SCSCANGHA-25 Replace the Docker action by a composite action forwarding to the SonarQube action

Author: antonioaversa

.github/workflows/qa.yml

@@ -11,7 +11,10 @@ jobs:
   argsInputTest:
     name: >
       'args' input
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -28,7 +31,10 @@ jobs:
   projectBaseDirInputTest:
     name: >
       'projectBaseDir' input
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -45,118 +51,51 @@ jobs:
       - name: Assert
         run: |
           ./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir"
-  sonarTokenRequiredTest:
+  scannerVersionTest:
     name: >
-      'SONAR_TOKEN' env var required
-    runs-on: ubuntu-latest
+      'scannerVersion' input
+    runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action without SONAR_TOKEN
+      - name: Run action with scannerVersion
         uses: ./
         with:
+          scannerVersion: 6.1.0.4477
           args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        continue-on-error: true
-      - name: Previous should have failed
-        if: ${{ steps.runTest.outcome == 'success'}}
-        run: |
-          echo "Expected previous step to fail"
-          exit 1
-  dontFailGradleTest:
-    name: >
-      Don't fail on Gradle project
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Gradle project
-        id: runTest
-        uses: ./
-        continue-on-error: true
         env:
-          SONAR_TOKEN: FAKE_TOKEN
-        with:
-          projectBaseDir: ./test/gradle-project
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
+          NO_CACHE: true # force install-sonar-scanner-cli.sh execution
+          SONAR_HOST_URL: http://not_actually_used
+          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
       - name: Assert
         run: |
-          ./test/assertFileExists ./output.properties
-  dontFailGradleKotlinTest:
+          ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.1.0.4477-linux-x64.zip"
+  scannerBinariesUrlTest:
     name: >
-      Don't fail on Kotlin Gradle project
-    runs-on: ubuntu-latest
+      'scannerBinariesUrl' input with invalid URL
+    runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
     steps:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Kotlin Gradle project
+      - name: Run action with scannerBinariesUrl
         id: runTest
         uses: ./
         continue-on-error: true
-        env:
-          SONAR_TOKEN: FAKE_TOKEN
         with:
-          projectBaseDir: ./test/gradle-project-kotlin
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-      - name: Assert
-        run: |
-          ./test/assertFileExists ./output.properties
-  dontFailMavenTest:
-    name: >
-      Don't fail on Maven project
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action on Maven project
-        id: runTest
-        uses: ./
-        continue-on-error: true
+          scannerVersion: 6.2.1.4610
+          scannerBinariesUrl: https://invalid_uri/Distribution/sonar-scanner-cli
         env:
-          SONAR_TOKEN: FAKE_TOKEN
-        with:
-          projectBaseDir: ./test/maven-project
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-      - name: Assert
-        run: |
-          ./test/assertFileExists ./output.properties
-  runnerDebugUsedTest:
-    name: >
-      'RUNNER_DEBUG' is used
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with debug mode
-        uses: ./
-        with:
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        env:
-          RUNNER_DEBUG: 1
-          SONAR_TOKEN: FAKE_TOKEN
-      - name: Assert
+          NO_CACHE: true # force install-sonar-scanner-cli.sh execution
+          SONAR_HOST_URL: http://not_actually_used
+          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
+      - name: Fail if action succeeded
+        if: steps.runTest.outcome == 'success'
+        run: exit 1
+      - name: Assert Sonar Scanner CLI was not downloaded
         run: |
-          ./test/assertFileContains ./output.properties "sonar.verbose=true"
-  overrideSonarcloudUrlTest:
-    name: >
-      'SONARCLOUD_URL' is used
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run action with SONARCLOUD_URL
-        uses: ./
-        with:
-          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
-        env:
-          SONARCLOUD_URL: mirror.sonarcloud.io
-          SONAR_TOKEN: FAKE_TOKEN
-      - name: Assert
+          ./test/assertFileDoesntExist "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip"
+      - name: Assert Sonar Scanner CLI was not executed
         run: |
-          ./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io"
-          ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"
+          ./test/assertFileDoesntExist ./output.properties

Dockerfile

@@ -81,6 +81,14 @@ In case you need to add additional analysis parameters, you can use the `args` o
 More information about possible analysis parameters is found in the documentation at:
 https://docs.sonarcloud.io/advanced-setup/analysis-parameters
 
+In case you need to specify the version of the Sonar Scanner, you can use the `scannerVersion` option:
+
+```yaml
+uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
+with:
+  scannerVersion: 6.2.0.4584
+```
+
 See also example configurations at:
 https://github.com/sonarsource/sonarcloud-github-action-samples/
 
@@ -114,14 +122,11 @@ Want to see more examples of SonarCloud in action? You can [explore current Open
 * Your code is built with Gradle: use the SonarQube plugin for Gradle during the build
 * You want to analyze a .NET solution: Follow our interactive tutorial for GitHub Actions after importing your project directly into SonarCloud
 * You want to analyze C and C++ code: rely on our [SonarCloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) and look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=)
-* You want to analyze Dart code: use [SonarScanner CLI](https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-cli/) during the build
 
 ## Have questions or feedback?
 
 To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/) with the tag `sonarcloud`.
 
 ## License
 
-The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License.
-
 Container images built with this project include third-party materials.

README.md

@@ -1,20 +1,38 @@
 name: SonarCloud Scan
 description: >
-  Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells
-  in 26+ programming languages.
+  Scan your code with SonarQube Cloud to detect coding issues in 30+ 
+  languages, frameworks, and IaC platforms. 
+  The solution also provides fix recommendations leveraging AI with 
+  Sonar's AI CodeFix capability. (Formerly SonarCloud)
 branding:
   icon: check
   color: green
-runs:
-  using: docker
-  image: Dockerfile
-  entrypoint: "/entrypoint.sh"
-  post-entrypoint: "/cleanup.sh"
 inputs:
   args:
-    description: Additional arguments to the sonarcloud scanner
+    description: Additional arguments to the Sonar Scanner CLI
     required: false
   projectBaseDir:
     description: Set the sonar.projectBaseDir analysis property
     required: false
-    default: .
+  scannerVersion:
+    description: Version of the Sonar Scanner CLI to use
+    required: false
+    default: 6.2.1.4610
+  scannerBinariesUrl:
+    description: URL to download the Sonar Scanner CLI binaries from
+    required: false
+    default: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
+runs:
+  using: "composite"
+  steps:
+    - name: Deprecation warning
+      shell: bash
+      run: |
+        echo "::warning title=SonarScanner::This action is deprecated and will be removed in a future release. Please use the sonarqube-scan-action action instead. The sonarqube-scan-action is a drop-in replacement for this action."
+    - name: SonarQube Cloud Scan
+      uses: SonarSource/sonarqube-scan-action@v4.1.0
+      with:
+        args: ${{ inputs.args }}
+        projectBaseDir: ${{ inputs.projectBaseDir }}
+        scannerVersion: ${{ inputs.scannerVersion }}
+        scannerBinariesUrl: ${{ inputs.scannerBinariesUrl }}

action.yml

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+error() { echo -e "\\e[31m✗ $*\\e[0m"; }
+
+if [ -f $1 ]; then
+  error "File '$1' found"
+  exit 1
+fi