Update SonarQube Community Server and CLI scanner version (#26)

* Upgrade Docker to 25.5 and change passwd

* update CLI version to 11.3

* test last release

* using branch name to run latest action code

* rename actions

* Change password

Author: gitricko

.github/workflows/test.yml

@@ -82,3 +82,28 @@ jobs:
           ISSUES=$(cat ./blahblah.json | jq -r '.component.measures[] | select(.metric == "open_issues").value')
           echo "# of issues = ${ISSUES}"
           [ "${ISSUES}" -le 3 ]
+
+  sonarless-action-test-on-main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Sonarless Scan
+        uses: gitricko/sonarless@main
+        with:
+          sonar-source-path: '.'
+          sonar-metrics-path: './blahblah.json'
+          sonar-instance-port: '9999'
+
+      - name: Check Sonar Metrics
+        run: |
+          echo "Checking for 0 vulnerabilities in Sonar Metrics JSON"
+          VULN=$(cat ./blahblah.json | jq -r '.component.measures[] | select(.metric == "vulnerabilities").value')
+          echo "# of vulnerabilities = ${VULN}"
+          [ "${VULN}" -eq "0" ]
+
+          echo "Checking for any issues <= 3 in Sonar Metrics JSON"
+          ISSUES=$(cat ./blahblah.json | jq -r '.component.measures[] | select(.metric == "open_issues").value')
+          echo "# of issues = ${ISSUES}"
+          [ "${ISSUES}" -le 3 ]

README.md

@@ -4,7 +4,7 @@
 ![GitHub Release](https://img.shields.io/github/v/release/gitricko/sonarless)
 ![GitHub commits since latest release](https://img.shields.io/github/commits-since/gitricko/sonarless/latest)
 
-# Sonarless v1.2
+# Sonarless v1.3
 
 This developer-friendly CLI and GitHub Action enable SonarQube scanning for your repository without the need for a dedicated hosted SonarQube server. It starts a SonarQube Docker instance, allowing developers to scan code, check results, and generate a JSON metrics file for automation. This ensures you can easily assess and maintain the quality of your code.
 
@@ -49,7 +49,7 @@ Enjoy!!!
 To understand CLI sub-commands, just run `sonarless help`
 
 Usually, you only need to know 2 sub-commands
-- `sonarless scan`: to start scanning your code in the current directory will be uploaded for scanning. When the scan is done, just login webui into your local personal instance of sonarqube via [http://localhost:9234](http://localhost:9234) to get details from SonarQube. The default password for `admin` is `sonarless`
+- `sonarless scan`: to start scanning your code in the current directory will be uploaded for scanning. When the scan is done, just login webui into your local personal instance of sonarqube via [http://localhost:9234](http://localhost:9234) to get details from SonarQube. The default password for `admin` is `Son@rless123`
 
 - `sonarless results`: to generate `sonar-metrics.json` metrics file in your current directory
 
@@ -62,7 +62,7 @@ This CLI works perfectly with Github CodeSpace
 
 <!-- start usage -->
 ```yaml
-- uses: gitricko/sonarless@v1.2
+- uses: gitricko/sonarless@v1.3
   with:
     # Folder path to scan from git-root
     # Default: . 
@@ -100,7 +100,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Sonarless Scan
-        uses: gitricko/sonarless@v1.2
+        uses: gitricko/sonarless@v1.3
 ```
 
 ## Scan particular folder from git root directory
@@ -114,7 +114,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Sonarless Scan
-        uses: gitricko/sonarless@v1.2
+        uses: gitricko/sonarless@v1.3
         with:
           sonar-source-path: 'src'
 ```
@@ -130,7 +130,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Sonarless Scan
-        uses: gitricko/sonarless@v1.2
+        uses: gitricko/sonarless@v1.3
         with:
           sonar-source-path: 'src'
           sonar-metrics-path: './sonar-mymetrics.json'
@@ -154,7 +154,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Sonarless Scan
-        uses: gitricko/sonarless@v1.2
+        uses: gitricko/sonarless@v1.3
         with:
           sonar-instance-port: '1234'
 ```

makefile.sh

@@ -9,8 +9,8 @@ export SONAR_SOURCE_PATH=${SONAR_SOURCE_PATH:-"."}
 export SONAR_METRICS_PATH=${SONAR_METRICS_PATH:-"./sonar-metrics.json"}
 export SONAR_EXTENSION_DIR="${HOME}/.sonarless/extensions"
 
-export DOCKER_SONAR_CLI=${DOCKER_SONAR_CLI:-"sonarsource/sonar-scanner-cli:10.0"}
-export DOCKER_SONAR_SERVER=${DOCKER_SONAR_SERVER:-"sonarqube:10.6-community"}
+export DOCKER_SONAR_CLI=${DOCKER_SONAR_CLI:-"sonarsource/sonar-scanner-cli:11.3"}
+export DOCKER_SONAR_SERVER=${DOCKER_SONAR_SERVER:-"sonarqube:25.5.0.107428-community"}
 
 export CLI_NAME="sonarless"
 
@@ -91,13 +91,13 @@ function start() {
         exit 1
     fi
 
-    # 2. Reset admin password to sonarless
+    # 2. Reset admin password to sonarless123
     curl -s -X POST -u "admin:admin" \
-        -d "login=admin&previousPassword=admin&password=sonarless" \
+        -d "login=admin&previousPassword=admin&password=Son@rless123" \
         "http://localhost:${SONAR_INSTANCE_PORT}/api/users/change_password"
     echo "Local sonarqube URI: http://localhost:${SONAR_INSTANCE_PORT}" 
 
-    echo "Credentials: admin/sonarless"
+    echo "Credentials: admin/Son@rless123"
 
 }
 
@@ -109,14 +109,14 @@ function scan() {
     start
 
     # 1. Create default project and set default fav
-    curl -s -u "admin:sonarless" -X POST "http://localhost:${SONAR_INSTANCE_PORT}/api/projects/create?name=${SONAR_PROJECT_NAME}&project=${SONAR_PROJECT_NAME}" | jq
-    curl -s -u "admin:sonarless" -X POST "http://localhost:${SONAR_INSTANCE_PORT}/api/users/set_homepage?type=PROJECT&component=${SONAR_PROJECT_NAME}"
+    curl -s -u "admin:Son@rless123" -X POST "http://localhost:${SONAR_INSTANCE_PORT}/api/projects/create?name=${SONAR_PROJECT_NAME}&project=${SONAR_PROJECT_NAME}" | jq
+    curl -s -u "admin:Son@rless123" -X POST "http://localhost:${SONAR_INSTANCE_PORT}/api/users/set_homepage?type=PROJECT&component=${SONAR_PROJECT_NAME}"
 
     echo "SONAR_GITROOT: ${SONAR_GITROOT}"
     echo "SONAR_SOURCE_PATH: ${SONAR_SOURCE_PATH}"
 
     # 2. Create token and scan using internal-ip becos of docker to docker communication
-    SONAR_TOKEN=$(curl -s -X POST -u "admin:sonarless" "http://localhost:${SONAR_INSTANCE_PORT}/api/user_tokens/generate?name=$(date +%s%N)" | jq -r .token)
+    SONAR_TOKEN=$(curl -s -X POST -u "admin:Son@rless123" "http://localhost:${SONAR_INSTANCE_PORT}/api/user_tokens/generate?name=$(date +%s%N)" | jq -r .token)
     export SONAR_TOKEN
 
     docker run --rm --network "${CLI_NAME}" \
@@ -133,7 +133,7 @@ function scan() {
         for _ in $(seq 1 120); do
             sleep 1
             printf .
-            status_value=$(curl -s -u "admin:sonarless" "http://localhost:${SONAR_INSTANCE_PORT}/api/qualitygates/project_status?projectKey=${SONAR_PROJECT_NAME}" | jq -r .projectStatus.status)
+            status_value=$(curl -s -u "admin:Son@rless123" "http://localhost:${SONAR_INSTANCE_PORT}/api/qualitygates/project_status?projectKey=${SONAR_PROJECT_NAME}" | jq -r .projectStatus.status)
             # Checking if the status value is not "NONE"
             if [[ "$status_value" != "NONE" ]]; then
                 echo
@@ -149,7 +149,7 @@ function scan() {
 
 function results() {
     # use this params to collect stats
-    curl -s -u "admin:sonarless" "http://localhost:${SONAR_INSTANCE_PORT}/api/measures/component?component=${SONAR_PROJECT_NAME}&metricKeys=bugs,vulnerabilities,code_smells,quality_gate_details,violations,duplicated_lines_density,ncloc,coverage,reliability_rating,security_rating,security_review_rating,sqale_rating,security_hotspots,open_issues" \
+    curl -s -u "admin:Son@rless123" "http://localhost:${SONAR_INSTANCE_PORT}/api/measures/component?component=${SONAR_PROJECT_NAME}&metricKeys=bugs,vulnerabilities,code_smells,quality_gate_details,violations,duplicated_lines_density,ncloc,coverage,reliability_rating,security_rating,security_review_rating,sqale_rating,security_hotspots,open_issues" \
         | jq -r > "${SONAR_GITROOT}/${SONAR_METRICS_PATH}"
     cat "${SONAR_GITROOT}/${SONAR_METRICS_PATH}"
     echo "Scan results written to  ${SONAR_GITROOT}/${SONAR_METRICS_PATH}"