Add debug logs

.cirrus/wss-unified-agent.config

@@ -0,0 +1,4 @@
+docker.projectNameFormat=repositoryNameAndTag
+docker.scanImages=true
+wss.url=https://saas-eu.whitesourcesoftware.com/agent
+productName=GitHubAction/SonarQubeScanAction

.github/workflows/PullRequestClosed.yml

@@ -5,8 +5,8 @@ on:
     types: [closed]
 
 jobs:
-  PullRequestClosed_job:
-    name: Pull Request Closed
+  PullRequestMerged_job:
+    name: Pull Request Merged
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -14,6 +14,7 @@ jobs:
     # For external PR, ticket should be moved manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
+        && github.event.pull_request.merged
     steps:
       - id: secrets
         uses: SonarSource/vault-action-wrapper@v3

.github/workflows/qa-main.yml

@@ -38,39 +38,13 @@ jobs:
       - name: Run action with args
         uses: ./
         with:
-          args: -Dsonar.someArg=aValue -Dsonar.anotherArgWithSpaces="Another Value"
+          args: -Dsonar.someArg=aValue -Dsonar.scanner.internal.dumpToFile=./output.properties
         env:
           SONAR_HOST_URL: http://not_actually_used
           SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
       - name: Assert
         run: |
           ./test/assertFileContains ./output.properties "sonar.someArg=aValue"
-          ./test/assertFileContains ./output.properties "sonar.anotherArgWithSpaces=Another Value"
-  argsInputInjectionTest:
-    name: >
-      'args' input with command injection will fail
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with args
-        uses: ./
-        continue-on-error: true
-        with:
-          args: -Dsonar.someArg=aValue && echo "Injection"
-        env:
-          SONAR_HOST_URL: http://not_actually_used
-          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
-      - name: Fail if action succeeded
-        if: steps.runTest.outcome == 'success'
-        run: exit 1
-      - name: Assert the scanner was not called
-        run: |
-          ./test/assertFileDoesntExist ./output.properties
   projectBaseDirInputTest:
     name: >
       'projectBaseDir' input
@@ -359,7 +333,7 @@ jobs:
       - name: Run action with SONARCLOUD_URL
         uses: ./
         with:
-          args: -Dsonar.scanner.apiBaseUrl=api.mirror.sonarcloud.io -Dsonar.scanner.internal.dumpToFile=./output.properties
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
         env:
           SONARCLOUD_URL: mirror.sonarcloud.io
           SONAR_TOKEN: FAKE_TOKEN
@@ -475,8 +449,8 @@ jobs:
         id: runTest
         uses: ./
         with:
-          scannerVersion: 6.2.1.4610
           scannerBinariesUrl: http://localhost:8080/clientRedirectToSonarBinaries
+          scannerVersion: 6.2.1.4610
         env:
           NO_CACHE: true
           SONAR_HOST_URL: http://not_actually_used
@@ -577,7 +551,7 @@ jobs:
           SONAR_ROOT_CERT: ${{ env.SONAR_ROOT_CERT_VALID }}
           SONAR_HOST_URL: https://localhost:4443
         with:
-          args: -Dsonar.login=admin -Dsonar.password=admin
+          args: -X -Dsonar.login=admin -Dsonar.password=admin
           projectBaseDir: ./test/example-project
       - name: Clear imported SSL certificates
         run: |
@@ -809,26 +783,3 @@ jobs:
           [ -f "$SONAR_SSL_FOLDER/truststore.p12" ] || exit 1
           TRUSTSTORE_P12_MOD_TIME_T3=$(stat -c %Y "$SONAR_SSL_FOLDER/truststore.p12")
           [ "$TRUSTSTORE_P12_MOD_TIME_T2" != "$TRUSTSTORE_P12_MOD_TIME_T3" ] || exit 1
-  scannerVersionValidationTest:
-    name: >
-      'scannerVersion' input validation
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with invalid scannerVersion
-        id: invalid_version
-        uses: ./
-        continue-on-error: true
-        with:
-          scannerVersion: "7.1.0-SNAPSHOT"
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        env:
-          NO_CACHE: true
-          SONAR_HOST_URL: http://not_actually_used
-      - name: Assert failure of previous step
-        if: steps.invalid_version.outcome == 'success'
-        run: |
-          echo "Action with invalid scannerVersion should have failed but succeeded"
-          exit 1

.github/workflows/update-tags.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Parse semver
-        uses: madhead/semver-utils@36d1e0ed361bd7b4b77665de8093092eaeabe6ba # v4.3.0
+        uses: madhead/semver-utils@v4
         id: version
         with:
           version: ${{ github.ref_name }}

.github/workflows/version_update.yml

@@ -5,15 +5,15 @@ on:
     - cron: '15 10 * * *'
 
 jobs:
-  check-version:
-    name: Check for sonar-scanner version update
+  update-version:
+    name: Prepare pull request for sonar-scanner version update
     runs-on: ubuntu-latest
-    outputs:
-      should_update: ${{ steps.version-check.outputs.should_update }}
-      latest_version: ${{ steps.latest-version.outputs.latest }}
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - run: sudo apt install -y jq
-      - run: sudo snap install yq
+
       - uses: actions/checkout@v4
         with:
           ref: master
@@ -25,50 +25,25 @@ jobs:
         shell: bash
         run: cat sonar-scanner-version >> $GITHUB_OUTPUT
 
-      - name: "Fetch latest sonar-scanner version"
+      - name: "Fetch lastest sonar-scanner version"
         id: latest-version
         shell: bash
         run: |
           ./scripts/fetch_latest_version.sh > sonar-scanner-version
-          echo "latest=$(cat sonar-scanner-version)" >> $GITHUB_OUTPUT
+          cat sonar-scanner-version >> $GITHUB_OUTPUT
 
-      - name: "Determine if update is needed"
-        id: version-check
-        shell: bash
-        run: |
-          if [[ "${{ steps.tagged-version.outputs.sonar-scanner-version }}" != "${{ steps.latest-version.outputs.latest }}" ]]; then
-            echo "should_update=true" >> $GITHUB_OUTPUT
-          else
-            echo "should_update=false" >> $GITHUB_OUTPUT
-          fi
-
-  update-version:
-    name: Prepare pull request for sonar-scanner version update
-    needs: check-version
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    if: needs.check-version.outputs.should_update == 'true'
-    steps:
-      - name: "Update default version"
-        shell: bash
-        env:
-          NEW_VERSION: ${{ needs.check-version.outputs.latest-version }}
-        run: |
-           yq -i '.inputs.scannerVersion.default = strenv(NEW_VERSION)' action.yml
       - name: "Create Pull Request for version update"
+        if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version
         shell: bash
         env:
-          UPDATE_BRANCH: update-to-sonar-scanner-${{ needs.check-version.outputs.latest-version }}
-          TITLE: "Update SonarScanner CLI to ${{ needs.check-version.outputs.latest-version }}"
+          UPDATE_BRANCH: update-to-sonar-scanner-${{ steps.latest-version.outputs.sonar-scanner-version }}
+          TITLE: "Update SonarScanner CLI to ${{ steps.latest-version.outputs.sonar-scanner-version }}"
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           git config --global user.name "SonarTech"
           git config --global user.email "sonartech@sonarsource.com"
           git checkout -b ${UPDATE_BRANCH}
           git add sonar-scanner-version
-          git add action.yml
           git commit -m "${TITLE}"
           git push --force-with-lease origin ${UPDATE_BRANCH}
           gh pr list

README.md

@@ -104,7 +104,7 @@ jobs:
     - name: Install Build Wrapper
       uses: SonarSource/sonarqube-scan-action/install-build-wrapper@<action version>
       env:
-        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
     - name: Run Build Wrapper
       run: |
         # Here goes your compilation wrapped with Build Wrapper
@@ -115,7 +115,7 @@ jobs:
       uses: SonarSource/sonarqube-scan-action@<action version>
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
         SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
       with:
         # Consult https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options

action.yml

@@ -1,8 +1,8 @@
 name: Official SonarQube Scan
 # Warning: changing name would change URL in the marketplace
 description: >
-  Scan your code with SonarQube Server and Cloud to detect issues in 30+ languages. (Formerly SonarQube and SonarCloud)
-
+  Scan your code with SonarQube Server and Cloud to detect 
+  issues in 30+ languages. (Formerly SonarQube and SonarCloud)
 branding:
   icon: check
   color: green
@@ -17,7 +17,7 @@ inputs:
     description: Version of the Sonar Scanner CLI to use
     required: false
     # to be kept in sync with sonar-scanner-version
-    default: 7.1.0.4889
+    default: 7.0.1.4817
   scannerBinariesUrl:
     description: URL to download the Sonar Scanner CLI binaries from
     required: false
@@ -30,7 +30,6 @@ runs:
       shell: bash
       env:
         INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
-        INPUT_SCANNERVERSION: ${{ inputs.scannerVersion }}
     - name: Load Sonar Scanner CLI from cache
       id: sonar-scanner-cli
       uses: actions/cache@v4
@@ -51,10 +50,7 @@ runs:
       run: echo "${RUNNER_TEMP}/sonar-scanner-cli-${{ inputs.scannerVersion }}-${{ runner.os }}-${{ runner.arch }}/bin" >> $GITHUB_PATH
       shell: bash
     - name: Run SonarScanner
-      run: |
-        args=(${{ inputs.args }})
-        cmd=(${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner-cli.sh "${args[@]}")
-        "${cmd[@]}"
+      run: ${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner-cli.sh ${{ inputs.args }}
       shell: bash
       env:
         INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}

scripts/sanity-checks.sh

@@ -2,11 +2,6 @@
 
 set -eo pipefail
 
-if [[ ! "${INPUT_SCANNERVERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-  echo "::error title=SonarScanner::Invalid scannerVersion format. Expected format: x.y.z.w (e.g., 7.1.0.4889)"
-  exit 1
-fi
-
 if [[ -z "${SONAR_TOKEN}" ]]; then
   echo "::warning title=SonarScanner::Running this GitHub Action without SONAR_TOKEN is not recommended"
 fi

sonar-scanner-version

@@ -1,11 +1,11 @@
-sonar-scanner-version=7.1.0.4889
-sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-windows-x64.zip
-sonar-scanner-sha-windows-x64=64c5154d3d924eb2e03386f10eecb3ec4132298e2c1bf0b60a0d0195cd51a555
-sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip
-sonar-scanner-sha-linux-x64=b4d2a001d65b489f9effe1ea8a78495db1b152f124d7f7b058aad8651c7e1484
-sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-aarch64.zip
-sonar-scanner-sha-linux-aarch64=7948ccde77843829b87d41815ead669486f681cd38b0b0893006083a9b6f6b5c
-sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-x64.zip
-sonar-scanner-sha-macosx-x64=08ad1e75994d91a17016ce55248d0827b62a757b263917234ea2d89bee8f136d
-sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-aarch64.zip
-sonar-scanner-sha-macosx-aarch64=9ad8c5da9e9665c065328b86adb3f33ef43801347ecb3ff1ec27d598ac37b449
+sonar-scanner-version=7.0.1.4817
+sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-windows-x64.zip
+sonar-scanner-sha-windows-x64=6b523587567af4170a4e0e0d02053d4a3f117e6612a11a4382ae45211b82383f
+sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-linux-x64.zip
+sonar-scanner-sha-linux-x64=b0643348eed1ec808d8c9b35b34bdf953ed9788978c38b32c577960bbef0a7f8
+sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-linux-aarch64.zip
+sonar-scanner-sha-linux-aarch64=f1def4b7f8fe5839ab185eee7e493551ed1bd5534707f8e02933579e2315ffaa
+sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-macosx-x64.zip
+sonar-scanner-sha-macosx-x64=820100498148433db0674da3156eca5974e1b4f7dfc073d41df1f3ff49cd9b33
+sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.1.4817-macosx-aarch64.zip
+sonar-scanner-sha-macosx-aarch64=4903800165c59890b9859a212054bd55d0eb2a5682ce377fad70560be4b833f0

test/assertFileContains

@@ -1,14 +1,10 @@
 #!/bin/bash
 
-set -eou pipefail
-
 error() { echo -e "\\e[31m✗ $*\\e[0m"; }
 
-scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+assertFileExists $1
 
-$scriptDir/assertFileExists "$1"
-
-if ! grep -q "$2" "$1"; then
+if ! grep -q $2 $1; then
   error "'$2' not found in '$1'"
   exit 1
 fi

test/assertFileDoesntExist

@@ -1,10 +1,8 @@
 #!/bin/bash
 
-set -eou pipefail
-
 error() { echo -e "\\e[31m✗ $*\\e[0m"; }
 
-if [ -f "$1" ]; then
+if [ -f $1 ]; then
   error "File '$1' found"
   exit 1
 fi

test/assertFileExists

@@ -1,10 +1,8 @@
 #!/bin/bash
 
-set -eou pipefail
-
 error() { echo -e "\\e[31m✗ $*\\e[0m"; }
 
-if [ ! -f "$1" ]; then
+if [ ! -f $1 ]; then
   error "File '$1' not found"
   exit 1
 fi