actions/sonarqube-scan-action
2
0
Fork 0
mirror of https://github.com/SonarSource/sonarqube-scan-action.git synced 2025-12-15 18:46:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Draft

Browse source
This commit is contained in:
Antonio Aversa 2024-12-11 11:47:55 +01:00
parent 844ce2710b
commit 85ebd0491a
10 changed files with 514 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
.github/workflows/version_update.yml vendored Normal file
View file

@ -0,0 +1,50 @@
name: sonar-scanner version check
on:
workflow_dispatch:
schedule:
- cron: '15 10 * * *'
jobs:
update-version:
name: Prepare pull request for sonar-scanner version update
runs-on: ubuntu-latest
steps:
- run: sudo apt install -y jq
- uses: actions/checkout@v4
with:
ref: master
persist-credentials: true
fetch-depth: 0
- name: "Fetch currently used sonar-scanner version"
id: tagged-version
shell: bash
run: cat sonar-scanner-version >> $GITHUB_OUTPUT
- name: "Fetch lastest sonar-scanner version"
id: latest-version
shell: bash
run: |
./scripts/fetch_latest_version.sh > sonar-scanner-version
cat sonar-scanner-version >> $GITHUB_OUTPUT
- name: "Create Pull Request for version update"
if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version
shell: bash
env:
UPDATE_BRANCH: update-to-sonar-scanner-${{ steps.latest-version.outputs.sonar-scanner-version }}
TITLE: "Update sonar-scanner-version to ${{ steps.latest-version.outputs.sonar-scanner-version }}"
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config --global user.name "SonarTech"
git config --global user.email "sonartech@sonarsource.com"
git checkout -b ${UPDATE_BRANCH}
git add sonar-scanner-version
git commit -m "${TITLE}"
git push --force-with-lease origin ${UPDATE_BRANCH}
gh pr list
if [[ $(gh pr list -H "${UPDATE_BRANCH}" | grep "${UPDATE_BRANCH}" | wc -l) -eq 0 ]]; then
gh pr create -B master -H ${UPDATE_BRANCH} --title "${TITLE}" --body "Automatic updated of sonar-scanner version value. Needs to be tagged for release."
fi

117
README.md
View file

@ -11,6 +11,9 @@ It helps developers detect coding issues in 30+ languages, frameworks, and IaC p
The solution also provides fix recommendations leveraging AI with Sonar's AI CodeFix capability.
> [!NOTE]
> This action now supports and is the official entrypoint for scanning C, C++, Objective-C and Dart projects via GitHub actions.
## Requirements
### Server
@ -38,7 +41,9 @@ sonar.projectKey=<replace with the key generated when setting up the project on
sonar.sources=.
```
The workflow, usually declared under `.github/workflows`, looks like:
The workflow, usually declared under `.github/workflows`, looks like the following:
- for projects **not** written in C, C++, and Objective-C
- and for projects written in C, C++, and Objective-C and using [AutoConfig](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/languages/c-family/analysis-modes/#choosing-the-right-analysis-mode)
```yaml
on:
@ -68,6 +73,61 @@ jobs:
SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
```
For C, C++ and Objective-C projects not using AutoConfig, the workflow requires additional steps to download the Build Wrapper and invoking it:
```yaml
# Trigger analysis when pushing to your main branches, and when creating a pull request.
push:
branches:
- main
- master
- develop
- 'releases/**'
pull_request:
types: [opened, synchronize, reopened]
name: Main Workflow
jobs:
sonarqube:
runs-on: ubuntu-latest
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
steps:
- uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: Install Build Wrapper
uses: sonarsource/sonarqube-scan-action/install-build-wrapper@<action version>
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: Run Build Wrapper
run: |
# here goes your compilation wrapped with build-wrapper; See https://docs.sonarsource.com/sonarqube/latest/ analyzing-source-code/languages/c-family/#using-build-wrapper for more information
# build-preparation steps
# build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} build-command
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@<action version>
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
with:
args: |
--define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"
#Consult https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options
```
If you are using SonarQube Server 10.5 or earlier, use `sonar.cfamily.build-wrapper-output` instead of `sonar.cfamily.compile-commands` in the `run` property of the last step, as Build Wrapper does not generate a compile_commands.json file before SonarQube Server 10.6, like this:
```yaml
with:
args: |
--define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
```
See also [example configurations of C++ projects for SonarQube Server](https://github.com/search?q=org%3Asonarsource-cfamily-examples+gh-actions-sq&type=repositories).
### Cloud
```properties
@ -108,6 +168,54 @@ jobs:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
```
For C, C++ and Objective-C projects not using AutoConfig, the workflow requires additional steps to download the Build Wrapper and invoking it:
```yaml
# Trigger analysis when pushing to your main branches, and when creating a pull request.
push:
branches:
- main
- master
- develop
- 'releases/**'
pull_request:
types: [opened, synchronize, reopened]
name: Main Workflow
jobs:
sonarqube:
runs-on: ubuntu-latest
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
steps:
- uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: Install Build Wrapper
uses: sonarsource/sonarqube-scan-action/install-build-wrapper@<action version>
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: Run Build Wrapper
run: |
# here goes your compilation wrapped with build-wrapper; See https://docs.sonarsource.com/sonarqube/latest/ analyzing-source-code/languages/c-family/#using-build-wrapper for more information
# build-preparation steps
# build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} build-command
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@<action version>
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
with:
args: |
--define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"
#Consult https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options
```
See also [example configurations of C++ projects for SonarQube Cloud](https://github.com/search?q=org%3Asonarsource-cfamily-examples+gh-actions-sc&type=repositories).
## Action parameters
You can change the analysis base directory by using the optional input `projectBaseDir` like this:
@ -190,9 +298,10 @@ This GitHub Action will not work for all technologies. If you are in one of the
* Your code is built with Maven. Read the documentation about our SonarScanner for Maven in SonarQube [Server](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner-for-maven/) and [Cloud](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-maven/).
* Your code is built with Gradle. Read the documentation about our SonarScanner for Gradle in SonarQube [Server](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner-for-gradle/) and [Cloud](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-gradle/).
* You want to analyze a .NET solution. Read the documentation about our SonarScanner for .NET in SonarQube [Server](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/dotnet/introduction/) and [Cloud](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-dotnet/introduction/).
* You want to analyze C or C++ code. Starting from SonarQube 10.6, this GitHub Action will scan C and C++ out of the box. If you want to have better control over the scan configuration/setup, you can switch to:
* the [SonarQube Server Scan for C and C++](https://github.com/marketplace/actions/sonarqube-scan-for-c-and-c) GitHub Action, for projects on SonarQube Server
* the [SonarQube Cloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) GitHub Action, for projects on SonarQube Cloud - look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=).
## Do not use this GitHub action if you are in the following situations
* You want to run the action on C, C++, or Objective-C projects on a 32-bits system - build wrappers support only 64-bits OS.
## Have questions or feedback?

127
deprecated-c-cpp-action/action.yml Normal file
View file

@ -0,0 +1,127 @@
name: 'SonarQube Scan for C and C++'
description: 'Scan your C and C++ code with SonarQube to detect bugs, vulnerabilities and code smells.'
branding:
icon: check
color: green
inputs:
installation-path:
description: 'Directory where the sonar-scanner and build wrapper will be installed. Created if does not exists.'
required: false
default: '.sonar'
cache-binaries:
description: 'Controls if installed binaries are cached using GitHub cache.'
required: false
default: 'true'
outputs:
sonar-scanner-binary:
description: "Absolute path to sonar-scanner binary."
value: ${{ steps.setup-outputs.outputs.sonar-scanner-binary }}
build-wrapper-binary:
description: "Absolute path to build-wrapper binary."
value: ${{ steps.setup-outputs.outputs.build-wrapper-binary }}
runs:
using: "composite"
steps:
# install packaged required for greadlink and sha256sum command on macOS
- name: Install required packages for macOS
if: runner.os == 'macOS'
shell: bash
run: brew install coreutils
- name: Verify and create installation path
shell: bash
env:
INSTALL_PATH: ${{ inputs.installation-path }}
run: ${GITHUB_ACTION_PATH}/../scripts/create_install_path.sh
- name: Set version of sonar-scanner
id: sonar-scanner-version
shell: bash
run: cat ${GITHUB_ACTION_PATH}/../sonar-scanner-version >> $GITHUB_OUTPUT
- name: Configure paths
id: configure_paths
shell: bash
env:
OS: ${{ runner.os }}
ARCH: ${{ runner.arch }}
INSTALL_PATH: ${{ inputs.installation-path }}
SONAR_SCANNER_VERSION: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-version }}
SONAR_SCANNER_URL_WINDOWS_X64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-windows-x64 }}
SONAR_SCANNER_SHA_WINDOWS_X64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-windows-x64 }}
SONAR_SCANNER_URL_LINUX_X64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-linux-x64 }}
SONAR_SCANNER_SHA_LINUX_X64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-linux-x64 }}
SONAR_SCANNER_URL_LINUX_AARCH64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-linux-aarch64 }}
SONAR_SCANNER_SHA_LINUX_AARCH64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-linux-aarch64 }}
SONAR_SCANNER_URL_MACOSX_X64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-macosx-x64 }}
SONAR_SCANNER_SHA_MACOSX_X64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-macosx-x64 }}
SONAR_SCANNER_URL_MACOSX_AARCH64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-macosx-aarch64 }}
SONAR_SCANNER_SHA_MACOSX_AARCH64: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-macosx-aarch64 }}
run: ${GITHUB_ACTION_PATH}/../scripts/configure_paths.sh >> $GITHUB_OUTPUT
- name: Cache sonar-scanner installation
id: cache-sonar-tools
if: inputs.cache-binaries == 'true'
uses: actions/cache@v4
env:
# The default value is 60mins. Reaching timeout is treated the same as a cache miss.
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
with:
key: sonar-scanner-${{ runner.os }}-${{ runner.arch }}-${{ steps.sonar-scanner-version.outputs.sonar-scanner-version }}
path: ${{ steps.configure_paths.outputs.sonar-scanner-dir }}
- name: Download and install sonar-scanner
if: steps.cache-sonar-tools.outputs.cache-hit != 'true'
shell: bash
env:
DOWNLOAD_URL: ${{ steps.configure_paths.outputs.sonar-scanner-url }}
EXPECTED_SHA: ${{ steps.configure_paths.outputs.sonar-scanner-sha }}
INSTALL_PATH: ${{ inputs.installation-path }}
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip
run: ${GITHUB_ACTION_PATH}/../scripts/download.sh -v
- name: Add the custom root certificate to java certificate store
shell: bash
run: ${GITHUB_ACTION_PATH}/../scripts/cert.sh
- name: Download and install build-wrapper
shell: bash
env:
DOWNLOAD_URL: ${{ steps.configure_paths.outputs.build-wrapper-url }}
INSTALL_PATH: ${{ inputs.installation-path }}
TMP_ZIP_PATH: ${{ runner.temp }}/build-wrapper.zip
run: ${GITHUB_ACTION_PATH}/../scripts/download.sh
- name: Setup action outputs
id: setup-outputs
shell: bash
env:
SONAR_SCANNER_DIR: ${{ steps.configure_paths.outputs.sonar-scanner-dir }}
SONAR_SCANNER_BIN: ${{ steps.configure_paths.outputs.sonar-scanner-bin }}
BUILD_WRAPPER_DIR: ${{ steps.configure_paths.outputs.build-wrapper-dir }}
BUILD_WRAPPER_BIN: ${{ steps.configure_paths.outputs.build-wrapper-bin }}
run: |
source ${GITHUB_ACTION_PATH}/../scripts/utils.sh
echo "::group::Action outputs"
echo "SONAR_HOST_URL=${SONAR_HOST_URL}" >> $GITHUB_ENV
echo "'SONAR_HOST_URL' environment variable set to '${SONAR_HOST_URL}'"
SONAR_SCANNER_BIN_DIR=$(realpath "${SONAR_SCANNER_DIR}/bin")
echo "${SONAR_SCANNER_BIN_DIR}" >> $GITHUB_PATH
echo "'${SONAR_SCANNER_BIN_DIR}' added to the path"
SONAR_SCANNER_BIN=$(realpath "${SONAR_SCANNER_BIN}")
echo "sonar-scanner-binary=${SONAR_SCANNER_BIN}" >> $GITHUB_OUTPUT
echo "'sonar-scanner-binary' output set to '${SONAR_SCANNER_BIN}'"
BUILD_WRAPPER_BIN_DIR=$(realpath "${BUILD_WRAPPER_DIR}")
echo "${BUILD_WRAPPER_BIN_DIR}" >> $GITHUB_PATH
echo "'${BUILD_WRAPPER_BIN_DIR}' added to the path"
BUILD_WRAPPER_BIN=$(realpath "${BUILD_WRAPPER_BIN}")
echo "build-wrapper-binary=${BUILD_WRAPPER_BIN}" >> $GITHUB_OUTPUT
echo "'build-wrapper-binary' output set to '${BUILD_WRAPPER_BIN}'"
echo "::endgroup::"

8
scripts/cert.sh Normal file
View file

@ -0,0 +1,8 @@
#!/bin/bash
if [[ -n "${SONAR_ROOT_CERT}" ]]; then
echo "Adding custom root certificate to java certificate store"
rm -f /tmp/tmpcert.pem
echo "${SONAR_ROOT_CERT}" > /tmp/tmpcert.pem
keytool -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias sonarqube -file /tmp/tmpcert.pem
fi

71
scripts/configure_paths.sh Normal file
View file

@ -0,0 +1,71 @@
#!/bin/bash
if [[ ${ARCH} != "X64" && ! (${ARCH} == "ARM64" && (${OS} == "macOS" || ${OS} == "Linux")) ]]; then
echo "::error::Architecture '${ARCH}' is unsupported by build-wrapper"
exit 1
fi
case ${OS} in
Windows)
SONAR_SCANNER_SUFFIX="windows-x64"
BUILD_WRAPPER_SUFFIX="win-x86"
SONAR_SCANNER_NAME="sonar-scanner.bat"
BUILD_WRAPPER_NAME="build-wrapper-win-x86-64.exe"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_WINDOWS_X64}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_WINDOWS_X64}"
;;
Linux)
case ${ARCH} in
X64)
SONAR_SCANNER_SUFFIX="linux-x64"
BUILD_WRAPPER_SUFFIX="linux-x86"
BUILD_WRAPPER_NAME="build-wrapper-linux-x86-64"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_LINUX_X64}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_LINUX_X64}"
;;
ARM64)
SONAR_SCANNER_SUFFIX="linux-aarch64"
BUILD_WRAPPER_SUFFIX="linux-aarch64"
BUILD_WRAPPER_NAME="build-wrapper-linux-aarch64"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_LINUX_AARCH64}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_LINUX_AARCH64}"
;;
esac
SONAR_SCANNER_NAME="sonar-scanner"
;;
macOS)
case ${ARCH} in
X64)
SONAR_SCANNER_SUFFIX="macosx-x64"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_MACOSX_X64}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_MACOSX_X64}"
;;
ARM64)
SONAR_SCANNER_SUFFIX="macosx-aarch64"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_MACOSX_AARCH64}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_MACOSX_AARCH64}"
;;
esac
BUILD_WRAPPER_SUFFIX="macosx-x86"
SONAR_SCANNER_NAME="sonar-scanner"
BUILD_WRAPPER_NAME="build-wrapper-macosx-x86"
;;
*)
echo "::error::Unsupported runner OS '${OS}'"
exit 1
;;
esac
echo "sonar-scanner-url=${SONAR_SCANNER_URL}"
echo "sonar-scanner-sha=${SONAR_SCANNER_SHA}"
SONAR_SCANNER_DIR="${INSTALL_PATH}/sonar-scanner-${SONAR_SCANNER_VERSION}-${SONAR_SCANNER_SUFFIX}"
echo "sonar-scanner-dir=${SONAR_SCANNER_DIR}"
echo "sonar-scanner-bin=${SONAR_SCANNER_DIR}/bin/${SONAR_SCANNER_NAME}"
BUILD_WRAPPER_DIR="${INSTALL_PATH}/build-wrapper-${BUILD_WRAPPER_SUFFIX}"
echo "build-wrapper-url=${SONAR_HOST_URL%/}/static/cpp/build-wrapper-${BUILD_WRAPPER_SUFFIX}.zip"
echo "build-wrapper-dir=${BUILD_WRAPPER_DIR}"
echo "build-wrapper-bin=${BUILD_WRAPPER_DIR}/${BUILD_WRAPPER_NAME}"

26
scripts/create_install_path.sh Normal file
View file

@ -0,0 +1,26 @@
#!/bin/bash
source "$(dirname -- "$0")/utils.sh"
echo "Installation path is '${INSTALL_PATH}'"
test ! -z "${INSTALL_PATH}"
check_status "Empty installation path specified"
if [[ ! -e "${INSTALL_PATH}" ]]; then
mkdir -p "${INSTALL_PATH}"
check_status "Failed to create non-existing installation path '${INSTALL_PATH}'"
fi
ABSOLUTE_INSTALL_PATH=$(realpath "${INSTALL_PATH}")
echo "Absolute installation path is '${ABSOLUTE_INSTALL_PATH}'"
test -d "${INSTALL_PATH}"
check_status "Installation path '${INSTALL_PATH}' is not a directory (absolute path is '${ABSOLUTE_INSTALL_PATH}')"
test -r "${INSTALL_PATH}"
check_status "Installation path '${INSTALL_PATH}' is not readable (absolute path is '${ABSOLUTE_INSTALL_PATH}')"
test -w "${INSTALL_PATH}"
check_status "Installation path '${INSTALL_PATH}' is not writeable (absolute path is '${ABSOLUTE_INSTALL_PATH}')"

58
scripts/download.sh Normal file
View file

@ -0,0 +1,58 @@
#!/bin/bash
source "$(dirname -- "$0")/utils.sh"
VERIFY_CORRECTNESS=false
help() {
cat <<EOF
Usage: ./download [-v]
-h Display help
-v Verify correctness of a download with SHA256 checksum; Optional
EOF
}
parse_arguments() {
while getopts "hv" arg; do
case $arg in
v)
VERIFY_CORRECTNESS=true
echo "Verify correctness is set to true"
;;
?)
help
exit 0
;;
esac
done
}
verify_download_correctness() {
echo "${EXPECTED_SHA} ${TMP_ZIP_PATH}" | sha256sum -c
check_status "Checking sha256 failed"
}
download() {
echo "Downloading '${DOWNLOAD_URL}'"
mkdir -p "${INSTALL_PATH}"
check_status "Failed to create ${INSTALL_PATH}"
curl -sSLo "${TMP_ZIP_PATH}" "${DOWNLOAD_URL}"
check_status "Failed to download '${DOWNLOAD_URL}'"
}
decompress() {
echo "Decompressing"
unzip -o -d "${INSTALL_PATH}" "${TMP_ZIP_PATH}"
check_status "Failed to unzip the archive into '${INSTALL_PATH}'"
}
####################################################################################
echo "::group::Download ${DOWNLOAD_URL}"
parse_arguments $@
download
if [ "$VERIFY_CORRECTNESS" = true ]; then
verify_download_correctness
fi
decompress
echo "::endgroup::"

25
scripts/fetch_latest_version.sh Normal file
View file

@ -0,0 +1,25 @@
#!/bin/bash
source "$(dirname -- "$0")/utils.sh"
SONAR_SCANNER_VERSION=$(curl -sSL -H "Accept: application/vnd.github+json" \
https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | jq -r '.tag_name')
check_status "Failed to fetch latest sonar-scanner version from GitHub API"
echo "sonar-scanner-version=${SONAR_SCANNER_VERSION}"
for OS in windows linux macosx; do
if [[ "$OS" == "windows" ]]; then
ARCHS=("x64")
else
ARCHS=("x64" "aarch64")
fi
for ARCH in "${ARCHS[@]}"; do
SONAR_SCANNER_URL="https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-${OS}-${ARCH}.zip"
SONAR_SCANNER_SHA=$(curl -sSL "${SONAR_SCANNER_URL}.sha256")
check_status "Failed to download ${OS} ${ARCH} sonar-scanner checksum from '${SONAR_SCANNER_URL}'"
echo "sonar-scanner-url-${OS}-${ARCH}=${SONAR_SCANNER_URL}"
echo "sonar-scanner-sha-${OS}-${ARCH}=${SONAR_SCANNER_SHA}"
done
done

25
scripts/utils.sh Normal file
View file

@ -0,0 +1,25 @@
#!/bin/bash
check_status() {
exit_status=$?
if [ $exit_status -ne 0 ]; then
echo "::error::$1"
exit $exit_status
fi
}
realpath() {
case ${RUNNER_OS} in
Windows)
cygpath --absolute --windows "$1"
;;
Linux)
readlink -f "$1"
;;
macOS)
# installed by coreutils package
greadlink -f "$1"
;;
esac
}

11
sonar-scanner-version Normal file
View file

@ -0,0 +1,11 @@
sonar-scanner-version=6.1.0.4477
sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.1.0.4477-windows-x64.zip
sonar-scanner-sha-windows-x64=1c518fdefd1e6507475f92a0afec3720ceac9a79756773a14b461737dea0ab0f
sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.1.0.4477-linux-x64.zip
sonar-scanner-sha-linux-x64=aa985eacaa4155a064647370b62fc82d1b0e06caf1d493e04c2389dd5ac74fcb
sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.1.0.4477-linux-aarch64.zip
sonar-scanner-sha-linux-aarch64=a8d4af9776988e096e0d6bddad02d879e6c8c2cdc0c4c1c05e04208cca8d5a05
sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.1.0.4477-macosx-x64.zip
sonar-scanner-sha-macosx-x64=7bb3516c8176ec7be43982e0cb78c1ce462741ad9ce092037e12b2fc8411eb85
sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.1.0.4477-macosx-aarch64.zip
sonar-scanner-sha-macosx-aarch64=7c7e69b6cf54e3a5ff67a08199d557e896f51bcc9b2f8f5f238a5aa359653659