diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e182dab..8076591 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -.github/CODEOWNERS @sonarsource/orchestration-processing-squad +.github/* @sonarsource/orchestration-processing-squad diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index 77bf0e1..dd54f81 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -7,7 +7,7 @@ on: jobs: PullRequestClosed_job: name: Pull Request Closed - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large permissions: id-token: write pull-requests: read diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index 895ba78..d532c22 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -7,7 +7,7 @@ on: jobs: PullRequestCreated_job: name: Pull Request Created - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large permissions: id-token: write # For external PR, ticket should be created manually diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 5eac0d5..5e74c2b 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -7,7 +7,7 @@ on: jobs: RequestReview_job: name: Request review - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large permissions: id-token: write # For external PR, ticket should be moved manually diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index d5f22e6..763ca30 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -7,7 +7,7 @@ on: jobs: SubmitReview_job: name: Submit Review - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large permissions: id-token: write pull-requests: read diff --git a/.github/workflows/qa-deprecated-c-cpp.yml b/.github/workflows/qa-deprecated-c-cpp.yml index 8ab16d5..d787e30 100644 --- a/.github/workflows/qa-deprecated-c-cpp.yml +++ b/.github/workflows/qa-deprecated-c-cpp.yml @@ -12,7 +12,7 @@ jobs: name: Action outputs strategy: matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-13] + os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13] cache: [true, false] include: - arch: X64 diff --git a/.github/workflows/qa-install-build-wrapper.yml b/.github/workflows/qa-install-build-wrapper.yml index 793ae05..35e0eff 100644 --- a/.github/workflows/qa-install-build-wrapper.yml +++ b/.github/workflows/qa-install-build-wrapper.yml @@ -12,7 +12,7 @@ jobs: name: Action outputs strategy: matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-13] + os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13] cache: [true, false] include: - arch: X64 diff --git a/.github/workflows/qa-main.yml b/.github/workflows/qa-main.yml index 1a56855..4a78ea9 100644 --- a/.github/workflows/qa-main.yml +++ b/.github/workflows/qa-main.yml @@ -11,12 +11,15 @@ jobs: noInputsTest: name: > No inputs - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest-large, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - - name: Run action with args + - name: Run action without args uses: ./ env: SONAR_HOST_URL: http://not_actually_used @@ -29,7 +32,7 @@ jobs: 'args' input strategy: matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] + os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -51,7 +54,7 @@ jobs: 'args' input with command injection will fail strategy: matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] + os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -76,7 +79,7 @@ jobs: 'projectBaseDir' input strategy: matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] + os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -97,7 +100,7 @@ jobs: scannerVersionTest: name: > 'scannerVersion' input - runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64 + runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64 steps: - uses: actions/checkout@v4 with: @@ -117,7 +120,7 @@ jobs: scannerBinariesUrlTest: name: > 'scannerBinariesUrl' input with invalid URL - runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64 + runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64 steps: - uses: actions/checkout@v4 with: @@ -145,7 +148,7 @@ jobs: scannerBinariesUrlIsEscapedWithWget: name: > 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -166,7 +169,7 @@ jobs: scannerBinariesUrlIsEscapedWithCurl: name: > 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -195,7 +198,7 @@ jobs: dontFailGradleTest: name: > Don't fail on Gradle project - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -216,7 +219,7 @@ jobs: dontFailGradleKotlinTest: name: > Don't fail on Kotlin Gradle project - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -237,7 +240,7 @@ jobs: dontFailMavenTest: name: > Don't fail on Maven project - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -256,7 +259,7 @@ jobs: run: | ./test/assertFileExists ./output.properties runAnalysisTest: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large services: sonarqube: image: sonarqube:lts-community @@ -291,7 +294,7 @@ jobs: 'RUNNER_DEBUG' is used strategy: matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] + os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -309,7 +312,7 @@ jobs: run: | ./test/assertFileContains ./output.properties "sonar.verbose=true" runAnalysisWithCacheTest: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large services: sonarqube: image: sonarqube:lts-community @@ -350,7 +353,7 @@ jobs: 'SONARCLOUD_URL' is used strategy: matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] + os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -369,7 +372,7 @@ jobs: ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io" dontFailWhenMissingWgetButCurlAvailable: name: Don't fail when missing wget but curl available - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -395,7 +398,7 @@ jobs: ./test/assertFileExists ./output.properties dontFailWhenMissingCurlButWgetAvailable: name: Don't fail when missing curl but wget available - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -422,7 +425,7 @@ jobs: ./test/assertFileExists ./output.properties failWhenBothWgetAndCurlMissing: name: Fail when both wget and curl are missing - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -455,7 +458,7 @@ jobs: curlPerformsRedirect: name: > curl performs redirect when scannerBinariesUrl returns 3xx - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -489,7 +492,7 @@ jobs: 'SONAR_ROOT_CERT' is converted to truststore strategy: matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] + os: [ ubuntu-latest-large, windows-latest-large, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -541,7 +544,7 @@ jobs: analysisWithSslCertificate: name: > Analysis takes into account 'SONAR_ROOT_CERT' - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -649,7 +652,7 @@ jobs: overridesScannerLocalFolderWhenPresent: # can happen in uncleaned self-hosted runners name: > 'SCANNER_LOCAL_FOLDER' is cleaned with warning when present - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -683,7 +686,7 @@ jobs: updateTruststoreWhenPresent: # can happen in uncleaned self-hosted runners name: > truststore.p12 is updated when present - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -812,7 +815,7 @@ jobs: scannerVersionValidationTest: name: > 'scannerVersion' input validation - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -831,4 +834,4 @@ jobs: if: steps.invalid_version.outcome == 'success' run: | echo "Action with invalid scannerVersion should have failed but succeeded" - exit 1 \ No newline at end of file + exit 1 diff --git a/.github/workflows/qa-scripts.yml b/.github/workflows/qa-scripts.yml index 74d8691..0ca894f 100644 --- a/.github/workflows/qa-scripts.yml +++ b/.github/workflows/qa-scripts.yml @@ -10,7 +10,7 @@ on: jobs: create-install-dir-test: name: create_install_path.sh - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -107,7 +107,7 @@ jobs: grep "=== Script failed ===" output setup-script-test: name: configure_paths.sh - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large env: INSTALL_PATH: 'install-directory' SONAR_HOST_URL: 'http://sonar-host.com' @@ -250,7 +250,7 @@ jobs: grep "=== Script failed ===" output download-script-test: name: download.sh - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: @@ -319,7 +319,7 @@ jobs: grep "=== Script failed ===" output fetch-latest-version-test: name: fetch_latest_version.sh - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/update-tags.yml b/.github/workflows/update-tags.yml index d13374d..a673b7f 100644 --- a/.github/workflows/update-tags.yml +++ b/.github/workflows/update-tags.yml @@ -7,7 +7,7 @@ on: jobs: generate: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large permissions: contents: write diff --git a/.github/workflows/version_update.yml b/.github/workflows/version_update.yml index b5a7629..3e71f0f 100644 --- a/.github/workflows/version_update.yml +++ b/.github/workflows/version_update.yml @@ -7,7 +7,7 @@ on: jobs: check-version: name: Check for sonar-scanner version update - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large outputs: should_update: ${{ steps.version-check.outputs.should_update }} latest_version: ${{ steps.latest-version.outputs.latest }} @@ -45,7 +45,7 @@ jobs: update-version: name: Prepare pull request for sonar-scanner version update needs: check-version - runs-on: ubuntu-latest + runs-on: ubuntu-latest-large permissions: contents: write pull-requests: write diff --git a/action.yml b/action.yml index 0c6eeb0..39b39f2 100644 --- a/action.yml +++ b/action.yml @@ -17,7 +17,7 @@ inputs: description: Version of the Sonar Scanner CLI to use required: false # to be kept in sync with sonar-scanner-version - default: 7.1.0.4889 + default: 7.2.0.5079 scannerBinariesUrl: description: URL to download the Sonar Scanner CLI binaries from required: false diff --git a/scripts/cert.sh b/scripts/cert.sh index 2c2a2a5..de63a55 100755 --- a/scripts/cert.sh +++ b/scripts/cert.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash if [[ -n "${SONAR_ROOT_CERT}" ]]; then echo "Adding custom root certificate to java certificate store" diff --git a/scripts/configure_paths.sh b/scripts/configure_paths.sh index d1bbfe1..b9f33ac 100755 --- a/scripts/configure_paths.sh +++ b/scripts/configure_paths.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash if [[ ${ARCH} != "X64" && ! (${ARCH} == "ARM64" && (${OS} == "macOS" || ${OS} == "Linux")) ]]; then echo "::error::Architecture '${ARCH}' is unsupported by build-wrapper" diff --git a/scripts/create_install_path.sh b/scripts/create_install_path.sh index 7e35571..3a3618d 100755 --- a/scripts/create_install_path.sh +++ b/scripts/create_install_path.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash source "$(dirname -- "$0")/utils.sh" diff --git a/scripts/download.sh b/scripts/download.sh index 9e1aefa..2be77d5 100755 --- a/scripts/download.sh +++ b/scripts/download.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash source "$(dirname -- "$0")/utils.sh" diff --git a/scripts/fetch_latest_version.sh b/scripts/fetch_latest_version.sh index 774b035..57c7249 100755 --- a/scripts/fetch_latest_version.sh +++ b/scripts/fetch_latest_version.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash source "$(dirname -- "$0")/utils.sh" diff --git a/scripts/install-sonar-scanner-cli.sh b/scripts/install-sonar-scanner-cli.sh index 6d810e3..10b596c 100755 --- a/scripts/install-sonar-scanner-cli.sh +++ b/scripts/install-sonar-scanner-cli.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -eou pipefail diff --git a/scripts/run-sonar-scanner-cli.sh b/scripts/run-sonar-scanner-cli.sh index 1a77f07..a92b7eb 100755 --- a/scripts/run-sonar-scanner-cli.sh +++ b/scripts/run-sonar-scanner-cli.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -eo pipefail @@ -77,5 +77,5 @@ scanner_args+=("$@") set -ux -$SCANNER_BIN "${scanner_args[@]}" +$SCANNER_BIN ${scanner_args[@]+"${scanner_args[@]}"} diff --git a/scripts/sanity-checks.sh b/scripts/sanity-checks.sh index c3b706b..e23ed67 100755 --- a/scripts/sanity-checks.sh +++ b/scripts/sanity-checks.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -eo pipefail diff --git a/scripts/utils.sh b/scripts/utils.sh index a9849bc..cc79029 100755 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash check_status() { exit_status=$? diff --git a/sonar-scanner-version b/sonar-scanner-version index b52ab0b..79b1835 100644 --- a/sonar-scanner-version +++ b/sonar-scanner-version @@ -1,11 +1,11 @@ -sonar-scanner-version=7.1.0.4889 -sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-windows-x64.zip -sonar-scanner-sha-windows-x64=64c5154d3d924eb2e03386f10eecb3ec4132298e2c1bf0b60a0d0195cd51a555 -sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip -sonar-scanner-sha-linux-x64=b4d2a001d65b489f9effe1ea8a78495db1b152f124d7f7b058aad8651c7e1484 -sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-aarch64.zip -sonar-scanner-sha-linux-aarch64=7948ccde77843829b87d41815ead669486f681cd38b0b0893006083a9b6f6b5c -sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-x64.zip -sonar-scanner-sha-macosx-x64=08ad1e75994d91a17016ce55248d0827b62a757b263917234ea2d89bee8f136d -sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-aarch64.zip -sonar-scanner-sha-macosx-aarch64=9ad8c5da9e9665c065328b86adb3f33ef43801347ecb3ff1ec27d598ac37b449 +sonar-scanner-version=7.2.0.5079 +sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-windows-x64.zip +sonar-scanner-sha-windows-x64=71936f352206b63cb05ffbcd68e366e52d22916148cf4a2418789bc776f733ea +sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-x64.zip +sonar-scanner-sha-linux-x64=da9f4e64a3d555f08ce38b5469ebd91fe2b311af473f7001a5ee5c1fd58b004b +sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-aarch64.zip +sonar-scanner-sha-linux-aarch64=803ca725d463e95eeb7537515706367bb8e52bf05ac32174daf9773bdb36d1e2 +sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-x64.zip +sonar-scanner-sha-macosx-x64=7b9e92248ca740fff41503bfe5459c460bac43c501d80043cc4fbebb72dfc5fa +sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-aarch64.zip +sonar-scanner-sha-macosx-aarch64=c8adb3fbfe5485c17de193a217be765b66cbc10d6540057655afa3c3b5be6f61 diff --git a/test/assertFileContains b/test/assertFileContains index 3db91b2..588d845 100755 --- a/test/assertFileContains +++ b/test/assertFileContains @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -eou pipefail diff --git a/test/assertFileDoesntExist b/test/assertFileDoesntExist index b7f2982..480b761 100755 --- a/test/assertFileDoesntExist +++ b/test/assertFileDoesntExist @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -eou pipefail diff --git a/test/assertFileExists b/test/assertFileExists index f35d9f5..e0f2961 100755 --- a/test/assertFileExists +++ b/test/assertFileExists @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -eou pipefail