diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9271143..7ec2afa 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -108,6 +108,16 @@ jobs: setup-script-test: name: configure_paths.sh script test runs-on: ubuntu-latest + env: + INSTALL_PATH: 'install-directory' + SONAR_HOST_URL: 'http://sonar-host.com' + SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM' + SONAR_SCANNER_URL_WINDOWS: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-windows.zip' + SONAR_SCANNER_SHA_WINDOWS: 'DOWNLOAD-SHA-WINDOWS' + SONAR_SCANNER_URL_LINUX: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux.zip' + SONAR_SCANNER_SHA_LINUX: 'DOWNLOAD-SHA-LINUX' + SONAR_SCANNER_URL_MACOSX: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx.zip' + SONAR_SCANNER_SHA_MACOSX: 'DOWNLOAD-SHA-MACOSX' steps: - uses: actions/checkout@v3 with: @@ -117,16 +127,14 @@ jobs: shell: bash env: OS: 'Windows' - ARCH: 'X64' - INSTALL_PATH: 'install-directory' - SONAR_HOST_URL: 'http://sonar-host.com' - SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM' + ARCH: 'X64' run: | ./scripts/configure_paths.sh > output grep -v "::error::" output echo "- Check sonar-scanner:" grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-windows.zip" output + grep "sonar-scanner-sha=DOWNLOAD-SHA-WINDOWS" output grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-windows" output grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-windows/bin/sonar-scanner.bat" output @@ -139,16 +147,14 @@ jobs: shell: bash env: OS: 'Linux' - ARCH: 'X64' - INSTALL_PATH: 'install-directory' - SONAR_HOST_URL: 'http://sonar-host.com' - SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM' + ARCH: 'X64' run: | ./scripts/configure_paths.sh > output grep -v "::error::" output echo "- Check sonar-scanner:" grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux.zip" output + grep "sonar-scanner-sha=DOWNLOAD-SHA-LINUX" output grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux" output grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux/bin/sonar-scanner" output @@ -161,16 +167,14 @@ jobs: shell: bash env: OS: 'macOS' - ARCH: 'X64' - INSTALL_PATH: 'install-directory' - SONAR_HOST_URL: 'http://sonar-host.com' - SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM' + ARCH: 'X64' run: | ./scripts/configure_paths.sh > output grep -v "::error::" output echo "- Check sonar-scanner:" grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx.zip" output + grep "sonar-scanner-sha=DOWNLOAD-SHA-MACOSX" output grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx" output grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx/bin/sonar-scanner" output @@ -183,10 +187,7 @@ jobs: shell: bash env: OS: 'unsupportedOS' - ARCH: 'X64' - INSTALL_PATH: 'install-directory' - SONAR_HOST_URL: 'http://sonar-host.com' - SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM' + ARCH: 'X64' run: | (./scripts/configure_paths.sh || echo "=== Script failed ===") > output @@ -198,10 +199,7 @@ jobs: shell: bash env: OS: 'Linux' - ARCH: 'X86' - INSTALL_PATH: 'install-directory' - SONAR_HOST_URL: 'http://sonar-host.com' - SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM' + ARCH: 'X86' run: | (./scripts/configure_paths.sh || echo "=== Script failed ===") > output @@ -221,29 +219,24 @@ jobs: - name: Download test without validation shell: bash env: - INSTALL_PATH: 'install-directory' + INSTALL_PATH: 'install-directory-no-sha-validation' DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' - SHA_DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip.sha256' + EXPECTED_SHA: 'incorrect-sha-not-validated' TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip run: | ./scripts/download.sh > output test -f "$TMP_ZIP_PATH" - if [ -f "$TMP_ZIP_PATH.sha256" ]; then - echo "$TMP_ZIP_PATH.sha256 shouldn't exist" - exit 1 - fi grep -v "::error::" output - name: Download test with validation shell: bash env: INSTALL_PATH: 'install-directory-sha-validation' DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' - SHA_DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip.sha256' + EXPECTED_SHA: '9411331814c1d002bd65d37758b872918b7602e7cf3ca5b83a3e19a729b2be05' TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip run: | ./scripts/download.sh -v > output test -f "$TMP_ZIP_PATH" - test -f "$TMP_ZIP_PATH".sha256 grep -v "::error::" output - name: Incorrect install dir shell: bash @@ -256,23 +249,63 @@ jobs: - name: Incorrect download url shell: bash env: - INSTALL_PATH: 'install-directory' + INSTALL_PATH: 'install-directory-incorrect-url' DOWNLOAD_URL: 'incorrect-url' run: | (./scripts/download.sh || echo "=== Script failed ===") > output grep "::error::Failed to download 'incorrect-url'" output grep "=== Script failed ===" output - - name: Incorrect SHA256 url + - name: Incorrect SHA256 shell: bash env: - INSTALL_PATH: 'install-directory' + INSTALL_PATH: 'install-directory-incorrect-sha' DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' - SHA_DOWNLOAD_URL: incorrect-sha256-url + EXPECTED_SHA: 'incorrect-sha256' TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip run: | (./scripts/download.sh -v || echo "=== Script failed ===") > output - grep "::error::Failed to download 'incorrect-sha256-url'" output + grep "::error::Checking sha256 failed" output grep "=== Script failed ===" output + - name: Mismatching SHA256 + shell: bash + env: + INSTALL_PATH: 'install-directory-mismtaching-sha' + DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' + EXPECTED_SHA: '3e121d85a4adb1f30b917d5f3eb897966b59e02c3d6d313a78dcd964193dc963' + TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip + run: | + (./scripts/download.sh -v || echo "=== Script failed ===") > output + grep "::error::Checking sha256 failed" output + grep "=== Script failed ===" output + + fetch-latest-version-test: + name: fetch_latest_version.sh script test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Test script + shell: bash + run: | + ./scripts/fetch_latest_version.sh > output + + echo "- Check sonar-scanner version:" + grep "sonar-scanner-version=" output + SONAR_SCANNER_VERSION=$(cat output | cut -d= -f 2) + test ! -z "${SONAR_SCANNER_VERSION}" + + echo "- Check windows sonar-scanner URLs:" + grep "sonar-scanner-url-windows=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-windows.zip" output + grep -e "^sonar-scanner-sha-windows=[0-9A-Fa-f]\+$" output + + echo "- Check linux sonar-scanner URLs:" + grep "sonar-scanner-url-linux=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" output + grep -e "^sonar-scanner-sha-linux=[0-9A-Fa-f]\+$" output + + echo "- Check macosx sonar-scanner URLs:" + grep "sonar-scanner-url-macosx=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-macosx.zip" output + grep -e "^sonar-scanner-sha-macosx=[0-9A-Fa-f]\+$" output output-test: name: Test action outputs diff --git a/.github/workflows/version_update.yml b/.github/workflows/version_update.yml new file mode 100644 index 0000000..058e902 --- /dev/null +++ b/.github/workflows/version_update.yml @@ -0,0 +1,50 @@ +name: sonar-scanner version check +on: + schedule: + - cron: '15 10 * * *' + +jobs: + update-version: + name: Prepare pull request for sonar-scanner version update + runs-on: ubuntu-latest + steps: + - run: sudo apt install -y jq + + - uses: actions/checkout@v3 + with: + ref: main + persist-credentials: true + fetch-depth: 0 + + - name: "Fetch currently used sonar-scanner version" + id: tagged-version + shell: bash + run: cat sonar-scanner-version >> $GITHUB_OUTPUT + + - name: "Fetch lastest sonar-scanner version" + id: latest-version + shell: bash + run: | + ./scripts/fetch_latest_version.sh > sonar-scanner-version + cat sonar-scanner-version >> $GITHUB_OUTPUT + + - name: "Create Pull Request for version update" + if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version + shell: bash + env: + UPDATE_BRANCH: update-to-sonar-scanner-${{ steps.latest-version.outputs.sonar-scanner-version }} + TITLE: "Update sonar-scanner-version to ${{ steps.latest-version.outputs.sonar-scanner-version }}" + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + git config --global user.name "SonarTech" + git config --global user.email "sonartech@sonarsource.com" + git checkout -b ${UPDATE_BRANCH} + git add sonar-scanner-version + git commit -m "${TITLE}" + git push --force-with-lease origin ${UPDATE_BRANCH} + gh pr list + + if [[ $(gh pr list -H "${UPDATE_BRANCH}" | grep "${UPDATE_BRANCH}" | wc -l) -eq 0 ]]; then + gh pr create -B main -H ${UPDATE_BRANCH} --title "${TITLE}" --body "Automatic updated of sonar-scanner version value. Needs to be tagged for release." + fi + diff --git a/action.yml b/action.yml index 1018a72..e5b6580 100644 --- a/action.yml +++ b/action.yml @@ -39,7 +39,7 @@ runs: - name: Set version of sonar-scanner id: sonar-scanner-version shell: bash - run: echo "sonar-scanner-version=4.7.0.2747" >> $GITHUB_OUTPUT + run: cat ${GITHUB_ACTION_PATH}/sonar-scanner-version >> $GITHUB_OUTPUT - name: Configure paths id: configure_paths @@ -50,6 +50,12 @@ runs: INSTALL_PATH: ${{ inputs.installation-path }} SONAR_HOST_URL: 'https://sonarcloud.io' SONAR_SCANNER_VERSION: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-version }} + SONAR_SCANNER_URL_WINDOWS: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-windows }} + SONAR_SCANNER_SHA_WINDOWS: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-windows }} + SONAR_SCANNER_URL_LINUX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-linux }} + SONAR_SCANNER_SHA_LINUX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-linux }} + SONAR_SCANNER_URL_MACOSX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-macosx }} + SONAR_SCANNER_SHA_MACOSX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-macosx }} run: ${GITHUB_ACTION_PATH}/scripts/configure_paths.sh >> $GITHUB_OUTPUT - name: Cache sonar-scanner installation @@ -68,7 +74,7 @@ runs: shell: bash env: DOWNLOAD_URL: ${{ steps.configure_paths.outputs.sonar-scanner-url }} - SHA_DOWNLOAD_URL: ${{ steps.configure_paths.outputs.sonar-scanner-url }}.sha256 + EXPECTED_SHA: ${{ steps.configure_paths.outputs.sonar-scanner-sha }} INSTALL_PATH: ${{ inputs.installation-path }} TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip run: ${GITHUB_ACTION_PATH}/scripts/download.sh -v diff --git a/scripts/configure_paths.sh b/scripts/configure_paths.sh index b12971b..8a8ed2b 100755 --- a/scripts/configure_paths.sh +++ b/scripts/configure_paths.sh @@ -11,18 +11,24 @@ case ${OS} in BUILD_WRAPPER_SUFFIX="win-x86" SONAR_SCANNER_NAME="sonar-scanner.bat" BUILD_WRAPPER_NAME="build-wrapper-win-x86-64.exe" + SONAR_SCANNER_URL="${SONAR_SCANNER_URL_WINDOWS}" + SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_WINDOWS}" ;; Linux) SONAR_SCANNER_SUFFIX="linux" BUILD_WRAPPER_SUFFIX="linux-x86" SONAR_SCANNER_NAME="sonar-scanner" BUILD_WRAPPER_NAME="build-wrapper-linux-x86-64" + SONAR_SCANNER_URL="${SONAR_SCANNER_URL_LINUX}" + SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_LINUX}" ;; macOS) SONAR_SCANNER_SUFFIX="macosx" BUILD_WRAPPER_SUFFIX="macosx-x86" SONAR_SCANNER_NAME="sonar-scanner" BUILD_WRAPPER_NAME="build-wrapper-macosx-x86" + SONAR_SCANNER_URL="${SONAR_SCANNER_URL_MACOSX}" + SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_MACOSX}" ;; *) echo "::error::Unsupported runner OS '${OS}'" @@ -30,8 +36,11 @@ case ${OS} in ;; esac + +echo "sonar-scanner-url=${SONAR_SCANNER_URL}" +echo "sonar-scanner-sha=${SONAR_SCANNER_SHA}" + SONAR_SCANNER_DIR="${INSTALL_PATH}/sonar-scanner-${SONAR_SCANNER_VERSION}-${SONAR_SCANNER_SUFFIX}" -echo "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-${SONAR_SCANNER_SUFFIX}.zip" echo "sonar-scanner-dir=${SONAR_SCANNER_DIR}" echo "sonar-scanner-bin=${SONAR_SCANNER_DIR}/bin/${SONAR_SCANNER_NAME}" diff --git a/scripts/download.sh b/scripts/download.sh index b44fb3c..9e1aefa 100755 --- a/scripts/download.sh +++ b/scripts/download.sh @@ -28,13 +28,7 @@ parse_arguments() { } verify_download_correctness() { - echo "Checking download correctness with '$SHA_DOWNLOAD_URL'" - curl -sSLo "${TMP_ZIP_PATH}.sha256" "${SHA_DOWNLOAD_URL}" - check_status "Failed to download '$SHA_DOWNLOAD_URL'" - - echo " ${TMP_ZIP_PATH}" >>${TMP_ZIP_PATH}.sha256 - - sha256sum -c ${TMP_ZIP_PATH}.sha256 + echo "${EXPECTED_SHA} ${TMP_ZIP_PATH}" | sha256sum -c check_status "Checking sha256 failed" } diff --git a/scripts/fetch_latest_version.sh b/scripts/fetch_latest_version.sh new file mode 100755 index 0000000..6177555 --- /dev/null +++ b/scripts/fetch_latest_version.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +source "$(dirname -- "$0")/utils.sh" + +SONAR_SCANNER_VERSION=$(curl -sSL -H "Accept: application/vnd.github+json" \ + https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | jq -r '.tag_name') +check_status "Failed to fetch latest sonar-scanner version from GitHub API" + +echo "sonar-scanner-version=${SONAR_SCANNER_VERSION}" + +for OS in windows linux macosx; do + SONAR_SCANNER_URL="https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-${OS}.zip" + SONAR_SCANNER_SHA=$(curl -sSL "${SONAR_SCANNER_URL}.sha256") + check_status "Failed to download ${OS} sonar-scanner checksum from '${SONAR_SCANNER_URL}'" + + echo "sonar-scanner-url-${OS}=${SONAR_SCANNER_URL}" + echo "sonar-scanner-sha-${OS}=${SONAR_SCANNER_SHA}" +done diff --git a/sonar-scanner-version b/sonar-scanner-version new file mode 100644 index 0000000..19c87c7 --- /dev/null +++ b/sonar-scanner-version @@ -0,0 +1,7 @@ +sonar-scanner-version=4.7.0.2747 +sonar-scanner-url-windows=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-windows.zip +sonar-scanner-sha-windows=9e9e425b2c9123622436a5004c5b6cf833800bd0ec717c3bd5ea506efc0f998e +sonar-scanner-url-linux=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip +sonar-scanner-sha-linux=3e121d85a4adb1f30b917d5f3eb897966b59e02c3d6d313a78dcd964193dc963 +sonar-scanner-url-macosx=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-macosx.zip +sonar-scanner-sha-macosx=977a70d360b9eaea89c965edfb29eb661dbc9fcc6c0e40037809f089f9a91339