The upcoming release of GitHub action for SonarQube v.4.0.0 - remove Docker

Hello SonarQube users!

We are excited to announce the upcoming release of a new major version (v4.0.0) of our GitHub action for SonarQube Server.

The new version won’t spawn anymore a new Linux-based Docker container at every scan. Instead, the new action is now defined as a composite action. Therefore, its steps are directly embedded into your GitHub workflow, and the scan will run in the same environment of the workflow.

This comes with multiple benefits:

  • you can now use our GitHub action with Java and Dart project, which previously didn’t support it due to Docker isolation
  • your run won’t fail anymore in peak workload scenarios due to the Docker image hitting the rate limit on DockerHub
  • the scan won’t need to run the scan as a root user, as recommended by GitHub for operations happening in a Docker container
  • you will be able to run the action as part of your workflow on any Operating System

You can check the section below for detailed information about how to move to the new version, once it is released.

Stay tuned for the release of this new version of the GitHub action later this week!

The upgrade

We don’t expect any issue for the vast majority of users, and we encourage you to move to the new major version.

The only scenario currently known to us where you may encounter problems is if:

  • you analyze JS/TS code
  • AND your GitHub runner is self-hosted and doesn’t have Node JS installed
  • AND you target SonarQube 10.2 or below

In that case, you would need to install Node JS in your runner.

If you encounter any issues, please create a new post here in the community, describing your scenario and providing logs. In case of need, you can revert your pipeline to v3.1.0 in the meantime, to get back to an operational state.

Upgrade when using a specific version of the action

If you use a specific version of the GitHub action (e.g. sonarqube-scan-action@3.1.0 or below), the change won’t impact you, unless you explicitly change your GitHub workflow to use the v4.0.0 version.

Upgrade when using the master version of the action

If you use the master version of the GitHub action (e.g. sonarqube-scan-action@master), which we don’t recommend doing, the change won’t impact you for now, since master still points to v3.1.0, and it will do so until December 9th.

You may notice a warning message appearing in your logs during scan, and in annotations after scan, that inform about the upcoming v4.0.0:

We recommend that you change master by v4.0.0, try running your GitHub workflow and report any issue you may encounter (and switch to v3.1.0 to avoid being automatically updated). On December 9th, we will switch master to point to v4.0.0.

Antonio

1 Like

Hi everybody,

We have just released v4.0.0!
You can find release notes here and marketplace page for the new version of the action here.

Antonio

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Hi,

After fixing all the issues we encountered in v4.0.0 and releasing v4.1.0, this morning we finally switched master to include v4.1.0.

Let us know if you encounter any issues.

If your pipeline uses sonarqube-scan-action@master, our general recommendation is to change your CI pipeline to point to a specific version, such as sonarqube-scan-action@v4, unless you really want to be early notified of any change we make, accepting the risk that such changes may break your pipeline.

Best regards,
Antonio