cicd/sonarqube-scan-action
1
0
Fork 0
mirror of https://github.com/SonarSource/sonarqube-scan-action.git synced 2026-06-06 09:23:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

SQSCANGHA-84 Remove outdated wget/curl references

Browse Source 
The action was refactored to use Node.js (@actions/tool-cache) for
downloads, which doesn't rely on wget or curl. Update the README and
QA workflow to reflect this.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Julien HENRY
2026-06-04 14:42:28 +02:00
parent b243e5198f
commit c9d327c024
2 changed files with 11 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/qa-main.yml
+9 -25
View File
@@ -245,9 +245,9 @@ jobs:
- name: Assert Sonar Scanner CLI was not executed - name: Assert Sonar Scanner CLI was not executed
run: | run: |
./test/assertFileDoesntExist ./output.properties ./test/assertFileDoesntExist ./output.properties
scannerBinariesUrlIsEscapedWithWget: scannerBinariesUrlCommandInjectionTest:
name: > name: >
'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command 'scannerBinariesUrl' does not allow command injection via semicolons
runs-on: github-ubuntu-latest-s runs-on: github-ubuntu-latest-s
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -266,22 +266,14 @@ jobs:
- name: Assert file.txt does not exist - name: Assert file.txt does not exist
run: | run: |
./test/assertFileDoesntExist "$RUNNER_TEMP/sonarscanner/file.txt" ./test/assertFileDoesntExist "$RUNNER_TEMP/sonarscanner/file.txt"
scannerBinariesUrlIsEscapedWithCurl: scannerBinariesUrlCommandInjectionWithSpacesTest:
name: > name: >
'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command 'scannerBinariesUrl' does not allow command injection via spaces and quotes
runs-on: github-ubuntu-latest-s runs-on: github-ubuntu-latest-s
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
- name: Remove wget
run: sudo apt-get remove -y wget
- name: Assert wget is not available
run: |
if command -v wget 2>&1 >/dev/null
then
exit 1
fi
- name: Run action with scannerBinariesUrl - name: Run action with scannerBinariesUrl
id: runTest id: runTest
uses: ./ uses: ./
@@ -472,22 +464,14 @@ jobs:
run: | run: |
./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io" ./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io"
./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io" ./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"
curlPerformsRedirect: scannerBinariesUrlRedirectFollowed:
name: > name: >
curl performs redirect when scannerBinariesUrl returns 3xx scannerBinariesUrl redirect (3xx) is followed
runs-on: github-ubuntu-latest-s runs-on: github-ubuntu-latest-s
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
- name: Remove wget
run: sudo apt-get remove -y wget
- name: Assert wget is not available
run: |
if command -v wget 2>&1 >/dev/null
then
exit 1
fi
- name: Generate SSL certificates for nginx - name: Generate SSL certificates for nginx
run: ./generate-ssl.sh run: ./generate-ssl.sh
working-directory: .github/qa-nginx-redirecting working-directory: .github/qa-nginx-redirecting
@@ -841,8 +825,8 @@ jobs:
- projectBaseDirInputTest - projectBaseDirInputTest
- scannerVersionTest - scannerVersionTest
- scannerBinariesUrlTest - scannerBinariesUrlTest
- scannerBinariesUrlIsEscapedWithWget - scannerBinariesUrlCommandInjectionTest
- scannerBinariesUrlIsEscapedWithCurl - scannerBinariesUrlCommandInjectionWithSpacesTest
- dontFailGradleTest - dontFailGradleTest
- dontFailGradleKotlinTest - dontFailGradleKotlinTest
- dontFailMavenTest - dontFailMavenTest
@@ -850,7 +834,7 @@ jobs:
- runnerDebugUsedTest - runnerDebugUsedTest
- runAnalysisWithCacheTest - runAnalysisWithCacheTest
- overrideSonarcloudUrlTest - overrideSonarcloudUrlTest
- curlPerformsRedirect - scannerBinariesUrlRedirectFollowed
- useSslCertificate - useSslCertificate
- analysisWithSslCertificate - analysisWithSslCertificate
- updateTruststoreWhenPresent - updateTruststoreWhenPresent
README.md
+2 -2
View File
@@ -483,11 +483,11 @@ See also [example configurations of C++ projects for SonarQube Server](https://g
When running the action in a self-hosted runner or container, please ensure that the following programs are installed: When running the action in a self-hosted runner or container, please ensure that the following programs are installed:
* **curl** or **wget**
* **unzip**
* **gpg** * **gpg**
* **dirmngr** * **dirmngr**
Note: `gpg` and `dirmngr` are only required for GPG signature verification (enabled by default). They can be omitted when setting `skipSignatureVerification: true`.
### Additional information ### Additional information
The `sonarqube-scan-action/install-build-wrapper` action installs `coreutils` if run on macOS. The `sonarqube-scan-action/install-build-wrapper` action installs `coreutils` if run on macOS.