From 5837ebfccaf5b347ae1783644ecff31e2bafa086 Mon Sep 17 00:00:00 2001 From: SonarTech <1842438+SonarTech@users.noreply.github.com> Date: Tue, 2 Sep 2025 10:10:38 +0200 Subject: [PATCH] BUILD-8875: Migrate to standardized GitHub runner names Co-authored-by: Julien HENRY --- .github/workflows/PullRequestClosed.yml | 2 +- .github/workflows/PullRequestCreated.yml | 2 +- .github/workflows/RequestReview.yml | 2 +- .github/workflows/SubmitReview.yml | 2 +- .github/workflows/qa-deprecated-c-cpp.yml | 2 +- .../workflows/qa-install-build-wrapper.yml | 2 +- .github/workflows/qa-main.yml | 54 +++++++++---------- .github/workflows/qa-scripts.yml | 8 +-- .github/workflows/update-tags.yml | 2 +- .github/workflows/version_update.yml | 4 +- 10 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index dd54f81..1bf2140 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -7,7 +7,7 @@ on: jobs: PullRequestClosed_job: name: Pull Request Closed - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s permissions: id-token: write pull-requests: read diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index d532c22..ffadce6 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -7,7 +7,7 @@ on: jobs: PullRequestCreated_job: name: Pull Request Created - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s permissions: id-token: write # For external PR, ticket should be created manually diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 5e74c2b..eb1425d 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -7,7 +7,7 @@ on: jobs: RequestReview_job: name: Request review - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s permissions: id-token: write # For external PR, ticket should be moved manually diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index 763ca30..d5b18a7 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -7,7 +7,7 @@ on: jobs: SubmitReview_job: name: Submit Review - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s permissions: id-token: write pull-requests: read diff --git a/.github/workflows/qa-deprecated-c-cpp.yml b/.github/workflows/qa-deprecated-c-cpp.yml index 356c063..f3f2879 100644 --- a/.github/workflows/qa-deprecated-c-cpp.yml +++ b/.github/workflows/qa-deprecated-c-cpp.yml @@ -12,7 +12,7 @@ jobs: name: Action outputs strategy: matrix: - os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13] + os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest, macos-13] cache: [true, false] include: - arch: X64 diff --git a/.github/workflows/qa-install-build-wrapper.yml b/.github/workflows/qa-install-build-wrapper.yml index d177888..4ec9888 100644 --- a/.github/workflows/qa-install-build-wrapper.yml +++ b/.github/workflows/qa-install-build-wrapper.yml @@ -12,7 +12,7 @@ jobs: name: Action outputs strategy: matrix: - os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13] + os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest, macos-13] cache: [true, false] include: - arch: X64 diff --git a/.github/workflows/qa-main.yml b/.github/workflows/qa-main.yml index 1117256..d07e6dd 100644 --- a/.github/workflows/qa-main.yml +++ b/.github/workflows/qa-main.yml @@ -13,7 +13,7 @@ jobs: No inputs strategy: matrix: - os: [ ubuntu-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -32,7 +32,7 @@ jobs: 'args' input strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -55,7 +55,7 @@ jobs: 'args' input with command injection will fail strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] args: [ -Dsonar.someArg=aValue && echo "Injection", -Dsonar.someArg="value\"; whoami; echo \"" ] runs-on: ${{ matrix.os }} steps: @@ -81,7 +81,7 @@ jobs: 'args' input with backticks injection does not execute command strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -109,7 +109,7 @@ jobs: 'args' input with dollar command injection does not execute command strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -136,7 +136,7 @@ jobs: 'args' input with other command injection variants does not execute command strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -166,7 +166,7 @@ jobs: 'projectBaseDir' input strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -187,7 +187,7 @@ jobs: scannerVersionTest: name: > 'scannerVersion' input - runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64 + runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64 steps: - uses: actions/checkout@v5 with: @@ -207,7 +207,7 @@ jobs: scannerBinariesUrlTest: name: > 'scannerBinariesUrl' input with invalid URL - runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64 + runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64 steps: - uses: actions/checkout@v5 with: @@ -235,7 +235,7 @@ jobs: scannerBinariesUrlIsEscapedWithWget: name: > 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -256,7 +256,7 @@ jobs: scannerBinariesUrlIsEscapedWithCurl: name: > 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -285,7 +285,7 @@ jobs: dontFailGradleTest: name: > Don't fail on Gradle project - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -306,7 +306,7 @@ jobs: dontFailGradleKotlinTest: name: > Don't fail on Kotlin Gradle project - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -327,7 +327,7 @@ jobs: dontFailMavenTest: name: > Don't fail on Maven project - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -346,7 +346,7 @@ jobs: run: | ./test/assertFileExists ./output.properties runAnalysisTest: - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s services: sonarqube: image: sonarqube:lts-community @@ -381,7 +381,7 @@ jobs: 'RUNNER_DEBUG' is used strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -399,7 +399,7 @@ jobs: run: | ./test/assertFileContains ./output.properties "sonar.verbose=true" runAnalysisWithCacheTest: - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s services: sonarqube: image: sonarqube:lts-community @@ -440,7 +440,7 @@ jobs: 'SONARCLOUD_URL' is used strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -459,7 +459,7 @@ jobs: ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io" dontFailWhenMissingWgetButCurlAvailable: name: Don't fail when missing wget but curl available - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -485,7 +485,7 @@ jobs: ./test/assertFileExists ./output.properties dontFailWhenMissingCurlButWgetAvailable: name: Don't fail when missing curl but wget available - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -512,7 +512,7 @@ jobs: ./test/assertFileExists ./output.properties failWhenBothWgetAndCurlMissing: name: Fail when both wget and curl are missing - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -545,7 +545,7 @@ jobs: curlPerformsRedirect: name: > curl performs redirect when scannerBinariesUrl returns 3xx - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -579,7 +579,7 @@ jobs: 'SONAR_ROOT_CERT' is converted to truststore strategy: matrix: - os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] + os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v5 @@ -631,7 +631,7 @@ jobs: analysisWithSslCertificate: name: > Analysis takes into account 'SONAR_ROOT_CERT' - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -739,7 +739,7 @@ jobs: overridesScannerLocalFolderWhenPresent: # can happen in uncleaned self-hosted runners name: > 'SCANNER_LOCAL_FOLDER' is cleaned with warning when present - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -773,7 +773,7 @@ jobs: updateTruststoreWhenPresent: # can happen in uncleaned self-hosted runners name: > truststore.p12 is updated when present - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -902,7 +902,7 @@ jobs: scannerVersionValidationTest: name: > 'scannerVersion' input validation - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: diff --git a/.github/workflows/qa-scripts.yml b/.github/workflows/qa-scripts.yml index f612f46..05234cb 100644 --- a/.github/workflows/qa-scripts.yml +++ b/.github/workflows/qa-scripts.yml @@ -10,7 +10,7 @@ on: jobs: create-install-dir-test: name: create_install_path.sh - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -107,7 +107,7 @@ jobs: grep "=== Script failed ===" output setup-script-test: name: configure_paths.sh - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s env: INSTALL_PATH: 'install-directory' SONAR_HOST_URL: 'http://sonar-host.com' @@ -250,7 +250,7 @@ jobs: grep "=== Script failed ===" output download-script-test: name: download.sh - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: @@ -319,7 +319,7 @@ jobs: grep "=== Script failed ===" output fetch-latest-version-test: name: fetch_latest_version.sh - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s steps: - uses: actions/checkout@v5 with: diff --git a/.github/workflows/update-tags.yml b/.github/workflows/update-tags.yml index f274841..0b6d090 100644 --- a/.github/workflows/update-tags.yml +++ b/.github/workflows/update-tags.yml @@ -7,7 +7,7 @@ on: jobs: generate: - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s permissions: contents: write diff --git a/.github/workflows/version_update.yml b/.github/workflows/version_update.yml index 9be42a6..36b15cc 100644 --- a/.github/workflows/version_update.yml +++ b/.github/workflows/version_update.yml @@ -7,7 +7,7 @@ on: jobs: check-version: name: Check for sonar-scanner version update - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s outputs: should_update: ${{ steps.version-check.outputs.should_update }} new-version: ${{ steps.latest-version.outputs.sonar-scanner-version }} @@ -43,7 +43,7 @@ jobs: update-version: name: Prepare pull request for sonar-scanner version update needs: check-version - runs-on: ubuntu-latest-large + runs-on: github-ubuntu-latest-s permissions: contents: write pull-requests: write