BUILD-8875 Migrate to standardized GitHub runner names (#108)

Co-authored-by: Julien HENRY <julien.henry@sonarsource.com>

.cirrus.star

@@ -1,4 +0,0 @@
-load("github.com/SonarSource/cirrus-modules@v3", "load_features")
-
-def main(ctx):
-    return load_features(ctx)

.cirrus.yml

@@ -1,35 +0,0 @@
-env:
-  CIRRUS_VAULT_URL: https://vault.sonar.build:8200
-  CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
-  CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
-
-  # Staging image configuration
-  STAGING_IMAGE_NAME: sonarsource/sonarcloud-github-action
-  CURRENT_TAG: master
-
-vm_instance_template: &VM_TEMPLATE
-  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
-  image: docker-builder-v*
-  type: t2.small
-  region: eu-central-1
-  subnet_id: ${CIRRUS_AWS_SUBNET}
-  disk: 10
-  cpu: 4
-  memory: 16G
-
-mend_task:
-  ec2_instance:
-    <<: *VM_TEMPLATE
-  # run only on master and long-term branches
-  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
-  env:
-    MEND_API_KEY: VAULT[development/kv/data/mend data.apikey]
-  setup_script:
-    - docker build --tag "${STAGING_IMAGE_NAME}:${CURRENT_TAG}" .
-    - apt-get remove -y unattended-upgrades
-    - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre
-    - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar
-    - echo "docker.includes=${CURRENT_TAG}" >> .cirrus/wss-unified-agent.config
-  scan_script:
-    - echo "Scan the ${STAGING_IMAGE_NAME}:${CURRENT_TAG} image"
-    - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY

.cirrus/wss-unified-agent.config

@@ -1,4 +0,0 @@
-docker.projectNameFormat=repositoryNameAndTag
-docker.scanImages=true
-wss.url=https://saas-eu.whitesourcesoftware.com/agent
-productName=GitHubAction/SonarCloudGitHubAction

.github/CODEOWNERS

@@ -1 +1 @@
-.github/CODEOWNERS @sonarsource/analysis-experience-squad
+.github/CODEOWNERS @sonarsource/orchestration-processing-squad

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,7 @@
+Part of 
+<!-- 
+  Only for standalone PRs without Jira issue in the PR title: 
+    * Replace this comment with Epic ID to create a new Task in Jira
+    * Replace this comment with Issue ID to create a new Sub-Task in Jira
+    * Ignore or delete this note to create a new Task in Jira without a parent 
+-->

.github/workflows/PullRequestClosed.yml

@@ -0,0 +1,28 @@
+name: Pull Request Closed
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  PullRequestClosed_job:
+    name: Pull Request Closed
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+      pull-requests: read
+    # For external PR, ticket should be moved manually
+    if: |
+        github.event.pull_request.head.repo.full_name == github.repository
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@v2
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          jira-user:  ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}

.github/workflows/PullRequestCreated.yml

@@ -0,0 +1,29 @@
+name: Pull Request Created
+
+on:
+  pull_request:
+    types: ["opened"]
+
+jobs:
+  PullRequestCreated_job:
+    name: Pull Request Created
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+    # For external PR, ticket should be created manually
+    if: |
+        github.event.pull_request.head.repo.full_name == github.repository
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN;
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/PullRequestCreated@v2
+        with:
+          github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
+          jira-user:    ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token:   ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}
+          jira-project: SCSCANGHA

.github/workflows/RequestReview.yml

@@ -0,0 +1,28 @@
+name: Request review
+
+on:
+  pull_request:
+    types: ["review_requested"]
+
+jobs:
+  RequestReview_job:
+    name: Request review
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+    # For external PR, ticket should be moved manually
+    if: |
+        github.event.pull_request.head.repo.full_name == github.repository
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN;
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/RequestReview@v2
+        with:
+          github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
+          jira-user:    ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token:   ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}

.github/workflows/SubmitReview.yml

@@ -0,0 +1,30 @@
+name: Submit Review
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  SubmitReview_job:
+    name: Submit Review
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+      pull-requests: read
+    # For external PR, ticket should be moved manually
+    if: |
+        github.event.pull_request.head.repo.full_name == github.repository
+        && (github.event.review.state == 'changes_requested'
+            || github.event.review.state == 'approved')
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}

.github/workflows/qa.yml

@@ -11,7 +11,10 @@ jobs:
   argsInputTest:
     name: >
       'args' input
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -28,7 +31,10 @@ jobs:
   projectBaseDirInputTest:
     name: >
       'projectBaseDir' input
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -45,118 +51,51 @@ jobs:
       - name: Assert
         run: |
           ./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir"
-  sonarTokenRequiredTest:
+  scannerVersionTest:
     name: >
-      'SONAR_TOKEN' env var required
-    runs-on: ubuntu-latest
+      'scannerVersion' input
+    runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action without SONAR_TOKEN
+      - name: Run action with scannerVersion
         uses: ./
         with:
+          scannerVersion: 6.1.0.4477
           args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        continue-on-error: true
-      - name: Previous should have failed
-        if: ${{ steps.runTest.outcome == 'success'}}
+        env:
+          NO_CACHE: true # force install-sonar-scanner-cli.sh execution
+          SONAR_HOST_URL: http://not_actually_used
+          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
+      - name: Assert
         run: |
-          echo "Expected previous step to fail"
-          exit 1
-  dontFailGradleTest:
+          ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.1.0.4477-linux-x64.zip"
+  scannerBinariesUrlTest:
     name: >
-      Don't fail on Gradle project
-    runs-on: ubuntu-latest
+      'scannerBinariesUrl' input with invalid URL
+    runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Gradle project
+      - name: Run action with scannerBinariesUrl
         id: runTest
         uses: ./
         continue-on-error: true
+        with:
+          scannerVersion: 6.2.1.4610
+          scannerBinariesUrl: https://invalid_uri/Distribution/sonar-scanner-cli
         env:
-          SONAR_TOKEN: FAKE_TOKEN
-        with:
-          projectBaseDir: ./test/gradle-project
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-      - name: Assert
+          NO_CACHE: true # force install-sonar-scanner-cli.sh execution
+          SONAR_HOST_URL: http://not_actually_used
+          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
+      - name: Fail if action succeeded
+        if: steps.runTest.outcome == 'success'
+        run: exit 1
+      - name: Assert Sonar Scanner CLI was not downloaded
         run: |
-          ./test/assertFileExists ./output.properties
-  dontFailGradleKotlinTest:
-    name: >
-      Don't fail on Kotlin Gradle project
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Kotlin Gradle project
-        id: runTest
-        uses: ./
-        continue-on-error: true
-        env:
-          SONAR_TOKEN: FAKE_TOKEN
-        with:
-          projectBaseDir: ./test/gradle-project-kotlin
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-      - name: Assert
+          ./test/assertFileDoesntExist "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip"
+      - name: Assert Sonar Scanner CLI was not executed
         run: |
-          ./test/assertFileExists ./output.properties
-  dontFailMavenTest:
-    name: >
-      Don't fail on Maven project
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Maven project
-        id: runTest
-        uses: ./
-        continue-on-error: true
-        env:
-          SONAR_TOKEN: FAKE_TOKEN
-        with:
-          projectBaseDir: ./test/maven-project
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-      - name: Assert
-        run: |
-          ./test/assertFileExists ./output.properties
-  runnerDebugUsedTest:
-    name: >
-      'RUNNER_DEBUG' is used
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with debug mode
-        uses: ./
-        with:
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        env:
-          RUNNER_DEBUG: 1
-          SONAR_TOKEN: FAKE_TOKEN
-      - name: Assert
-        run: |
-          ./test/assertFileContains ./output.properties "sonar.verbose=true"
-  overrideSonarcloudUrlTest:
-    name: >
-      'SONARCLOUD_URL' is used
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with SONARCLOUD_URL
-        uses: ./
-        with:
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        env:
-          SONARCLOUD_URL: mirror.sonarcloud.io
-          SONAR_TOKEN: FAKE_TOKEN
-      - name: Assert
-        run: |
-          ./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io"
-          ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"
+          ./test/assertFileDoesntExist ./output.properties

.github/workflows/update-tags.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   generate:
-    runs-on: ubuntu-latest
+    runs-on: github-ubuntu-latest-s
     permissions:
       contents: write
 

Dockerfile

@@ -1,32 +0,0 @@
-FROM sonarsource/sonar-scanner-cli:11.1
-
-LABEL version="3.1.0" \
-      repository="https://github.com/sonarsource/sonarcloud-github-action" \
-      homepage="https://github.com/sonarsource/sonarcloud-github-action" \
-      maintainer="SonarSource" \
-      com.github.actions.name="SonarCloud Scan" \
-      com.github.actions.description="Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells in more than 25 programming languages." \
-      com.github.actions.icon="check" \
-      com.github.actions.color="green"
-
-ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
-ARG NODEJS_HOME=/opt/nodejs
-
-ENV PATH=${PATH}:${SONAR_SCANNER_HOME}/bin:${NODEJS_HOME}/bin
-
-# set up local envs in order to allow for special chars (non-asci) in filenames
-ENV LC_ALL="C.UTF-8"
-
-WORKDIR /opt
-
-# GitHub actions should be run under ROOT
-# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#docker-container-filesystem
-USER 0
-
-# Prepare entrypoint
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-COPY cleanup.sh /cleanup.sh
-RUN chmod +x /cleanup.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,126 +1,151 @@
-# Analyze your code for free with SonarCloud
+# Scan your code with SonarQube Cloud [![QA](https://github.com/SonarSource/sonarcloud-github-action/actions/workflows/qa.yml/badge.svg)](https://github.com/SonarSource/sonarcloud-github-action/actions/workflows/qa.yml)
 
-This SonarSource project, available as a GitHub Action, scans your projects with SonarCloud, and helps developers produce 
-[Clean Code](https://www.sonarsource.com/solutions/clean-code/?utm_medium=referral&utm_source=github&utm_campaign=clean-code&utm_content=sonarqube-scan-action).
+> [!WARNING]
+> This action is deprecated and will be removed in a future release. 
+> Please use the `sonarqube-scan-action` action instead. 
+> The `sonarqube-scan-action` is a drop-in replacement for this action, you can find it [here](https://github.com/marketplace/actions/official-sonarqube-scan).
 
-<img src="./images/SonarCloud-72px.png">
+This SonarSource project, available as a GitHub Action, scans your projects with SonarQube [Cloud](https://www.sonarsource.com/products/sonarcloud/).
 
-[SonarCloud](https://www.sonarsource.com/products/sonarcloud/) is a widely used static analysis solution for continuous code quality and security inspection. 
-It helps developers identify and fix issues in their code that could lead to bugs, vulnerabilities, or decreased development velocity.
-SonarCloud supports the most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and [many more](https://www.sonarsource.com/knowledge/languages/).
+![Logo](./images/SQ_Logo_Cloud_Dark_Backgrounds.png#gh-dark-mode-only)
+![Logo](./images/SQ_Logo_Cloud_Light_Backgrounds.png#gh-light-mode-only)
+
+SonarQube [Cloud](https://www.sonarsource.com/products/sonarcloud/) (formerly SonarCloud) is a widely used static analysis solution for continuous code quality and security inspection.
+
+It helps developers detect coding issues in 30+ languages, frameworks, and IaC platforms, including Java, JavaScript, TypeScript, C#, Python, C, C++, and [many more](https://www.sonarsource.com/knowledge/languages/).
+
+The solution also provides fix recommendations leveraging AI with Sonar's AI CodeFix capability.
 
 ## Requirements
 
-* Create your account on SonarCloud. Sign up for free now if it's not already the case! [SonarCloud Sign up](https://www.sonarsource.com/products/sonarcloud/signup/?utm_medium=referral&utm_source=github&utm_campaign=sc-signup&utm_content=signup-sonarcloud-listing-x-x&utm_term=ww-psp-x)
-* The repository to analyze is set up on SonarCloud. [Set it up](https://sonarcloud.io/projects/create) in just one click.
+* Create your account on SonarQube Cloud. [Sign up for free](https://www.sonarsource.com/products/sonarcloud/signup/?utm_medium=referral&utm_source=github&utm_campaign=sc-signup&utm_content=signup-sonarcloud-listing-x-x&utm_term=ww-psp-x) now if it's not already the case!
+* The repository to analyze is set up on SonarQube Cloud. [Set it up](https://sonarcloud.io/projects/create) in just one click.
 
 ## Usage
 
 Project metadata, including the location of the sources to be analyzed, must be declared in the file `sonar-project.properties` in the base directory:
 
 ```properties
-sonar.organization=<replace with your SonarCloud organization key>
-sonar.projectKey=<replace with the key generated when setting up the project on SonarCloud>
+sonar.organization=<replace with your SonarQube Cloud organization key>
+sonar.projectKey=<replace with the key generated when setting up the project on SonarQube Cloud>
 
 # relative paths to source directories. More details and properties are described
-# in https://sonarcloud.io/documentation/project-administration/narrowing-the-focus/
+# at https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/analysis-scope/
 sonar.sources=.
 ```
 
-The workflow, usually declared in `.github/workflows/build.yml`, looks like:
+The workflow, usually declared under `.github/workflows`, looks like:
 
 ```yaml
 on:
-  # Trigger analysis when pushing in master or pull requests, and when creating
-  # a pull request.
+  # Trigger analysis when pushing to your main branches, and when creating a pull request.
   push:
     branches:
+      - main
       - master
+      - develop
+      - 'releases/**'
   pull_request:
       types: [opened, synchronize, reopened]
+
 name: Main Workflow
 jobs:
-  sonarcloud:
+  sonarqube:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
       with:
-        # Disabling shallow clone is recommended for improving relevancy of reporting
+        # Disabling shallow clones is recommended for improving the relevancy of reporting
         fetch-depth: 0
-    - name: SonarCloud Scan
-      uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
+    - name: SonarQube Scan
+      uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v4.0.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 ```
 
+## Action parameters
+
 You can change the analysis base directory by using the optional input `projectBaseDir` like this:
 
 ```yaml
-uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
-with:
-  projectBaseDir: my-custom-directory
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  with:
+    projectBaseDir: app/src
 ```
 
-In case you need to add additional analysis parameters, you can use the `args` option:
+In case you need to specify the version of the Sonar Scanner, you can use the `scannerVersion` option:
 
 ```yaml
-- name: Analyze with SonarCloud
-  uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
+- uses: sonarsource/sonarcloud-github-action@<action version>
   with:
-    projectBaseDir: my-custom-directory
+    scannerVersion: 6.2.0.4584
+```
+
+In case you need to add additional analysis parameters, and you do not wish to set them in the `sonar-project.properties` file, you can use the `args` option:
+
+```yaml
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  with:
+    projectBaseDir: app/src
     args: >
       -Dsonar.organization=my-organization
       -Dsonar.projectKey=my-projectkey
       -Dsonar.python.coverage.reportPaths=coverage.xml
       -Dsonar.sources=lib/
-      -Dsonar.test.exclusions=tests/**
       -Dsonar.tests=tests/
+      -Dsonar.test.exclusions=tests/**
       -Dsonar.verbose=true
 ```
 
-More information about possible analysis parameters is found in the documentation at:
-https://docs.sonarcloud.io/advanced-setup/analysis-parameters
+You can also specify the URL where to retrieve the SonarScanner CLI from.
+The specified URL overrides the default address: `https://binaries.sonarsource.com/Distribution/sonar-scanner-cli`.
+This can be useful when the runner executing the action is self-hosted and has regulated or no access to the Internet:
 
-See also example configurations at:
-https://github.com/sonarsource/sonarcloud-github-action-samples/
-
-### Secrets
-
-- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarCloud. You can generate a token on your [Security page in SonarCloud](https://sonarcloud.io/account/security/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository.
-- *`GITHUB_TOKEN` – Provided by Github (see [Authenticating with the GITHUB_TOKEN](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)).*
-
-## Error cleaning up workspace
-
-In some cases, the checkout action may fail to clean up the workspace. This is a known problem for GitHub actions implemented as a docker container (such as `sonarcloud-github-actions`) when self-hosted runners are used. 
-Example of the error message: `File was unable to be removed Error: EACCES: permission denied, unlink '/actions-runner/_work//project/.scannerwork/.sonar_lock'`
-To work around the problem, `sonarcloud-github-action` attempts to fix the permission of the temporary files that it creates. If that doesn't work, you can manually clean up the workspace by running the following action:
-```
-- name: Clean the workspace
-  uses: docker://alpine
+```yaml
+- uses: sonarsource/sonarcloud-github-action@<action version>
   with:
-    args: /bin/sh -c "find \"${GITHUB_WORKSPACE}\" -mindepth 1 ! -name . -prune -exec rm -rf {} +"
+    scannerBinariesUrl: https://my.custom.binaries.url.com/Distribution/sonar-scanner-cli/
 ```
-You can find more info [here](https://github.com/actions/runner/issues/434).
 
-## Example of pull request analysis
+More information about possible analysis parameters can be found in the [Analysis parameters page](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/analysis-parameters/) of the SonarQube Cloud documentation.
 
-<img src="./images/SonarCloud-analysis-in-Checks.png">
+### Environment variables
 
-Want to see more examples of SonarCloud in action? You can [explore current Open Source projects in SonarCloud](https://sonarcloud.io/explore/projects?sort=-analysis_date?utm_medium=referral&utm_source=github&utm_campaign=sc-signup&utm_content=signup-sonarcloud-listing-x-x&utm_term=ww-psp-x) that are using the Clean as You Code methodology.
+- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens in the [documentation](https://docs.sonarsource.com/sonarqube-cloud/managing-your-account/managing-tokens/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
+- *`GITHUB_TOKEN` – Provided by Github (see [Authenticating with the GITHUB_TOKEN](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)).*
+- `SONAR_ROOT_CERT` – Holds an additional certificate (in PEM format) that is used to validate the certificate of a secured proxy to SonarQube Cloud. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
 
-## Do not use this GitHub action if you are in the following situations
+Here is an example of how you can pass a certificate (in PEM format) to the Scanner truststore:
 
-* Your code is built with Maven: run 'org.sonarsource.scanner.maven:sonar' during the build
-* Your code is built with Gradle: use the SonarQube plugin for Gradle during the build
-* You want to analyze a .NET solution: Follow our interactive tutorial for GitHub Actions after importing your project directly into SonarCloud
-* You want to analyze C and C++ code: rely on our [SonarCloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) and look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=)
+```yaml
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  env:
+    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
+```
+
+If your source code file names contain special characters that are not covered by the locale range of `en_US.UTF-8`, you can configure your desired locale like this:
+
+```yaml
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  env:
+    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    LC_ALL: "ru_RU.UTF-8"
+```
+
+## Alternatives for Java, .NET, and C/C++ projects
+
+This GitHub Action will not work for all technologies. If you are in one of the following situations, you should use the following alternatives:
+
+* Your code is built with Maven. Read the documentation about our [SonarScanner for Maven](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-maven/).
+* Your code is built with Gradle. Read the documentation about our [SonarScanner for Gradle](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-gradle/).
+* You want to analyze a .NET solution. Read the documentation about our [SonarScanner for .NET](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-dotnet/introduction/).
+* You want to analyze C or C++ code. Starting from SonarQube 10.6, this GitHub Action will scan C and C++ out of the box. If you want to have better control over the scan configuration/setup, you can switch to the [SonarQube Cloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) GitHub Action - look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=).
 
 ## Have questions or feedback?
 
-To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/) with the tag `sonarcloud`.
+To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/tags/c/help/sc/9/github-actions).
 
 ## License
 
-The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License.
-
 Container images built with this project include third-party materials.

action.yml

@@ -1,20 +1,37 @@
-name: SonarCloud Scan
+name: SonarQube Cloud Scan
 description: >
-  Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells
-  in 26+ programming languages.
+  Scan your code with SonarQube Cloud to detect coding issues in 30+ 
+  languages. (Formerly SonarCloud)
 branding:
   icon: check
   color: green
-runs:
-  using: docker
-  image: Dockerfile
-  entrypoint: "/entrypoint.sh"
-  post-entrypoint: "/cleanup.sh"
 inputs:
   args:
-    description: Additional arguments to the sonarcloud scanner
+    description: Additional arguments to the Sonar Scanner CLI
     required: false
   projectBaseDir:
     description: Set the sonar.projectBaseDir analysis property
     required: false
-    default: .
+  scannerVersion:
+    description: Version of the Sonar Scanner CLI to use
+    required: false
+    # to be kept in sync with the default version in the sonarqube-scan-action
+    default: 7.0.2.4839
+  scannerBinariesUrl:
+    description: URL to download the Sonar Scanner CLI binaries from
+    required: false
+    default: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
+runs:
+  using: "composite"
+  steps:
+    - name: Deprecation warning
+      shell: bash
+      run: |
+        echo "::warning title=SonarScanner::This action is deprecated and will be removed in a future release. Please use the sonarqube-scan-action action instead. The sonarqube-scan-action is a drop-in replacement for this action."
+    - name: SonarQube Cloud Scan
+      uses: SonarSource/sonarqube-scan-action@v5.0.0
+      with:
+        args: ${{ inputs.args }}
+        projectBaseDir: ${{ inputs.projectBaseDir }}
+        scannerVersion: ${{ inputs.scannerVersion }}
+        scannerBinariesUrl: ${{ inputs.scannerBinariesUrl }}

cleanup.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ ! -d "${INPUT_PROJECTBASEDIR}/.scannerwork" ]; then
-    echo ".scannerwork directory not found; nothing to clean up."
-    exit
-fi
-
-_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1)
-PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file")
-
-chown -R "$PERM" "${INPUT_PROJECTBASEDIR}/.scannerwork/"
-

entrypoint.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-
-set -eo pipefail
-
-declare -a args=()
-
-if [[ -z "${SONAR_TOKEN}" ]]; then
-  echo "Set the SONAR_TOKEN env variable."
-  exit 1
-fi
-
-if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
-  echo "WARNING! Maven project detected. Sonar recommends running the 'org.sonarsource.scanner.maven:sonar-maven-plugin:sonar' goal during the build process instead of using this GitHub Action
-  to get more accurate results."
-fi
-
-if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" || -f "${INPUT_PROJECTBASEDIR%/}/build.gradle.kts" ]]; then
-  echo "WARNING! Gradle project detected. Sonar recommends using the SonarQube plugin for Gradle during the build process instead of using this GitHub Action
-  to get more accurate results."
-fi
-
-if [[ ${SONARCLOUD_URL} ]]; then
-  args+=("-Dsonar.scanner.sonarcloudUrl=${SONARCLOUD_URL}")
-fi
-
-if [[ "$RUNNER_DEBUG" == '1' ]]; then
-  args+=("--debug")
-fi
-
-unset JAVA_HOME
-
-args+=("-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR}")
-
-sonar-scanner "${args[@]}" ${INPUT_ARGS}

test/assertFileDoesntExist

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+error() { echo -e "\\e[31m✗ $*\\e[0m"; }
+
+if [ -f $1 ]; then
+  error "File '$1' found"
+  exit 1
+fi

test/gradle-project/build.gradle

@@ -1 +0,0 @@
-

test/maven-project/pom.xml

@@ -1 +0,0 @@
-