SQSCANGHA-40 Restore permission fix for files in the project basedir

This reverts commit 16be80a080.

.github/workflows/qa.yml

@@ -19,13 +19,12 @@ jobs:
       - name: Run action with args
         uses: ./
         with:
-          args: >-
+          args: -Dsonar.someArg=aValue -Dsonar.scanner.dumpToFile=./output.properties
-            "-Dsonar.someArg=a value with spaces" -Dsonar.scanner.dumpToFile=./output.properties
         env:
           SONAR_HOST_URL: http://not_actually_used
       - name: Assert
         run: |
-          ./test/assertFileContains ./output.properties "sonar.someArg=a value with spaces"
+          ./test/assertFileContains ./output.properties "sonar.someArg=aValue"
   projectBaseDirInputTest:
     name: >
       'projectBaseDir' input
@@ -154,3 +153,40 @@ jobs:
       - name: Assert
         run: |
           ./test/assertFileContains ./output.properties "sonar.verbose=true"
+  runAnalysisWithCacheTest:
+    runs-on: ubuntu-latest
+    services:
+      sonarqube:
+        image: sonarqube:lts-community
+        ports:
+          - 9000:9000
+        volumes:
+          - sonarqube_data:/opt/sonarqube/data
+          - sonarqube_logs:/opt/sonarqube/logs
+          - sonarqube_extensions:/opt/sonarqube/extensions
+        options: >-
+          --health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: SonarQube Cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ github.workspace }}/.sonar/cache
+          key: ${{ runner.os }}-sonar
+      - name: Run action on sample project
+        id: runTest
+        uses: ./
+        env:
+          SONAR_HOST_URL: http://sonarqube:9000
+          SONAR_USER_HOME: ${{ github.workspace }}/.sonar
+        with:
+          args: -Dsonar.login=admin -Dsonar.password=admin
+          projectBaseDir: ./test/example-project
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt

README.md

@@ -54,7 +54,7 @@ jobs:
       uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
 ```
 
 If your source code file names contain special characters that are not covered by the locale range of `en_US.UTF-8`, you can configure your desired locale like this:
@@ -64,7 +64,7 @@ If your source code file names contain special characters that are not covered b
       uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
         LC_ALL: "ru_RU.UTF-8"
 ```
 
@@ -75,7 +75,7 @@ If your SonarQube server uses a self-signed certificate, you can pass a root cer
       uses: sonarsource/sonarqube-scan-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
         SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
 ```
 
@@ -106,7 +106,7 @@ More information about possible analysis parameters can be found in [the documen
 ### Environment variables
 
 - `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens [here](https://docs.sonarqube.org/latest/user-guide/user-token/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
-- `SONAR_HOST_URL` – **Required** this tells the scanner where SonarQube is hosted. You can set the `SONAR_HOST_URL` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
+- `SONAR_HOST_URL` – **Required** this tells the scanner where SonarQube is hosted. You can set the `SONAR_HOST_URL` environment variable in the "Variables" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
 - `SONAR_ROOT_CERT` – Holds an additional root certificate (in PEM format) that is used to validate the SonarQube server certificate. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
 
 ## Alternatives for Java, .NET, and C/C++ projects
@@ -116,7 +116,7 @@ This GitHub Action will not work for all technologies. If you are in one of the
 * Your code is built with Maven. Read the documentation about our [Scanner for Maven](https://redirect.sonarsource.com/doc/install-configure-scanner-maven.html).
 * Your code is built with Gradle. Read the documentation about our [Scanner for Gradle](https://redirect.sonarsource.com/doc/gradle.html).
 * You want to analyze a .NET solution. Read the documentation about our [Scanner for .NET](https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html).
-* You want to analyze C/C++ code. Use the [SonarQube C and C++](https://github.com/SonarSource/sonarqube-github-c-cpp) GitHub Action.
+* You want to analyze C or C++ code. Starting from SonarQube 10.6, this GitHub Action will scan C and C++ out of the box. If you want to have better control over the scan configuration/setup, you can switch to the [SonarQube C and C++](https://github.com/SonarSource/sonarqube-github-c-cpp) GitHub Action.
 
 ## Error cleaning up workspace
 

cleanup.sh

@@ -2,12 +2,12 @@
 
 set -e
 
-if [ ! -d "${INPUT_PROJECTBASEDIR%/}/.scannerwork" ]; then
+# Reset all files permissions to the default Runner user and group to allow the follow up steps (mainly cache) to access all files.
-    echo ".scannerwork directory not found; nothing to clean up."
-    exit
-fi
 
+# Assume that the first (non-hidden) file in the project directory is one from the project, and not one written by the scanner
 _tmp_file=$(ls "${INPUT_PROJECTBASEDIR%/}/" | head -1)
+echo "Reading permissions from $_tmp_file"
 PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR%/}/$_tmp_file")
 
-chown -R $PERM "${INPUT_PROJECTBASEDIR%/}/.scannerwork/"
+echo "Applying permissions $PERM to all files in the project base directory"
+chown -R $PERM "${INPUT_PROJECTBASEDIR%/}/"

entrypoint.sh

@@ -32,6 +32,5 @@ fi
 
 unset JAVA_HOME
 
-eval "args=(${INPUT_ARGS})"
+sonar-scanner $debug_flag -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS}
-sonar-scanner $debug_flag "-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR}" "${args[@]}"