SQSCANGHA-40 Restore permission fix for files in the project basedir

This reverts commit 16be80a080.

.cirrus.star

@@ -0,0 +1,4 @@
+load("github.com/SonarSource/cirrus-modules@v2", "load_features")
+
+def main(ctx):
+    return load_features(ctx)

.cirrus.yml

@@ -0,0 +1,38 @@
+env:
+  CIRRUS_VAULT_URL: https://vault.sonar.build:8200
+  CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
+  CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
+
+  # Mend scan global configuration
+  MEND_API_KEY: VAULT[development/kv/data/mend data.apikey]
+
+  # Staging image configuration
+  STAGING_IMAGE_NAME: sonarsource/sonarqube-scan-action
+  CURRENT_TAG: master
+
+vm_instance_template: &VM_TEMPLATE
+  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
+  image: docker-builder-v*
+  type: t2.small
+  region: eu-central-1
+  subnet_id: ${CIRRUS_AWS_SUBNET}
+  disk: 10
+  cpu: 4
+  memory: 16G
+
+mend_task:
+  ec2_instance:
+    <<: *VM_TEMPLATE
+  # run only on master and long-term branches
+  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
+  setup_script:
+    - docker build --tag "${STAGING_IMAGE_NAME}:${CURRENT_TAG}" .
+    - apt-get remove -y unattended-upgrades
+    - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre
+    - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar
+    - echo "docker.includes=${CURRENT_TAG}" >> .cirrus/wss-unified-agent.config
+  scan_script:
+    - echo "Scan the ${STAGING_IMAGE_NAME}:${CURRENT_TAG} image"
+    - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY
+
+

.cirrus/wss-unified-agent.config

@@ -0,0 +1,4 @@
+docker.projectNameFormat=repositoryNameAndTag
+docker.scanImages=true
+wss.url=https://saas-eu.whitesourcesoftware.com/agent
+productName=GitHubAction/SonarQubeScanAction

.github/CODEOWNERS

@@ -1 +1 @@
-.github/CODEOWNERS @sonarsource/sonarqube-team
+.github/CODEOWNERS @sonarsource/analysis-experience-squad

.github/workflows/qa.yml

@@ -1,18 +1,192 @@
 name: QA
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
 
 jobs:
-  run_qa:
+  argsInputTest:
+    name: >
+      'args' input
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - run: ./test/run-qa.sh
-        timeout-minutes: 5
+      - name: Run action with args
+        uses: ./
+        with:
+          args: -Dsonar.someArg=aValue -Dsonar.scanner.dumpToFile=./output.properties
+        env:
+          SONAR_HOST_URL: http://not_actually_used
+      - name: Assert
+        run: |
+          ./test/assertFileContains ./output.properties "sonar.someArg=aValue"
+  projectBaseDirInputTest:
+    name: >
+      'projectBaseDir' input
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - run: mkdir -p ./baseDir
+      - name: Run action with projectBaseDir
+        uses: ./
+        with:
+          args: -Dsonar.scanner.dumpToFile=./output.properties
+          projectBaseDir: ./baseDir
+        env:
+          SONAR_HOST_URL: http://not_actually_used
+      - name: Assert
+        run: |
+          ./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir"
+  dontFailGradleTest:
+    name: >
+      Don't fail on Gradle project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run action on Gradle project
+        id: runTest
+        uses: ./
+        continue-on-error: true
+        env:
+          SONAR_HOST_URL: http://not_actually_used
+        with:
+          projectBaseDir: ./test/gradle-project
+          args: -Dsonar.scanner.dumpToFile=./output.properties
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./output.properties
+  dontFailGradleKotlinTest:
+    name: >
+      Don't fail on Kotlin Gradle project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run action on Kotlin Gradle project
+        id: runTest
+        uses: ./
+        continue-on-error: true
+        env:
+          SONAR_HOST_URL: http://not_actually_used
+        with:
+          projectBaseDir: ./test/gradle-project
+          args: -Dsonar.scanner.dumpToFile=./output.properties
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./output.properties
+  dontFailMavenTest:
+    name: >
+      Don't fail on Maven project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run action on Maven project
+        id: runTest
+        uses: ./
+        continue-on-error: true
+        env:
+          SONAR_HOST_URL: http://not_actually_used
+        with:
+          projectBaseDir: ./test/maven-project
+          args: -Dsonar.scanner.dumpToFile=./output.properties
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./output.properties
+  runAnalysisTest:
+    runs-on: ubuntu-latest
     services:
       sonarqube:
-        image: sonarqube:8.9-community
+        image: sonarqube:lts-community
         ports:
           - 9000:9000
+        volumes:
+          - sonarqube_data:/opt/sonarqube/data
+          - sonarqube_logs:/opt/sonarqube/logs
+          - sonarqube_extensions:/opt/sonarqube/extensions
+        options: >-
+          --health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run action on sample project
+        id: runTest
+        uses: ./
+        env:
+          SONAR_HOST_URL: http://sonarqube:9000
+        with:
+          args: -Dsonar.login=admin -Dsonar.password=admin
+          projectBaseDir: ./test/example-project
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt
+  runnerDebugUsedTest:
+    name: >
+      'RUNNER_DEBUG' is used
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run action with debug mode
+        uses: ./
+        with:
+          args: -Dsonar.scanner.dumpToFile=./output.properties
+        env:
+          RUNNER_DEBUG: 1
+          SONAR_HOST_URL: http://not_actually_used
+      - name: Assert
+        run: |
+          ./test/assertFileContains ./output.properties "sonar.verbose=true"
+  runAnalysisWithCacheTest:
+    runs-on: ubuntu-latest
+    services:
+      sonarqube:
+        image: sonarqube:lts-community
+        ports:
+          - 9000:9000
+        volumes:
+          - sonarqube_data:/opt/sonarqube/data
+          - sonarqube_logs:/opt/sonarqube/logs
+          - sonarqube_extensions:/opt/sonarqube/extensions
+        options: >-
+          --health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: SonarQube Cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ github.workspace }}/.sonar/cache
+          key: ${{ runner.os }}-sonar
+      - name: Run action on sample project
+        id: runTest
+        uses: ./
+        env:
+          SONAR_HOST_URL: http://sonarqube:9000
+          SONAR_USER_HOME: ${{ github.workspace }}/.sonar
+        with:
+          args: -Dsonar.login=admin -Dsonar.password=admin
+          projectBaseDir: ./test/example-project
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt

.github/workflows/update-tags.yml

@@ -13,10 +13,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Parse semver
-        uses: madhead/semver-utils@latest
+        uses: madhead/semver-utils@40bbdc6e50b258c09f35f574e83c51f60d2ce3a2 # v4.0.0
         id: version
         with:
           version: ${{ github.ref_name }}

Dockerfile

@@ -1,6 +1,6 @@
-FROM sonarsource/sonar-scanner-cli:5.0.1
+FROM sonarsource/sonar-scanner-cli:10.0
 
-LABEL version="2.0.1" \
+LABEL version="2.1.0" \
       repository="https://github.com/sonarsource/sonarqube-scan-action" \
       homepage="https://github.com/sonarsource/sonarqube-scan-action" \
       maintainer="SonarSource" \
@@ -9,9 +9,13 @@ LABEL version="2.0.1" \
       com.github.actions.icon="check" \
       com.github.actions.color="green"
 
+# GitHub actions should be run under ROOT
+# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#docker-container-filesystem
+USER 0
 
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 COPY cleanup.sh /cleanup.sh
 RUN chmod +x /cleanup.sh
+
 ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,10 +1,13 @@
 # Scan your code with SonarQube [![QA](https://github.com/SonarSource/sonarqube-scan-action/actions/workflows/qa.yml/badge.svg)](https://github.com/SonarSource/sonarqube-scan-action/actions/workflows/qa.yml)
 
-Using this GitHub Action, scan your code with [SonarQube](https://www.sonarqube.org/) to detects Bugs, Vulnerabilities and Code Smells in up to 27 programming languages!
+This SonarSource project, available as a GitHub Action, scans your projects with SonarQube, and helps developers produce 
+[Clean Code](https://www.sonarsource.com/solutions/clean-code/?utm_medium=referral&utm_source=github&utm_campaign=clean-code&utm_content=sonarqube-scan-action).
 
 <img src="./images/SonarQube-72px.png">
 
-SonarQube is the leading product for Continuous Code Quality & Code Security. It supports most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more.
+[SonarQube](https://www.sonarsource.com/products/sonarqube/) is a widely used static analysis solution for continuous code quality and security inspection. 
+It helps developers identify and fix issues in their code that could lead to bugs, vulnerabilities, or decreased development velocity.
+SonarQube supports the most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and [many more](https://www.sonarsource.com/knowledge/languages/).
 
 ## Requirements
 
@@ -14,13 +17,13 @@ Read more information on how to analyze your code [here](https://docs.sonarqube.
 
 ## Usage
 
-Project metadata, including the location to the sources to be analyzed, must be declared in the file `sonar-project.properties` in the base directory:
+Project metadata, including the location of the sources to be analyzed, must be declared in the file `sonar-project.properties` in the base directory:
 
 ```properties
 sonar.projectKey=<replace with the key generated when setting up the project on SonarQube>
 
 # relative paths to source directories. More details and properties are described
-# in https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/ 
+# at https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/ 
 sonar.sources=.
 ```
 
@@ -43,36 +46,36 @@ jobs:
   sonarqube:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
-        # Disabling shallow clone is recommended for improving relevancy of reporting
+        # Disabling shallow clones is recommended for improving the relevancy of reporting
         fetch-depth: 0
     - name: SonarQube Scan
-      uses: sonarsource/sonarqube-scan-action@master
+      uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
 ```
 
 If your source code file names contain special characters that are not covered by the locale range of `en_US.UTF-8`, you can configure your desired locale like this:
 
 ```yaml
     - name: SonarQube Scan
-      uses: sonarsource/sonarqube-scan-action@master
+      uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
         LC_ALL: "ru_RU.UTF-8"
 ```
 
-If your SonarQube server uses a self-signed certificate, you can pass a root certificate (in PEM format) to the java certificate store:
+If your SonarQube server uses a self-signed certificate, you can pass a root certificate (in PEM format) to the Java certificate store:
 
 ```yaml
     - name: SonarQube Scan
-      uses: sonarsource/sonarqube-scan-action@master
+      uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
         SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
 ```
 
@@ -80,7 +83,7 @@ You can change the analysis base directory by using the optional input `projectB
 
 ```yaml
 - name: SonarQube Scan
-  uses: sonarsource/sonarqube-scan-action@master
+  uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
   with:
     projectBaseDir: app/src
 ```
@@ -89,7 +92,7 @@ In case you need to add additional analysis parameters, and you do not wish to s
 
 ```yaml
 - name: SonarQube Scan
-  uses: sonarsource/sonarqube-scan-action@master
+  uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
   with:
     projectBaseDir: app/src
     args: >
@@ -103,7 +106,7 @@ More information about possible analysis parameters can be found in [the documen
 ### Environment variables
 
 - `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens [here](https://docs.sonarqube.org/latest/user-guide/user-token/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
-- `SONAR_HOST_URL` – **Required** this tells the scanner where SonarQube is hosted. You can set the `SONAR_HOST_URL` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
+- `SONAR_HOST_URL` – **Required** this tells the scanner where SonarQube is hosted. You can set the `SONAR_HOST_URL` environment variable in the "Variables" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
 - `SONAR_ROOT_CERT` – Holds an additional root certificate (in PEM format) that is used to validate the SonarQube server certificate. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
 
 ## Alternatives for Java, .NET, and C/C++ projects
@@ -113,9 +116,22 @@ This GitHub Action will not work for all technologies. If you are in one of the
 * Your code is built with Maven. Read the documentation about our [Scanner for Maven](https://redirect.sonarsource.com/doc/install-configure-scanner-maven.html).
 * Your code is built with Gradle. Read the documentation about our [Scanner for Gradle](https://redirect.sonarsource.com/doc/gradle.html).
 * You want to analyze a .NET solution. Read the documentation about our [Scanner for .NET](https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html).
-* You want to analyze C/C++ code. Read the documentation on [analyzing C/C++ code](https://docs.sonarqube.org/latest/analysis/languages/cfamily/).
+* You want to analyze C or C++ code. Starting from SonarQube 10.6, this GitHub Action will scan C and C++ out of the box. If you want to have better control over the scan configuration/setup, you can switch to the [SonarQube C and C++](https://github.com/SonarSource/sonarqube-github-c-cpp) GitHub Action.
 
-## Have question or feedback?
+## Error cleaning up workspace
+
+In some cases, the checkout action may fail to clean up the workspace. This is a known problem for GitHub actions implemented as a docker container (such as `sonarqube-scan-action`) when self-hosted runners are used.
+Example of the error message: `File was unable to be removed Error: EACCES: permission denied, unlink '/actions-runner/_work//project/.scannerwork/.sonar_lock'`
+To work around the problem, `sonarqube-scan-action` attempts to fix the permission of the temporary files that it creates. If that doesn't work, you can manually clean up the workspace by running the following action:
+```
+- name: Clean the workspace
+  uses: docker://alpine
+  with:
+    args: /bin/sh -c "find \"${GITHUB_WORKSPACE}\" -mindepth 1 ! -name . -prune -exec rm -rf {} +"
+```
+You can find more info [here](https://github.com/actions/runner/issues/434).
+
+## Have questions or feedback?
 
 To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/tags/c/help/sq/github-actions).
 
@@ -123,4 +139,4 @@ To provide feedback (requesting a feature or reporting a bug) please post on the
 
 The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License.
 
-Container images built with this project include third party materials.
+Container images built with this project include third-party materials.

cleanup.sh

@@ -2,7 +2,12 @@
 
 set -e
 
-_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1)
-PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file")
+# Reset all files permissions to the default Runner user and group to allow the follow up steps (mainly cache) to access all files.
 
-chown -R $PERM "${INPUT_PROJECTBASEDIR}/"
+# Assume that the first (non-hidden) file in the project directory is one from the project, and not one written by the scanner
+_tmp_file=$(ls "${INPUT_PROJECTBASEDIR%/}/" | head -1)
+echo "Reading permissions from $_tmp_file"
+PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR%/}/$_tmp_file")
+
+echo "Applying permissions $PERM to all files in the project base directory"
+chown -R $PERM "${INPUT_PROJECTBASEDIR%/}/"

entrypoint.sh

@@ -8,11 +8,6 @@ if [[ -z "${SONAR_TOKEN}" ]]; then
   echo "============================ WARNING ============================"
 fi
 
-if [[ -z "${SONAR_HOST_URL}" ]]; then
-  echo "This GitHub Action requires the SONAR_HOST_URL env variable."
-  exit 1
-fi
-
 if [[ -n "${SONAR_ROOT_CERT}" ]]; then
   echo "Adding custom root certificate to java certificate store"
   rm -f /tmp/tmpcert.pem
@@ -20,17 +15,22 @@ if [[ -n "${SONAR_ROOT_CERT}" ]]; then
   keytool -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias sonarqube -file /tmp/tmpcert.pem
 fi
 
-if [[ -f "${INPUT_PROJECTBASEDIR%/}pom.xml" ]]; then
-  echo "Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
-  exit 1
+if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
+  echo "WARNING! Maven project detected. Sonar recommends running the 'org.sonarsource.scanner.maven:sonar-maven-plugin:sonar' goal during the build process instead of using this GitHub Action
+  to get more accurate results."
 fi
 
-if [[ -f "${INPUT_PROJECTBASEDIR%/}build.gradle" ]]; then
-  echo "Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
-  exit 1
+if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle"  || -f "${INPUT_PROJECTBASEDIR%/}/build.gradle.kts" ]]; then
+  echo "WARNING! Gradle project detected. Sonar recommends using the SonarQube plugin for Gradle during the build process instead of using this GitHub Action
+  to get more accurate results."
+fi
+
+debug_flag=''
+if [[ "$RUNNER_DEBUG" == '1' ]]; then
+  debug_flag='--debug'
 fi
 
 unset JAVA_HOME
 
-sonar-scanner -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS}
+sonar-scanner $debug_flag -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS}
 

test/assertFileContains

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+error() { echo -e "\\e[31m✗ $*\\e[0m"; }
+
+assertFileExists $1
+
+if ! grep -q $2 $1; then
+  error "'$2' not found in '$1'"
+  exit 1
+fi

test/assertFileExists

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+error() { echo -e "\\e[31m✗ $*\\e[0m"; }
+
+if [ ! -f $1 ]; then
+  error "File '$1' not found"
+  exit 1
+fi

test/run-qa.sh

@@ -1,112 +0,0 @@
-#!/bin/bash
-
-# Helper functions for coloring output.
-info() { echo -e "\\e[36m$*\\e[0m"; }
-error() { echo -e "\\e[31m✗ $*\\e[0m"; }
-success() { echo -e "\\e[32m✔ $*\\e[0m"; }
-
-# Helper function to check if SonarQube is up and running.
-check_sq_is_up() {
-  local statusCall="$(curl --silent --user admin:admin http://127.0.0.1:9000/api/system/status)"
-  local status="$(jq -r '.status' <<< "$statusCall")"
-  if [[ ! $? -eq 0 ]]; then
-    error "Failed to check if SonarQube is up and running."
-    exit 1
-  fi
-  echo $status;
-}
-
-_current_perm=$(stat -c "%u:%g" $(pwd))
-
-info "Build scanner action..."
-docker build --no-cache -t sonarsource/sonarqube-scan-action .
-if [[ ! $? -eq 0 ]]; then
-  error "Failed to build the scanner action."
-  exit 1
-fi
-success "Scanner action built."
-
-info "Find the network SonarQube is running on..."
-network=$(docker network ls -f 'name=github_network' --format "{{.Name}}")
-if [[ $network != "github_network_"* ]]; then
-  error "Failed to find the local Docker network."
-  exit 1
-fi
-success "Found the network ($network)."
-
-info "Wait until SonarQube is up..."
-sleep 10
-isUp=$(check_sq_is_up)
-until [[ "$isUp" == "UP" ]]; do
-  sleep 1
-  isUp=$(check_sq_is_up)
-done
-success "SonarQube is up and running."
-
-info "Generate a new token..."
-tokenCall=$(curl --silent --user admin:admin -d "name=token" http://127.0.0.1:9000/api/user_tokens/generate)
-token="$(jq -r '.token' <<< "$tokenCall")"
-if [[ -z "$token" ]]; then
-  error "Failed to generate a new token."
-  exit 1
-fi
-success "New token generated."
-
-info "Test fail-fast if SONAR_TOKEN is omitted..."
-docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network sonarsource/sonarqube-scan-action
-if [[ $? -eq 0 ]]; then
-  error "Should have failed fast."
-  exit 1
-fi
-success "Correctly failed fast."
-
-info "Test fail-fast if SONAR_HOST_URL is omitted..."
-docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env SONAR_TOKEN=$token sonarsource/sonarqube-scan-action
-if [[ $? -eq 0 ]]; then
-  error "Should have failed fast."
-  exit 1
-fi
-success "Correctly failed fast."
-
-info "Test fail-fast on Gradle project..."
-pushd test/gradle-project/
-docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action
-if [[ $? -eq 0 ]]; then
-  error "Should have failed fast."
-  exit 1
-fi
-popd
-success "Correctly failed fast."
-
-info "Test fail-fast on Maven project..."
-pushd test/maven-project/
-docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action
-if [[ $? -eq 0 ]]; then
-  error "Should have failed fast."
-  exit 1
-fi
-popd
-success "Correctly failed fast."
-
-info "Analyze project..."
-cd test/example-project/
-docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env INPUT_PROJECTBASEDIR=/github/workspace --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action
-docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env INPUT_PROJECTBASEDIR=/github/workspace --entrypoint /cleanup.sh sonarsource/sonarqube-scan-action
-if [[ ! $? -eq 0 ]]; then
-  error "Couldn't run the analysis."
-  exit 1
-elif [[ ! -f ".scannerwork/report-task.txt" ]]; then
-  error "Couldn't find the report task file. Analysis failed."
-  exit 1
-elif [ ! "$(stat -c "%u:%g" ".scannerwork/report-task.txt")" == "$_current_perm" ]; then
-  error "File permissions differ from desired once"
-  error "desired: $_current_perm"
-  error "actual: $(stat -c "%u:%g" ".scannerwork/report-task.txt")"
-  exit 1
-fi
-success "Analysis successful."
-
-echo "" # new line
-echo "============================"
-echo "" # new line
-success "QA successful!"