Skip to content

SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows#251

Merged
henryju merged 1 commit into
masterfrom
worktree-SQSCANGHA-127
Jun 8, 2026
Merged

SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows#251
henryju merged 1 commit into
masterfrom
worktree-SQSCANGHA-127

Conversation

@henryju

@henryju henryju commented Jun 4, 2026

Copy link
Copy Markdown
Member

PowerShell 5.1, used on some Windows GitHub Actions runners, requires Expand-Archive to receive a file with a .zip extension. The @actions/tool-cache downloadTool function saves to a temp path without any extension, causing extraction to fail on PS 5.1. Rename the file to add .zip before calling extractZip.

Please be aware that we are not actively looking for feature contributions. The truth is that it's extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes. If you would like to see a new feature, please create a new thread in the forum "Suggest new features".

With that in mind, if you would like to submit a code contribution, make sure that you adhere to the following guidelines and all tests are passing:

  • Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make
  • Make sure any code you changed is covered by tests
  • If there is a JIRA ticket available, please make your commits and pull request start with the ticket ID (SONAR-XXXX)

We will try to give you feedback on your contribution as quickly as possible.

Thank You!
The SonarSource Team


Summary by Gitar

  • Build configuration:
    • Added mise.toml to pin the Node.js version to 24.
  • File system operations:
    • Implemented ensureZipExtension to conditionally append .zip to downloaded files.
  • Testing updates:
    • Added unit tests in install-sonar-scanner.test.js to verify file renaming logic and edge cases.

This will update automatically on new commits.

@sonarqubecloud

sonarqubecloud Bot commented Jun 4, 2026

Copy link
Copy Markdown

Agentic Analysis: Early Results

Agentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action.

10 issue(s) found across 1 file(s):

Rule File Line Message
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 252 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 255 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 257 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 286 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 287 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 289 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 310 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 313 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 315 Make sure publicly writable directories are used safely here.
javascript:S5443 src/main/__tests__/install-sonar-scanner.test.js 345 Make sure publicly writable directories are used safely here.

Analyzed by SonarQube Agentic Analysis in 3.3 s

@hashicorp-vault-sonar-prod

hashicorp-vault-sonar-prod Bot commented Jun 4, 2026

Copy link
Copy Markdown

SQSCANGHA-127

@henryju henryju force-pushed the worktree-SQSCANGHA-127 branch from 68a8c82 to b24f324 Compare June 4, 2026 14:44
@henryju henryju marked this pull request as ready for review June 4, 2026 14:53
…dows

PowerShell 5.1, used on some Windows GitHub Actions runners, requires
Expand-Archive to receive a file with a .zip extension. The @actions/tool-cache
downloadTool function saves to a temp path without any extension, causing
extraction to fail on PS 5.1. Rename the file to add .zip before calling
extractZip.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@henryju henryju force-pushed the worktree-SQSCANGHA-127 branch from b24f324 to af0fbd4 Compare June 8, 2026 09:01
@sonarqubecloud

sonarqubecloud Bot commented Jun 8, 2026

Copy link
Copy Markdown

@henryju henryju merged commit 7138816 into master Jun 8, 2026
75 checks passed
@henryju henryju deleted the worktree-SQSCANGHA-127 branch June 8, 2026 12:51
@gitar-bot

gitar-bot Bot commented Jun 8, 2026

Copy link
Copy Markdown
Code Review ✅ Approved

Renames downloaded files to include a .zip extension before extraction to ensure compatibility with PowerShell 5.1 on Windows runners. Added pinning for Node.js version and verified the fix with new unit tests; no issues found.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply Compact
gitar auto-apply:on         
gitar display:verbose         

Was this helpful? React with 👍 / 👎 | Gitar

luketainton pushed a commit to luketainton/repos_epage-go that referenced this pull request Jun 9, 2026
…(#12)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v8.1` → `v8.2` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v8.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v8.2.0)

[Compare Source](SonarSource/sonarqube-scan-action@v8.2.0...v8.2.0)

#### What's Changed

- SQSCANGHA-149 Add scannerBinariesAuthHeader input by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;246](SonarSource/sonarqube-scan-action#246)
- SQSCANGHA-88 Deprecate the SONARCLOUD\_URL env variable support by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;249](SonarSource/sonarqube-scan-action#249)
- SQSCANGHA-84 Remove outdated wget/curl references by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;248](SonarSource/sonarqube-scan-action#248)
- SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;250](SonarSource/sonarqube-scan-action#250)
- SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;251](SonarSource/sonarqube-scan-action#251)

**Full Changelog**: <SonarSource/sonarqube-scan-action@v8...v8.2.0>

### [`v8.2`](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0)

[Compare Source](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTYuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIxNi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->

Reviewed-on: https://git.tainton.uk/repos/epage-go/pulls/12
Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk>
Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
luketainton pushed a commit to luketainton/repos_roboluke that referenced this pull request Jun 9, 2026
…(#455)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v8.1` → `v8.2` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v8.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v8.2.0)

[Compare Source](SonarSource/sonarqube-scan-action@v8.2.0...v8.2.0)

#### What's Changed

- SQSCANGHA-149 Add scannerBinariesAuthHeader input by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;246](SonarSource/sonarqube-scan-action#246)
- SQSCANGHA-88 Deprecate the SONARCLOUD\_URL env variable support by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;249](SonarSource/sonarqube-scan-action#249)
- SQSCANGHA-84 Remove outdated wget/curl references by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;248](SonarSource/sonarqube-scan-action#248)
- SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;250](SonarSource/sonarqube-scan-action#250)
- SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;251](SonarSource/sonarqube-scan-action#251)

**Full Changelog**: <SonarSource/sonarqube-scan-action@v8...v8.2.0>

### [`v8.2`](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0)

[Compare Source](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTYuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIxNi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->

Reviewed-on: https://git.tainton.uk/repos/roboluke/pulls/455
Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk>
Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
luketainton pushed a commit to luketainton/repos_pypilot that referenced this pull request Jun 18, 2026
…(#453)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v8.1` → `v8.2` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v8.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v8.2.0)

[Compare Source](SonarSource/sonarqube-scan-action@v8.2.0...v8.2.0)

#### What's Changed

- SQSCANGHA-149 Add scannerBinariesAuthHeader input by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;246](SonarSource/sonarqube-scan-action#246)
- SQSCANGHA-88 Deprecate the SONARCLOUD\_URL env variable support by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;249](SonarSource/sonarqube-scan-action#249)
- SQSCANGHA-84 Remove outdated wget/curl references by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;248](SonarSource/sonarqube-scan-action#248)
- SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;250](SonarSource/sonarqube-scan-action#250)
- SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;251](SonarSource/sonarqube-scan-action#251)

**Full Changelog**: <SonarSource/sonarqube-scan-action@v8...v8.2.0>

### [`v8.2`](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0)

[Compare Source](SonarSource/sonarqube-scan-action@v8.1.0...v8.2.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTYuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIxNi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->

Reviewed-on: https://git.tainton.uk/repos/pypilot/pulls/453
Reviewed-by: Luke Tainton <luke@tainton.uk>
Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk>
Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants