: "/cleanup.sh"
 inputs:
   args:
-    description: Additional arguments to the sonarcloud scanner
+    description: Additional arguments to the Sonar Scanner CLI
     required: false
   projectBaseDir:
     description: Set the sonar.projectBaseDir analysis property
     required: false
-    default: .
+  scannerVersion:
+    description: Version of the Sonar Scanner CLI to use
+    required: false
+    default: 6.2.1.4610
+  scannerBinariesUrl:
+    description: URL to download the Sonar Scanner CLI binaries from
+    required: false
+    default: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
+runs:
+  using: "composite"
+  steps:
+    - name: Deprecation warning
+      shell: bash
+      run: |
+        echo "::warning title=SonarScanner::This action is deprecated and will be removed in a future release. Please use the sonarqube-scan-action action instead. The sonarqube-scan-action is a drop-in replacement for this action."
+    - name: SonarQube Cloud Scan
+      uses: SonarSource/sonarqube-scan-action@v4.1.0
+      with:
+        args: ${{ inputs.args }}
+        projectBaseDir: ${{ inputs.projectBaseDir }}
+        scannerVersion: ${{ inputs.scannerVersion }}
+        scannerBinariesUrl: ${{ inputs.scannerBinariesUrl }}

cleanup.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ ! -d "${INPUT_PROJECTBASEDIR}/.scannerwork" ]; then
-    echo ".scannerwork directory not found; nothing to clean up."
-    exit
-fi
-
-_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1)
-PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file")
-
-chown -R "$PERM" "${INPUT_PROJECTBASEDIR}/.scannerwork/"
-

entrypoint.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-
-declare -a args=()
-
-if [[ -z "${SONAR_TOKEN}" ]]; then
-  echo "Set the SONAR_TOKEN env variable."
-  exit 1
-fi
-
-if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
-  echo "WARNING! Maven project detected. Sonar recommends running the 'org.sonarsource.scanner.maven:sonar-maven-plugin:sonar' goal during the build process instead of using this GitHub Action
-  to get more accurate results."
-fi
-
-if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" || -f "${INPUT_PROJECTBASEDIR%/}/build.gradle.kts" ]]; then
-  echo "WARNING! Gradle project detected. Sonar recommends using the SonarQube plugin for Gradle during the build process instead of using this GitHub Action
-  to get more accurate results."
-fi
-
-if [[ ${SONARCLOUD_URL} ]]; then
-  args+=("-Dsonar.scanner.sonarcloudUrl=${SONARCLOUD_URL}")
-fi
-
-if [[ "$RUNNER_DEBUG" == '1' ]]; then
-  args+=("--debug")
-fi
-
-unset JAVA_HOME
-
-args+=("-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR}")
-
-sonar-scanner "${args[@]}" ${INPUT_ARGS}

test/assertFileDoesntExist

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+error() { echo -e "\\e[31m✗ $*\\e[0m"; }
+
+if [ -f $1 ]; then
+  error "File '$1' found"
+  exit 1
+fi

test/gradle-project/build.gradle

@@ -1 +0,0 @@
-

test/maven-project/pom.xml

@@ -1 +0,0 @@
-