Releases: SonarSource/sonarqube-scan-action
v4.2.2
Full Changelog: v4.2.1...v4.2.2
v5.3.2
Full Changelog: v5.3.1...v5.3.2
v6.0.0
BREAKING CHANGE!
In order to prevent command-line injection, the actions has been rewritten from Bash to JS, and the args input is now parsed differently. When updating to v6, you might have to update your workflow to change how arguments are quoted.
For example, if you were previously passing:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
-Dsonar.projectName="My Project"you should now pass:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
"-Dsonar.projectName=My Project"For more args passing examples, please refer to the README file
What's Changed
- SQSCANGHA-106 Migrate from Bash to JS by @jeremy-davis-sonarsource in #208
Full Changelog: v5.3.1...v6.0.0
Contributors
Assets 2
v5.3.1
OVERLOOKED BREAKING CHANGE!
In order to prevent command-line injection, the way to parse the args input has been changed, but this is possibly a breaking change regarding support of quotes.
For example, if you were previously passing:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
-Dsonar.projectName="My Project"you should now pass:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
"-Dsonar.projectName=My Project"Edit: We have now released v6 that more accurately reflect this breaking change.
What's Changed
- SQSCANGHA-101 Add more input injection tests by @aleksandra-bozhinoska-sonarsource in #200
New Contributors
- @daantimmer made their first contribution in #199
Full Changelog: v5...v5.3.1
Contributors
Assets 2
v5.3.0
What's Changed
- SQSCANGHA-83 Avoid unbound variable error on parameter expansion by @aleksandra-bozhinoska-sonarsource in #192
- SQSCANGHA-97 Use /usr/bin/env for shebang by @eliandoran in #193
- SQSCANGHA-98 Update SonarScanner CLI to 7.2.0.5079 by @github-actions[bot] in #196
New Contributors
- @eliandoran made their first contribution in #193
Full Changelog: v5.2.0...v5.3.0
Contributors
Assets 2
v5.2.0
What's Changed
- SQSCANGHA-90 remove mend dead conf by @pierre-guillot-gh in #184
- SQSCANGHA-89 Attempt to fix command injection by @henryju in #186
- SQSCANGHA-93 Fix madhead/semver-utils' version by @csaba-feher-sonarsource in #187
- SQSCANGHA-94 Update version update logic by @csaba-feher-sonarsource in #188
- SQSCANGHA-92 Validate scanner version by @csaba-feher-sonarsource in #189
Full Changelog: v5...v5.2.0
Contributors
Assets 2
v5.1.0
What's Changed
- Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us by @github-actions in #183
Full Changelog: v5.0.0...v5.1.0
v5.0.0
What's Changed
- SQSCANGHA-81 Update SonarScanner CLI to 7.0.2.4839 by @github-actions in #175
Full Changelog: v4...v5.0.0
v4.2.1
What's Changed
- SQSCANGHA-77 Change title back to SonarQube Scan Action by @antonioaversa in #166
Full Changelog: v4.2.0...v4.2.1
Contributors
Assets 2
v4.2.0
We are happy to announce this new version of the GitHub action, which brings support for C, C++, and Objective-C projects.
The action supports both AutoConfig scenarios, as well as scenarios where Build Wrapper is required, and is a complete replacement of sonarqube-github-c-cpp and sonarcloud-github-c-cpp.
To install Build Wrapper, a new sonarqube-scan-action/install-build-wrapper sub-action is provided.
Check the README for examples of configuration.
On top of C, C++, and Objective-C support, we have also improved our support of self-hosted GitHub runners:
- we don't expect anymore the temporary runner folder (
RUNNER_TEMP) to be cleaned after every job execution: if present, the action will clean it, before running - similarly, we don't expect anymore the Sonar SSL folder (
~/sonar/ssl) to be cleaned after every job execution: if present, the action will clean it, before running
What's Changed
- SQSCANGHA-64 Shorten action description to respect 125 chars limit by @antonioaversa in #157
- SQCPPGHA-9 Extend action to support C, C++, and Objective-C projects by @antonioaversa in #161
- README: required programs for self-hosted and container by @trgalho in #162
- Force unzip without prompt in sonar scanner installation when files already exist by @blgnksy in #163
- SQSCANGHA-75 Support self-hosted runners not clearing temp after run by @antonioaversa in #164
- SQSCANGHA-76 Support self-hosted runners not clearing truststore after run by @antonioaversa in #165
New Contributors
Full Changelog: v4.1.0...v4.2.0
