From 2500896589ef8f7247069a56136f8dc177c27ccf Mon Sep 17 00:00:00 2001
From: csaba-feher-sonarsource
 <93765926+csaba-feher-sonarsource@users.noreply.github.com>
Date: Mon, 5 May 2025 17:48:40 +0200
Subject: [PATCH] SQSCANGHA-92 Validate scanner version (#189)

Co-authored-by: Julien HENRY <julien.henry@sonarsource.com>
---
 .github/workflows/qa-main.yml | 23 +++++++++++++++++++++++
 action.yml                    |  1 +
 scripts/sanity-checks.sh      |  5 +++++
 3 files changed, 29 insertions(+)

diff --git a/.github/workflows/qa-main.yml b/.github/workflows/qa-main.yml
index 410d4a7..1a56855 100644
--- a/.github/workflows/qa-main.yml
+++ b/.github/workflows/qa-main.yml
@@ -809,3 +809,26 @@ jobs:
           [ -f "$SONAR_SSL_FOLDER/truststore.p12" ] || exit 1
           TRUSTSTORE_P12_MOD_TIME_T3=$(stat -c %Y "$SONAR_SSL_FOLDER/truststore.p12")
           [ "$TRUSTSTORE_P12_MOD_TIME_T2" != "$TRUSTSTORE_P12_MOD_TIME_T3" ] || exit 1
+  scannerVersionValidationTest:
+    name: >
+      'scannerVersion' input validation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run action with invalid scannerVersion
+        id: invalid_version
+        uses: ./
+        continue-on-error: true
+        with:
+          scannerVersion: "7.1.0-SNAPSHOT"
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
+        env:
+          NO_CACHE: true
+          SONAR_HOST_URL: http://not_actually_used
+      - name: Assert failure of previous step
+        if: steps.invalid_version.outcome == 'success'
+        run: |
+          echo "Action with invalid scannerVersion should have failed but succeeded"
+          exit 1
\ No newline at end of file
diff --git a/action.yml b/action.yml
index fe4ac90..0c6eeb0 100644
--- a/action.yml
+++ b/action.yml
@@ -30,6 +30,7 @@ runs:
       shell: bash
       env:
         INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
+        INPUT_SCANNERVERSION: ${{ inputs.scannerVersion }}
     - name: Load Sonar Scanner CLI from cache
       id: sonar-scanner-cli
       uses: actions/cache@v4
diff --git a/scripts/sanity-checks.sh b/scripts/sanity-checks.sh
index 6fd8b97..c3b706b 100755
--- a/scripts/sanity-checks.sh
+++ b/scripts/sanity-checks.sh
@@ -2,6 +2,11 @@
 
 set -eo pipefail
 
+if [[ ! "${INPUT_SCANNERVERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  echo "::error title=SonarScanner::Invalid scannerVersion format. Expected format: x.y.z.w (e.g., 7.1.0.4889)"
+  exit 1
+fi
+
 if [[ -z "${SONAR_TOKEN}" ]]; then
   echo "::warning title=SonarScanner::Running this GitHub Action without SONAR_TOKEN is not recommended"
 fi