SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version#250
Conversation
Agentic Analysis: Early ResultsAgentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action. 4 issue(s) found across 2 file(s):
Analyzed by SonarQube Agentic Analysis in 2.8 s |
a147d19 to
751b8e8
Compare
…atible 4-part version GitHub's tool-cache library uses semver.clean() to look up cached tools, which returns null for 4-part version strings like "8.0.1.6346". This caused findAllVersions() to filter out any cached directory, resulting in a cache miss on every run. The fix converts the 4-part version to a semver pre-release format (e.g. "8.0.1-build.6346") for tool-cache operations, while keeping the original version string for download URLs and zip extraction. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Built from worktree with local node_modules so source map paths match CI build environment (../node_modules/ instead of ../../../../node_modules/). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
0368e05 to
33f22e5
Compare
|
Code Review ✅ ApprovedNormalizes 4-part scanner versions to SemVer-compatible strings to prevent unnecessary re-downloads and transitions the development environment to use mise for Node.js 24. No issues found. OptionsAuto-apply is off → Gitar will not commit updates to this branch. Comment with these commands to change:
Was this helpful? React with 👍 / 👎 | Gitar |
…(#12) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v8.1` → `v8.2` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v8.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v8.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v8.2.0...v8.2.0) #### What's Changed - SQSCANGHA-149 Add scannerBinariesAuthHeader input by [@​henryju](https://github.com/henryju) in [#​246](SonarSource/sonarqube-scan-action#246) - SQSCANGHA-88 Deprecate the SONARCLOUD\_URL env variable support by [@​henryju](https://github.com/henryju) in [#​249](SonarSource/sonarqube-scan-action#249) - SQSCANGHA-84 Remove outdated wget/curl references by [@​henryju](https://github.com/henryju) in [#​248](SonarSource/sonarqube-scan-action#248) - SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by [@​henryju](https://github.com/henryju) in [#​250](SonarSource/sonarqube-scan-action#250) - SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by [@​henryju](https://github.com/henryju) in [#​251](SonarSource/sonarqube-scan-action#251) **Full Changelog**: <SonarSource/sonarqube-scan-action@v8...v8.2.0> ### [`v8.2`](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTYuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIxNi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/epage-go/pulls/12 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
…(#455) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v8.1` → `v8.2` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v8.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v8.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v8.2.0...v8.2.0) #### What's Changed - SQSCANGHA-149 Add scannerBinariesAuthHeader input by [@​henryju](https://github.com/henryju) in [#​246](SonarSource/sonarqube-scan-action#246) - SQSCANGHA-88 Deprecate the SONARCLOUD\_URL env variable support by [@​henryju](https://github.com/henryju) in [#​249](SonarSource/sonarqube-scan-action#249) - SQSCANGHA-84 Remove outdated wget/curl references by [@​henryju](https://github.com/henryju) in [#​248](SonarSource/sonarqube-scan-action#248) - SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by [@​henryju](https://github.com/henryju) in [#​250](SonarSource/sonarqube-scan-action#250) - SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by [@​henryju](https://github.com/henryju) in [#​251](SonarSource/sonarqube-scan-action#251) **Full Changelog**: <SonarSource/sonarqube-scan-action@v8...v8.2.0> ### [`v8.2`](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTYuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIxNi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/roboluke/pulls/455 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
…(#453) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v8.1` → `v8.2` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v8.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v8.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v8.2.0...v8.2.0) #### What's Changed - SQSCANGHA-149 Add scannerBinariesAuthHeader input by [@​henryju](https://github.com/henryju) in [#​246](SonarSource/sonarqube-scan-action#246) - SQSCANGHA-88 Deprecate the SONARCLOUD\_URL env variable support by [@​henryju](https://github.com/henryju) in [#​249](SonarSource/sonarqube-scan-action#249) - SQSCANGHA-84 Remove outdated wget/curl references by [@​henryju](https://github.com/henryju) in [#​248](SonarSource/sonarqube-scan-action#248) - SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by [@​henryju](https://github.com/henryju) in [#​250](SonarSource/sonarqube-scan-action#250) - SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by [@​henryju](https://github.com/henryju) in [#​251](SonarSource/sonarqube-scan-action#251) **Full Changelog**: <SonarSource/sonarqube-scan-action@v8...v8.2.0> ### [`v8.2`](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTYuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIxNi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/pypilot/pulls/453 Reviewed-by: Luke Tainton <luke@tainton.uk> Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>



Summary
@actions/tool-cachelibrary requires SemVer 2.0 version strings, but the scanner uses a 4-part format (e.g.8.0.1.6346)tc.find()callssemver.clean('8.0.1.6346')→null→ empty string, sofindAllVersions()filters out the cached directory and every lookup is a missX.Y.Z.W→X.Y.Z-build.W(valid SemVer pre-release) for tool-cache operations; download URL and zip extraction still use the original version stringTest plan
npm test)toSemVerunit tests added inutils.test.jsinstall-sonar-scanner.test.jsverifiestc.findandtc.cacheDirreceive the semver-compatible versionRUNNER_TOOL_CACHEis configuredFixes SQSCANGHA-135
🤖 Generated with Claude Code
Summary by Gitar
mise.tomlto specify Node.js version 24 environment.toSemVerutility to convert 4-part scanner versions to SemVer-compatible strings.install-sonar-scannerto use the converted version fortool-cacheoperations.This will update automatically on new commits.