This GitHub Action automates the process of updating an analyzer's version within SonarQube or SonarCloud. It checks out the respective product repository, modifies the build.gradle file with the new version, and creates a pull request with the changes.
The action updates analyzer versions by:
- Determining the target repository based on the ticket prefix (
SONAR-for SonarQube orSC-for SonarCloud) - Checking out the appropriate product repository (
sonar-enterpriseorsonarcloud-core) - Updating the analyzer version in the build.gradle file using sed commands
- Creating a pull request with the changes using the specified GitHub token from Vault
The secret-name provided to the action must have the following permissions for the target repository (e.g., SonarSource/sonar-enterprise):
contents: writepull-requests: write
An example PR how to request a token with those permissions can be found here.
This action depends on:
- SonarSource/vault-action-wrapper@v3 for secure token retrieval
- actions/checkout@v4 for repository checkout
- peter-evans/create-pull-request@v6 for pull request creation
| Input | Description | Required | Default |
|---|---|---|---|
release-version |
The new version to set for the analyzer (e.g., 1.12.0.12345). |
true |
|
ticket-key |
The Jira ticket number. Must start with SONAR- (for SonarQube) or SC- (for SonarCloud). |
true |
|
plugin-name |
The language key of the plugin to update. It will always be used as a part of the PR title and commit message. It can be used to match the artifact in the build script (i.e. it should be the X in sonar-X-plugin), unless plugin-artifacts input is provided. |
true |
|
secret-name |
Name of the secret for GitHub token to fetch from the vault that has permissions to create pull requests in the target Github repository. | true |
|
plugin-artifacts |
Comma-separated list of plugin artifact names (any X in sonar-X-plugin) that will be used instead of plugin-name when provided. |
false |
|
base-branch |
The base branch for the pull request. | false |
master |
draft |
A boolean value (true/false) to control if the pull request is created as a draft. When true, the commit message is prefixed with [DO NOT MERGE] instead of the ticket key. |
false |
false |
reviewers |
A comma-separated list of GitHub usernames to request a review from (e.g., user1,user2). |
false |
|
pull-request-body |
The body of the pull request. | false |
| Output | Description |
|---|---|
pull-request-url |
The URL of the created pull request. |
- name: Update Analyzer
uses: SonarSource/release-github-actions/update-analyzer@v1
with:
release-version: '1.12.0.12345'
ticket-key: 'SONAR-12345'
plugin-name: 'php'
secret-name: 'sonar-php-release-automation'- name: Update Analyzer
uses: SonarSource/release-github-actions/update-analyzer@v1
with:
release-version: '1.12.0.12345'
ticket-key: 'SONAR-12345'
plugin-name: 'php'
secret-name: 'sonar-php-release-automation'
draft: true- name: Update Analyzer
uses: SonarSource/release-github-actions/update-analyzer@v1
with:
release-version: '1.12.0.12345'
ticket-key: 'SC-67890'
plugin-name: 'java'
secret-name: 'sonar-java-release-automation'
base-branch: 'develop'
reviewers: 'user1,user2'
pull-request-body: 'This PR updates the Java analyzer to the latest version.'- name: Update Multiple Analyzers
uses: SonarSource/release-github-actions/update-analyzer@v1
with:
release-version: '1.12.0.12345'
ticket-key: 'SONAR-12345'
plugin-name: 'jvm'
plugin-artifacts: 'java,kotlin,scala'
secret-name: 'jvm-release-automation'The action uses a composite action that:
- Uses the SonarSource Vault action wrapper to securely retrieve GitHub tokens
- Determines the target repository based on ticket prefix validation
- Uses sparse checkout for efficient repository cloning (only the build.gradle file)
- Updates analyzer versions using sed pattern matching for
sonar-X-pluginartifacts - Creates pull requests with standardized naming conventions and commit messages
- Supports both single plugin updates and multiple plugin artifacts in one PR
The action will fail with a non-zero exit code if:
- The ticket format is invalid (doesn't start with
SONAR-orSC-) - The Vault token retrieval fails
- The target repository checkout fails
- The build.gradle file modification fails
- The pull request creation fails
- This action specifically targets SonarSource product repositories (
sonar-enterpriseandsonarcloud-core) - The action uses sparse checkout to minimize data transfer and processing time
- Branch naming follows the pattern:
{plugin-name}/update-analyzer-{release-version} - Commit messages and PR titles follow standardized formats for consistency
- The action supports both individual plugin updates and batch updates for multiple related plugins
- All GitHub tokens are securely retrieved from HashiCorp Vault using the SonarSource wrapper action