Hello Colin.
I am unsure about the correct syntax to use for multiple arguments.
In the release notes for version 6.0.0, the internal quotation marks surrounding the single variable value are removed to enclose the entire command line.
For example, if you were previously passing:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
-Dsonar.projectName="My Project"
you should now pass:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
"-Dsonar.projectName=My Project"
The readme file presents the case of multiple arguments with a confusing example:
In version 6, the way the args option is handled has been changed to prevent command injection. As a result, we no longer support the full bash syntax. This means there is now a much more restricted use of quoting and escaping compared to older versions of the action. Example:
with:
args: >
-testing test
-valid=true
--quotes "test quotes" "nested \'quotes\'"
-Dsonar.property="some value"
"-Dsonar.property=some value"
will be parsed as the following array of strings:
[
'-testing',
'test',
'-valid=true',
'--quotes',
'test quotes', # Surrounding quotes are removed
'nested \'quotes\'',
'-Dsonar.property="some value"', # Internal quotes are NOT removed, contrary to the bash syntax
'-Dsonar.property=some value', # This is the proper way to pass scanner arguments with spaces
]
Specifically, with version 5.3.1, I passed the following arguments:
with:
args: >
-Dsonar.projectKey="ProjectKeyValue"
-Dsonar.projectName="ProjectNameValue"
-Dsonar.links.scm="ScmLinkValue"
-Dsonar.log.level=DEBUG
I simply did this by updating the GHA version to 6.0.0:
with:
args: >
"-Dsonar.projectKey=ProjectKeyValue"
"-Dsonar.projectName=ProjectNameValue"
"-Dsonar.links.scm=ScmLinkValue"
"-Dsonar.log.level=DEBUG"
The scan went well, but is the syntax I used the correct one?