Hello SonarQube users!
We are excited to announce the upcoming release of a new major version (v4.0.0) of our GitHub action for SonarQube Server.
The new version won’t spawn anymore a new Linux-based Docker container at every scan. Instead, the new action is now defined as a composite action. Therefore, its steps are directly embedded into your GitHub workflow, and the scan will run in the same environment of the workflow.
This comes with multiple benefits:
- you can now use our GitHub action with Java and Dart project, which previously didn’t support it due to Docker isolation
- your run won’t fail anymore in peak workload scenarios due to the Docker image hitting the rate limit on DockerHub
- the scan won’t need to run the scan as a root user, as recommended by GitHub for operations happening in a Docker container
- you will be able to run the action as part of your workflow on any Operating System
You can check the section below for detailed information about how to move to the new version, once it is released.
Stay tuned for the release of this new version of the GitHub action later this week!
The upgrade
We don’t expect any issue for the vast majority of users, and we encourage you to move to the new major version.
The only scenario currently known to us where you may encounter problems is if:
- you analyze JS/TS code
- AND your GitHub runner is self-hosted and doesn’t have Node JS installed
- AND you target SonarQube 10.2 or below
In that case, you would need to install Node JS in your runner.
If you encounter any issues, please create a new post here in the community, describing your scenario and providing logs. In case of need, you can revert your pipeline to v3.1.0 in the meantime, to get back to an operational state.
Upgrade when using a specific version of the action
If you use a specific version of the GitHub action (e.g. sonarqube-scan-action@3.1.0 or below), the change won’t impact you, unless you explicitly change your GitHub workflow to use the v4.0.0 version.
Upgrade when using the master version of the action
If you use the master version of the GitHub action (e.g. sonarqube-scan-action@master), which we don’t recommend doing, the change won’t impact you for now, since master still points to v3.1.0, and it will do so until December 9th.
You may notice a warning message appearing in your logs during scan, and in annotations after scan, that inform about the upcoming v4.0.0:
We recommend that you change master by v4.0.0, try running your GitHub workflow and report any issue you may encounter (and switch to v3.1.0 to avoid being automatically updated). On December 9th, we will switch master to point to v4.0.0.
Antonio