NO-JIRA Bump actions/checkout from 6.0.2 to 6.0.3

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/qa-deprecated-c-cpp.yml

@@ -34,7 +34,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 

.github/workflows/qa-install-build-wrapper.yml

@@ -34,7 +34,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 

.github/workflows/qa-main.yml

@@ -17,7 +17,7 @@ jobs:
         os: [github-ubuntu-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action without args
@@ -37,7 +37,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with args
@@ -66,7 +66,7 @@ jobs:
           ]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with args
@@ -93,7 +93,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with args
@@ -121,7 +121,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with args
@@ -148,7 +148,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with args
@@ -178,7 +178,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - run: mkdir -p ./baseDir
@@ -198,7 +198,7 @@ jobs:
       'scannerVersion' input
     runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with scannerVersion
@@ -222,7 +222,7 @@ jobs:
       'scannerBinariesUrl' input with invalid URL
     runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with scannerBinariesUrl
@@ -250,7 +250,7 @@ jobs:
       'scannerBinariesUrl' does not allow command injection via semicolons
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with scannerBinariesUrl
@@ -271,7 +271,7 @@ jobs:
       'scannerBinariesUrl' does not allow command injection via spaces and quotes
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with scannerBinariesUrl
@@ -292,7 +292,7 @@ jobs:
       Don't fail on Gradle project
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action on Gradle project
@@ -313,7 +313,7 @@ jobs:
       Don't fail on Kotlin Gradle project
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action on Kotlin Gradle project
@@ -334,7 +334,7 @@ jobs:
       Don't fail on Maven project
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action on Maven project
@@ -367,7 +367,7 @@ jobs:
           --health-timeout 5s
           --health-retries 10
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action on sample project
@@ -390,7 +390,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with debug mode
@@ -421,7 +421,7 @@ jobs:
           --health-timeout 5s
           --health-retries 10
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: SonarQube Cache
@@ -450,7 +450,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with deprecated SONARCLOUD_URL
@@ -469,7 +469,7 @@ jobs:
       scannerBinariesUrl redirect (3xx) is followed
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Generate SSL certificates for nginx
@@ -505,7 +505,7 @@ jobs:
         os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with SSL certificate
@@ -556,7 +556,7 @@ jobs:
       Analysis takes into account 'SONAR_ROOT_CERT'
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Generate server certificate
@@ -664,7 +664,7 @@ jobs:
       truststore.p12 is updated when present
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Create SONAR_SSL_FOLDER with a file in it (not-truststore.p12)
@@ -793,7 +793,7 @@ jobs:
       'scannerVersion' input validation
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run action with invalid scannerVersion

.github/workflows/qa-scripts.yml

@@ -12,7 +12,7 @@ jobs:
     name: create_install_path.sh
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
@@ -123,7 +123,7 @@ jobs:
       SONAR_SCANNER_URL_MACOSX_AARCH64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-aarch64.zip'
       SONAR_SCANNER_SHA_MACOSX_AARCH64: 'DOWNLOAD-SHA-MACOSX-AARCH64'
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
@@ -252,7 +252,7 @@ jobs:
     name: download.sh
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
@@ -321,7 +321,7 @@ jobs:
     name: fetch_latest_version.sh
     runs-on: github-ubuntu-latest-s
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
       - name: Test script

.github/workflows/unit-tests.yml

@@ -13,7 +13,7 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Setup Node.js
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0

.github/workflows/update-tags.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Parse semver
         uses: madhead/semver-utils@4cf918affe9106ea59f86c6250e5ec4570ac4389 # v5.0.0

.github/workflows/version_update.yml

@@ -13,7 +13,7 @@ jobs:
       new-version: ${{ steps.latest-version.outputs.sonar-scanner-version }}
     steps:
       - run: sudo apt install -y jq
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: master
           fetch-depth: 0
@@ -49,7 +49,7 @@ jobs:
       pull-requests: write
     if: needs.check-version.outputs.should_update == 'true'
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: master
           persist-credentials: true

dist/index.js

@@ -10,7 +10,6 @@ import { ok } from 'assert';
 import 'string_decoder';
 import * as events from 'events';
 import { setTimeout as setTimeout$1 } from 'timers';
-import * as fs$2 from 'node:fs/promises';
 import * as os$1 from 'node:os';
 import * as path$1 from 'node:path';
 import { join } from 'node:path';
@@ -4155,15 +4154,6 @@ function cleanupGpgHome(gpgHome) {
 
 const TOOLNAME = "sonar-scanner-cli";
 
-async function ensureZipExtension(filePath) {
-  if (filePath.endsWith(".zip")) {
-    return filePath;
-  }
-  const zipPath = `${filePath}.zip`;
-  await fs$2.rename(filePath, zipPath);
-  return zipPath;
-}
-
 /**
  * Download the Sonar Scanner CLI for the current environment and cache it.
  */
@@ -4212,9 +4202,7 @@ async function installSonarScanner({
       await verifySignature(downloadPath, signaturePath);
     }
 
-    // PowerShell 5.1 (used on some Windows agents) requires the .zip extension for Expand-Archive
+    const extractedPath = await extractZip(downloadPath);
-    const extractInput = await ensureZipExtension(downloadPath);
-    const extractedPath = await extractZip(extractInput);
 
     // Find the actual scanner directory inside the extracted folder
     const scannerPath = path$1.join(

src/main/__tests__/install-sonar-scanner.test.js

@@ -20,7 +20,6 @@
 
 import assert from "node:assert/strict";
 import { describe, it, mock } from "node:test";
-import nodeFsPromises from "node:fs/promises";
 
 const SCANNER_VERSION = "6.2.0.4584";
 const SCANNER_SEMVER_VERSION = "6.2.0-build.4584";
@@ -38,15 +37,6 @@ function mockUtils(t) {
   });
 }
 
-function mockFsPromises(t) {
-  t.mock.module("node:fs/promises", {
-    namedExports: {
-      ...nodeFsPromises,
-      rename: mock.fn(async () => {}),
-    },
-  });
-}
-
 describe("installSonarScanner", () => {
   it("should forward scannerBinariesAuthHeader to both binary and signature downloads", async (t) => {
     const downloadCalls = [];
@@ -56,7 +46,6 @@ describe("installSonarScanner", () => {
     });
 
     mockUtils(t);
-    mockFsPromises(t);
 
     t.mock.module("@actions/tool-cache", {
       namedExports: {
@@ -105,7 +94,6 @@ describe("installSonarScanner", () => {
     });
 
     mockUtils(t);
-    mockFsPromises(t);
 
     t.mock.module("@actions/tool-cache", {
       namedExports: {
@@ -152,7 +140,6 @@ describe("installSonarScanner", () => {
     });
 
     mockUtils(t);
-    mockFsPromises(t);
 
     t.mock.module("@actions/tool-cache", {
       namedExports: {
@@ -191,7 +178,6 @@ describe("installSonarScanner", () => {
     const cacheDirFn = mock.fn(async () => "/tmp/cached");
 
     mockUtils(t);
-    mockFsPromises(t);
 
     t.mock.module("@actions/tool-cache", {
       namedExports: {
@@ -231,120 +217,6 @@ describe("installSonarScanner", () => {
       "tc.cacheDir should be called with semver-compatible version");
   });
 
-  it("should rename downloaded file to add .zip extension before extraction", async (t) => {
-    const renameCalls = [];
-    const extractZipCalls = [];
-
-    mockUtils(t);
-
-    t.mock.module("node:fs/promises", {
-      namedExports: {
-        ...nodeFsPromises,
-        rename: mock.fn(async (src, dest) => {
-          renameCalls.push({ src, dest });
-        }),
-      },
-    });
-
-    t.mock.module("@actions/tool-cache", {
-      namedExports: {
-        find: mock.fn(() => null),
-        downloadTool: mock.fn(async () => "/tmp/downloaded-file"),
-        extractZip: mock.fn(async (p) => {
-          extractZipCalls.push(p);
-          return "/tmp/extracted";
-        }),
-        cacheDir: mock.fn(async () => "/tmp/cached"),
-      },
-    });
-
-    t.mock.module("@actions/core", {
-      namedExports: {
-        info: mock.fn(),
-        warning: mock.fn(),
-        addPath: mock.fn(),
-      },
-    });
-
-    t.mock.module("../gpg-verification.js", {
-      namedExports: {
-        verifySignature: mock.fn(async () => {}),
-      },
-    });
-
-    const { installSonarScanner } = await import(
-      `../install-sonar-scanner.js?test=rename-zip`
-    );
-
-    await installSonarScanner({
-      scannerVersion: SCANNER_VERSION,
-      scannerBinariesUrl: BINARIES_URL,
-      skipSignatureVerification: true,
-    });
-
-    assert.equal(renameCalls.length, 1, "Should rename downloaded file");
-    assert.equal(renameCalls[0].src, "/tmp/downloaded-file");
-    assert.equal(renameCalls[0].dest, "/tmp/downloaded-file.zip");
-    assert.equal(extractZipCalls.length, 1, "Should call extractZip once");
-    assert.equal(extractZipCalls[0], "/tmp/downloaded-file.zip", "Should extract the renamed file");
-  });
-
-  it("should not rename downloaded file when it already has .zip extension", async (t) => {
-    const renameCalls = [];
-    const extractZipCalls = [];
-
-    mockUtils(t);
-
-    t.mock.module("node:fs/promises", {
-      namedExports: {
-        ...nodeFsPromises,
-        rename: mock.fn(async (src, dest) => {
-          renameCalls.push({ src, dest });
-        }),
-      },
-    });
-
-    t.mock.module("@actions/tool-cache", {
-      namedExports: {
-        find: mock.fn(() => null),
-        downloadTool: mock.fn(async () => "/tmp/downloaded-file.zip"),
-        extractZip: mock.fn(async (p) => {
-          extractZipCalls.push(p);
-          return "/tmp/extracted";
-        }),
-        cacheDir: mock.fn(async () => "/tmp/cached"),
-      },
-    });
-
-    t.mock.module("@actions/core", {
-      namedExports: {
-        info: mock.fn(),
-        warning: mock.fn(),
-        addPath: mock.fn(),
-      },
-    });
-
-    t.mock.module("../gpg-verification.js", {
-      namedExports: {
-        verifySignature: mock.fn(async () => {}),
-      },
-    });
-
-    const { installSonarScanner } = await import(
-      `../install-sonar-scanner.js?test=no-rename-zip`
-    );
-
-    await installSonarScanner({
-      scannerVersion: SCANNER_VERSION,
-      scannerBinariesUrl: BINARIES_URL,
-      skipSignatureVerification: true,
-    });
-
-    assert.equal(renameCalls.length, 0, "Should not rename when already .zip");
-    assert.equal(extractZipCalls.length, 1, "Should call extractZip once");
-    assert.equal(extractZipCalls[0], "/tmp/downloaded-file.zip", "Should extract original file");
-  });
-
   it("should use cached tool when available and skip download", async (t) => {
     const downloadToolFn = mock.fn();
 

src/main/install-sonar-scanner.js

@@ -18,7 +18,6 @@
 
 import * as core from "@actions/core";
 import * as tc from "@actions/tool-cache";
-import * as fs from "node:fs/promises";
 import * as os from "node:os";
 import * as path from "node:path";
 import {
@@ -31,15 +30,6 @@ import { verifySignature } from "./gpg-verification.js";
 
 const TOOLNAME = "sonar-scanner-cli";
 
-async function ensureZipExtension(filePath) {
-  if (filePath.endsWith(".zip")) {
-    return filePath;
-  }
-  const zipPath = `${filePath}.zip`;
-  await fs.rename(filePath, zipPath);
-  return zipPath;
-}
-
 /**
  * Download the Sonar Scanner CLI for the current environment and cache it.
  */
@@ -88,9 +78,7 @@ export async function installSonarScanner({
       await verifySignature(downloadPath, signaturePath);
     }
 
-    // PowerShell 5.1 (used on some Windows agents) requires the .zip extension for Expand-Archive
+    const extractedPath = await tc.extractZip(downloadPath);
-    const extractInput = await ensureZipExtension(downloadPath);
-    const extractedPath = await tc.extractZip(extractInput);
 
     // Find the actual scanner directory inside the extracted folder
     const scannerPath = path.join(