SQSCANGHA-92 Validate scanner version (#189)

Co-authored-by: Julien HENRY <[email protected]>

Author: csaba-feher-sonarsource

.github/workflows/qa-main.yml

@@ -809,3 +809,26 @@ jobs:
           [ -f "$SONAR_SSL_FOLDER/truststore.p12" ] || exit 1
           TRUSTSTORE_P12_MOD_TIME_T3=$(stat -c %Y "$SONAR_SSL_FOLDER/truststore.p12")
           [ "$TRUSTSTORE_P12_MOD_TIME_T2" != "$TRUSTSTORE_P12_MOD_TIME_T3" ] || exit 1
+  scannerVersionValidationTest:
+    name: >
+      'scannerVersion' input validation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run action with invalid scannerVersion
+        id: invalid_version
+        uses: ./
+        continue-on-error: true
+        with:
+          scannerVersion: "7.1.0-SNAPSHOT"
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
+        env:
+          NO_CACHE: true
+          SONAR_HOST_URL: http://not_actually_used
+      - name: Assert failure of previous step
+        if: steps.invalid_version.outcome == 'success'
+        run: |
+          echo "Action with invalid scannerVersion should have failed but succeeded"
+          exit 1

action.yml

@@ -30,6 +30,7 @@ runs:
       shell: bash
       env:
         INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
+        INPUT_SCANNERVERSION: ${{ inputs.scannerVersion }}
     - name: Load Sonar Scanner CLI from cache
       id: sonar-scanner-cli
       uses: actions/cache@v4

scripts/sanity-checks.sh

@@ -2,6 +2,11 @@
 
 set -eo pipefail
 
+if [[ ! "${INPUT_SCANNERVERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  echo "::error title=SonarScanner::Invalid scannerVersion format. Expected format: x.y.z.w (e.g., 7.1.0.4889)"
+  exit 1
+fi
+
 if [[ -z "${SONAR_TOKEN}" ]]; then
   echo "::warning title=SonarScanner::Running this GitHub Action without SONAR_TOKEN is not recommended"
 fi