diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index 08472bd..d5b18a7 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -10,6 +10,7 @@ jobs: runs-on: github-ubuntu-latest-s permissions: id-token: write + pull-requests: read # For external PR, ticket should be moved manually if: | github.event.pull_request.head.repo.full_name == github.repository @@ -20,11 +21,10 @@ jobs: uses: SonarSource/vault-action-wrapper@v3 with: secrets: | - development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; development/kv/data/jira user | JIRA_USER; development/kv/data/jira token | JIRA_TOKEN; - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2 with: - github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} + github-token: ${{secrets.GITHUB_TOKEN}} jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }} diff --git a/README.md b/README.md index 3e0f19c..98b8903 100644 --- a/README.md +++ b/README.md @@ -200,23 +200,6 @@ This can be useful when the runner executing the action is self-hosted and has r scannerBinariesUrl: https://my.custom.binaries.url.com/Distribution/sonar-scanner-cli/ ``` -#### `skipSignatureVerification` - -By default, the action verifies the OpenPGP signature of the SonarScanner CLI binary before executing it. You can disable this verification using the `skipSignatureVerification` option: - -```yaml -- uses: SonarSource/sonarqube-scan-action@ - with: - skipSignatureVerification: true -``` - -> [!NOTE] -> Signature verification requires `gpg` and `dirmngr` to be installed on the runner. GitHub-hosted runners include both, but some self-hosted runners or containers may not. -> -> **Version history:** -> - Introduced in **v7.2** with a default value of `true` to avoid breaking existing workflows on runners without `dirmngr`. -> - Changed to `false` by default in **v8** (breaking change). If your runner does not have `gpg` or `dirmngr` installed, set this option to `true` explicitly. - More information about possible analysis parameters can be found: * in the [Analysis parameters page](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/) of the SonarQube Server documentation * in the [Analysis parameters page](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/analysis-parameters/) of the SonarQube Cloud documentation @@ -469,8 +452,6 @@ When running the action in a self-hosted runner or container, please ensure that * **curl** or **wget** * **unzip** -* **gpg** -* **dirmngr** ### Additional information