mirror of
https://github.com/SonarSource/sonarqube-scan-action.git
synced 2026-05-13 22:25:54 +00:00
c8357220fa
Some checks failed
QA Install Build Wrapper action / Action outputs-3 (push) Has been cancelled
QA Main action / 'args' input
-1 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Has been cancelled
QA Install Build Wrapper action / Action outputs-5 (push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Install Build Wrapper action / Action outputs-7 (push) Has been cancelled
QA Main action / 'args' input with command injection will fail
-3 (push) Has been cancelled
QA Main action / 'args' input with command injection will fail
-4 (push) Has been cancelled
QA Install Build Wrapper action / Action outputs-8 (push) Has been cancelled
QA Main action / No inputs
(push) Has been cancelled
QA Main action / No inputs
-1 (push) Has been cancelled
QA Main action / 'args' input
(push) Has been cancelled
QA Main action / 'args' input
-2 (push) Has been cancelled
QA Main action / 'args' input with command injection will fail
(push) Has been cancelled
QA Main action / 'args' input with command injection will fail
-1 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / 'args' input with command injection will fail
-2 (push) Has been cancelled
QA Main action / 'args' input with backticks injection does not execute command
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-1 (push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'args' input with command injection will fail
-5 (push) Has been cancelled
QA Main action / 'args' input with backticks injection does not execute command
-1 (push) Has been cancelled
QA Main action / 'args' input with backticks injection does not execute command
-2 (push) Has been cancelled
QA Main action / 'args' input with dollar command injection does not execute command
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-2 (push) Has been cancelled
QA Main action / 'args' input with dollar command injection does not execute command
-1 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-1 (push) Has been cancelled
QA Main action / 'args' input with dollar command injection does not execute command
-2 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
Unit tests / test (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
QA Install Build Wrapper action / Action outputs (push) Has been cancelled
QA Install Build Wrapper action / Action outputs-2 (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-3 (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-1 (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-5 (push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-2 (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-8 (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-4 (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-6 (push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs-7 (push) Has been cancelled
QA Install Build Wrapper action / Action outputs-1 (push) Has been cancelled
QA Install Build Wrapper action / Action outputs-4 (push) Has been cancelled
QA Install Build Wrapper action / Action outputs-6 (push) Has been cancelled
Co-authored-by: Julien Carsique <julien.carsique@sonarsource.com>
83 lines
3.1 KiB
YAML
83 lines
3.1 KiB
YAML
name: sonar-scanner version check
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: '15 10 * * *'
|
|
|
|
jobs:
|
|
check-version:
|
|
name: Check for sonar-scanner version update
|
|
runs-on: github-ubuntu-latest-s
|
|
outputs:
|
|
should_update: ${{ steps.version-check.outputs.should_update }}
|
|
new-version: ${{ steps.latest-version.outputs.sonar-scanner-version }}
|
|
steps:
|
|
- run: sudo apt install -y jq
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: master
|
|
fetch-depth: 0
|
|
|
|
- name: "Fetch currently used sonar-scanner version"
|
|
id: tagged-version
|
|
shell: bash
|
|
run: cat sonar-scanner-version >> $GITHUB_OUTPUT
|
|
|
|
- name: "Fetch latest sonar-scanner version"
|
|
id: latest-version
|
|
shell: bash
|
|
run: |
|
|
./scripts/fetch_latest_version.sh > sonar-scanner-version
|
|
cat sonar-scanner-version >> $GITHUB_OUTPUT
|
|
|
|
- name: "Determine if update is needed"
|
|
id: version-check
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ steps.tagged-version.outputs.sonar-scanner-version }}" != "${{ steps.latest-version.outputs.sonar-scanner-version }}" ]]; then
|
|
echo "should_update=true" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "should_update=false" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
update-version:
|
|
name: Prepare pull request for sonar-scanner version update
|
|
needs: check-version
|
|
runs-on: github-ubuntu-latest-s
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
if: needs.check-version.outputs.should_update == 'true'
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: master
|
|
persist-credentials: true
|
|
fetch-depth: 0
|
|
- run: sudo snap install yq
|
|
- name: "Update default version"
|
|
shell: bash
|
|
env:
|
|
NEW_VERSION: ${{ needs.check-version.outputs.new-version }}
|
|
run: |
|
|
yq -i '.inputs.scannerVersion.default = strenv(NEW_VERSION)' action.yml
|
|
./scripts/fetch_latest_version.sh > sonar-scanner-version
|
|
- name: "Create Pull Request for version update"
|
|
shell: bash
|
|
env:
|
|
UPDATE_BRANCH: update-to-sonar-scanner-${{ needs.check-version.outputs.new-version }}
|
|
TITLE: "Update SonarScanner CLI to ${{ needs.check-version.outputs.new-version }}"
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
git config --global user.name "SonarTech"
|
|
git config --global user.email "sonartech@sonarsource.com"
|
|
git checkout -b ${UPDATE_BRANCH}
|
|
git add sonar-scanner-version
|
|
git add action.yml
|
|
git commit -m "${TITLE}"
|
|
git push --force-with-lease origin ${UPDATE_BRANCH}
|
|
gh pr list
|
|
|
|
if [[ $(gh pr list -H "${UPDATE_BRANCH}" | grep "${UPDATE_BRANCH}" | wc -l) -eq 0 ]]; then
|
|
gh pr create -B master -H ${UPDATE_BRANCH} --title "${TITLE}" --body "Automatic update of the sonar-scanner version value. Be sure to trigger the QA workflow by closing and reopening this PR (see https://github.com/orgs/community/discussions/65321)."
|
|
fi
|