SQSCANGHA-98 Update SonarScanner CLI to 7.2.0.5079 (#196)

Co-authored-by: SonarTech <sonartech@sonarsource.com>

.github/CODEOWNERS

@@ -1 +1 @@
-.github/CODEOWNERS @sonarsource/orchestration-processing-squad
+.github/* @sonarsource/orchestration-processing-squad

.github/workflows/PullRequestClosed.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   PullRequestClosed_job:
     name: Pull Request Closed
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     permissions:
       id-token: write
       pull-requests: read

.github/workflows/PullRequestCreated.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   PullRequestCreated_job:
     name: Pull Request Created
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     permissions:
       id-token: write
     # For external PR, ticket should be created manually

.github/workflows/RequestReview.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   RequestReview_job:
     name: Request review
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     permissions:
       id-token: write
     # For external PR, ticket should be moved manually

.github/workflows/SubmitReview.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   SubmitReview_job:
     name: Submit Review
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     permissions:
       id-token: write
       pull-requests: read

.github/workflows/qa-deprecated-c-cpp.yml

@@ -12,7 +12,7 @@ jobs:
     name: Action outputs
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13]
         cache: [true, false]
         include:
           - arch: X64

.github/workflows/qa-install-build-wrapper.yml

@@ -12,7 +12,7 @@ jobs:
     name: Action outputs
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13]
         cache: [true, false]
         include:
           - arch: X64

.github/workflows/qa-main.yml

@@ -11,12 +11,15 @@ jobs:
   noInputsTest:
     name: >
       No inputs
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ ubuntu-latest-large, macos-latest ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with args
+      - name: Run action without args
         uses: ./
         env:
           SONAR_HOST_URL: http://not_actually_used
@@ -29,7 +32,7 @@ jobs:
       'args' input
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
+        os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -51,7 +54,7 @@ jobs:
       'args' input with command injection will fail
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
+        os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -76,7 +79,7 @@ jobs:
       'projectBaseDir' input
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
+        os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -97,7 +100,7 @@ jobs:
   scannerVersionTest:
     name: >
       'scannerVersion' input
-    runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
+    runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
@@ -117,7 +120,7 @@ jobs:
   scannerBinariesUrlTest:
     name: >
       'scannerBinariesUrl' input with invalid URL
-    runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
+    runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
@@ -145,7 +148,7 @@ jobs:
   scannerBinariesUrlIsEscapedWithWget:
     name: >
       'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -166,7 +169,7 @@ jobs:
   scannerBinariesUrlIsEscapedWithCurl:
     name: >
       'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -195,7 +198,7 @@ jobs:
   dontFailGradleTest:
     name: >
       Don't fail on Gradle project
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -216,7 +219,7 @@ jobs:
   dontFailGradleKotlinTest:
     name: >
       Don't fail on Kotlin Gradle project
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -237,7 +240,7 @@ jobs:
   dontFailMavenTest:
     name: >
       Don't fail on Maven project
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -256,7 +259,7 @@ jobs:
         run: |
           ./test/assertFileExists ./output.properties
   runAnalysisTest:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     services:
       sonarqube:
         image: sonarqube:lts-community
@@ -291,7 +294,7 @@ jobs:
       'RUNNER_DEBUG' is used
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
+        os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -309,7 +312,7 @@ jobs:
         run: |
           ./test/assertFileContains ./output.properties "sonar.verbose=true"
   runAnalysisWithCacheTest:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     services:
       sonarqube:
         image: sonarqube:lts-community
@@ -350,7 +353,7 @@ jobs:
       'SONARCLOUD_URL' is used
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
+        os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -369,7 +372,7 @@ jobs:
           ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io" 
   dontFailWhenMissingWgetButCurlAvailable:
     name: Don't fail when missing wget but curl available
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -395,7 +398,7 @@ jobs:
           ./test/assertFileExists ./output.properties
   dontFailWhenMissingCurlButWgetAvailable:
     name: Don't fail when missing curl but wget available
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -422,7 +425,7 @@ jobs:
           ./test/assertFileExists ./output.properties
   failWhenBothWgetAndCurlMissing:
     name: Fail when both wget and curl are missing
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -455,7 +458,7 @@ jobs:
   curlPerformsRedirect:
     name: >
       curl performs redirect when scannerBinariesUrl returns 3xx
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -489,7 +492,7 @@ jobs:
       'SONAR_ROOT_CERT' is converted to truststore
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
+        os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -541,7 +544,7 @@ jobs:
   analysisWithSslCertificate:
     name: >
       Analysis takes into account 'SONAR_ROOT_CERT'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -649,7 +652,7 @@ jobs:
   overridesScannerLocalFolderWhenPresent: # can happen in uncleaned self-hosted runners
     name: >
       'SCANNER_LOCAL_FOLDER' is cleaned with warning when present
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -683,7 +686,7 @@ jobs:
   updateTruststoreWhenPresent: # can happen in uncleaned self-hosted runners
     name: >
       truststore.p12 is updated when present
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -812,7 +815,7 @@ jobs:
   scannerVersionValidationTest:
     name: >
       'scannerVersion' input validation
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/qa-scripts.yml

@@ -10,7 +10,7 @@ on:
 jobs:
   create-install-dir-test:
     name: create_install_path.sh
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -107,7 +107,7 @@ jobs:
           grep "=== Script failed ===" output
   setup-script-test:
     name: configure_paths.sh
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     env:
       INSTALL_PATH: 'install-directory'
       SONAR_HOST_URL: 'http://sonar-host.com'
@@ -250,7 +250,7 @@ jobs:
           grep "=== Script failed ===" output
   download-script-test:
     name: download.sh
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:
@@ -319,7 +319,7 @@ jobs:
           grep "=== Script failed ===" output
   fetch-latest-version-test:
     name: fetch_latest_version.sh
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/update-tags.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   generate:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     permissions:
       contents: write
 

.github/workflows/version_update.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   check-version:
     name: Check for sonar-scanner version update
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     outputs:
       should_update: ${{ steps.version-check.outputs.should_update }}
       latest_version: ${{ steps.latest-version.outputs.latest }}
@@ -45,7 +45,7 @@ jobs:
   update-version:
     name: Prepare pull request for sonar-scanner version update
     needs: check-version
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-large
     permissions:
       contents: write
       pull-requests: write

action.yml

@@ -17,7 +17,7 @@ inputs:
     description: Version of the Sonar Scanner CLI to use
     required: false
     # to be kept in sync with sonar-scanner-version
-    default: 7.1.0.4889
+    default: 7.2.0.5079
   scannerBinariesUrl:
     description: URL to download the Sonar Scanner CLI binaries from
     required: false

scripts/cert.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 if [[ -n "${SONAR_ROOT_CERT}" ]]; then
   echo "Adding custom root certificate to java certificate store"

scripts/configure_paths.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 if [[ ${ARCH} != "X64" && ! (${ARCH} == "ARM64" && (${OS} == "macOS" || ${OS} == "Linux")) ]]; then
   echo "::error::Architecture '${ARCH}' is unsupported by build-wrapper"

scripts/create_install_path.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 source "$(dirname -- "$0")/utils.sh"
 

scripts/download.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 source "$(dirname -- "$0")/utils.sh"
 

scripts/fetch_latest_version.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 source "$(dirname -- "$0")/utils.sh"
 

scripts/install-sonar-scanner-cli.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eou pipefail
 

scripts/run-sonar-scanner-cli.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eo pipefail
 
@@ -77,5 +77,5 @@ scanner_args+=("$@")
 
 set -ux
 
-$SCANNER_BIN "${scanner_args[@]}"
+$SCANNER_BIN ${scanner_args[@]+"${scanner_args[@]}"}
 

scripts/sanity-checks.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eo pipefail
 

scripts/utils.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_status() {
   exit_status=$?

sonar-scanner-version

@@ -1,11 +1,11 @@
-sonar-scanner-version=7.1.0.4889
-sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-windows-x64.zip
-sonar-scanner-sha-windows-x64=64c5154d3d924eb2e03386f10eecb3ec4132298e2c1bf0b60a0d0195cd51a555
-sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip
-sonar-scanner-sha-linux-x64=b4d2a001d65b489f9effe1ea8a78495db1b152f124d7f7b058aad8651c7e1484
-sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-aarch64.zip
-sonar-scanner-sha-linux-aarch64=7948ccde77843829b87d41815ead669486f681cd38b0b0893006083a9b6f6b5c
-sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-x64.zip
-sonar-scanner-sha-macosx-x64=08ad1e75994d91a17016ce55248d0827b62a757b263917234ea2d89bee8f136d
-sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-aarch64.zip
-sonar-scanner-sha-macosx-aarch64=9ad8c5da9e9665c065328b86adb3f33ef43801347ecb3ff1ec27d598ac37b449
+sonar-scanner-version=7.2.0.5079
+sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-windows-x64.zip
+sonar-scanner-sha-windows-x64=71936f352206b63cb05ffbcd68e366e52d22916148cf4a2418789bc776f733ea
+sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-x64.zip
+sonar-scanner-sha-linux-x64=da9f4e64a3d555f08ce38b5469ebd91fe2b311af473f7001a5ee5c1fd58b004b
+sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-aarch64.zip
+sonar-scanner-sha-linux-aarch64=803ca725d463e95eeb7537515706367bb8e52bf05ac32174daf9773bdb36d1e2
+sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-x64.zip
+sonar-scanner-sha-macosx-x64=7b9e92248ca740fff41503bfe5459c460bac43c501d80043cc4fbebb72dfc5fa
+sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-aarch64.zip
+sonar-scanner-sha-macosx-aarch64=c8adb3fbfe5485c17de193a217be765b66cbc10d6540057655afa3c3b5be6f61

test/assertFileContains

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eou pipefail
 

test/assertFileDoesntExist

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eou pipefail
 

test/assertFileExists

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eou pipefail