SONARIAC-2096 Add "Update Analyzer" Github Action (#11)

yasen-pavlov-sonarsource · jonas-wielage-sonarsource · web-flow · commit 42610d1bf0b0 · 2025-07-29T13:06:29.000+02:00
* add 'Update Analyzer' Github Action

* fix typo in readme

* update sed command

* Update update-analyzer/action.yml

Co-authored-by: Jonas Wielage &lt;jonas.wielage@sonarsource.com&gt;

* fix review issues

---------

Co-authored-by: Jonas Wielage &lt;jonas.wielage@sonarsource.com&gt;
diff --git a/README.md b/README.md
@@ -10,4 +10,4 @@ A centralized collection of reusable GitHub Actions designed to streamline and a
 * [**Publish GitHub Release**](publish-github-release/README.md): Publishes a GitHub Release with notes fetched from Jira or provided directly.
 * [**Release Jira Version**](release-jira-version/README.md): Releases a Jira version and creates the next one.
 * [**Update integration tickets**](update-integration-tickets/README.md): Finds and optionally updates SQS and SC integration tickets.
-
+* [**Update Analyzer**](update-analyzer/README.md): Updates an analyzer version in SonarQube or SonarCloud and creates a pull request.
diff --git a/update-analyzer/README.md b/update-analyzer/README.md
@@ -0,0 +1,87 @@
+# Update Analyzer Action
+
+This GitHub Action automates the process of updating an analyzer's version within SonarQube or SonarCloud. It checks out the respective product repository, modifies the `build.gradle` file with the new version, and opens a pull request with the changes.
+
+The action determines whether to target SonarQube (`sonar-enterprise`) or SonarCloud (`sonarcloud-core`) based on the prefix of the provided `ticket` number (`SONAR-` or `SC-`).
+
+## Prerequisites
+
+The `github-token` provided to the action must have the following permissions for the target repository (e.g., `SonarSource/sonar-enterprise`):
+  * `contents: write`
+  * `pull-requests: write`
+
+An example PR how to request a token with those permissions can be found [here](https://github.com/SonarSource/re-terraform-aws-vault/pull/6693).
+
+## Inputs
+
+| Input             | Description                                                                                 | Required | Default  |
+|-------------------|---------------------------------------------------------------------------------------------|----------|----------|
+| `version`         | The new version to set for the analyzer (e.g., `1.12.0.12345`).                             | `true`   |          |
+| `ticket`          | The Jira ticket number. Must start with `SONAR-` (for SonarQube) or `SC-` (for SonarCloud). | `true`   |          |
+| `plugin-language` | The language key of the plugin to update (e.g., `architecture`, `java`).                    | `true`   |          |
+| `github-token`    | A GitHub token with permissions to create pull requests in the target repository.           | `true`   |          |
+| `base_branch`     | The base branch for the pull request.                                                       | `false`  | `master` |
+| `draft`           | A boolean value (`true`/`false`) to control if the pull request is created as a draft.      | `false`  | `false`  |
+| `reviewers`       | A comma-separated list of GitHub usernames to request a review from (e.g., `user1,user2`).  | `false`  |          |
+| `body`            | The body of the pull request.                                                               | `false`  |          |
+
+
+## Outputs
+
+| Output   | Description                          |
+|----------|--------------------------------------|
+| `pr-url` | The URL of the created pull request. |
+
+## Example Usage
+
+Here is an example of how to use this action in a workflow. This workflow can be triggered manually (`workflow_dispatch`) and uses a secret to provide the required token. The second job demonstrates how to use the `pr-url` output.
+
+```yaml
+# .github/workflows/update-my-analyzer.yml
+name: Manually Update Analyzer
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'The new analyzer version (e.g. 1.12.0.12345)'
+        required: true
+        type: string
+      ticket:
+        description: 'The Jira ticket number (e.g. SONAR-12345)'
+        required: true
+        type: string
+
+jobs:
+  update-analyzer:
+    name: Update PHP Analyzer in SonarQube
+    runs-on: ubuntu-latest
+    outputs:
+      pull_request_url: ${{ steps.update_step.outputs.pr-url }}
+    steps:
+      - name: get secrets
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@d1c1ab4ca5ad07fd9cdfe1eff038a39673dfca64  # v2.4.2-1
+        with:
+          secrets: |
+            development/github/token/SonarSource-sonar-php-release-automation token | GITHUB_TOKEN;
+ 
+      - name: Update analyzer and create PR
+        id: update_step
+        uses: SonarSource/release-github-actions/update-analyzer@master
+        with:
+          version: ${{ inputs.version }}
+          ticket: ${{ inputs.ticket }}
+          plugin-language: 'php'
+          github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
+          draft: true
+
+  report-pr-url:
+    name: Report PR URL
+    runs-on: ubuntu-latest
+    needs: update-analyzer
+    if: needs.update-analyzer.outputs.pull_request_url != ''
+    steps:
+      - name: Echo the PR URL
+        run: |
+          echo "Pull request created at: ${{ needs.update-analyzer.outputs.pull_request_url }}"
diff --git a/update-analyzer/action.yml b/update-analyzer/action.yml
@@ -0,0 +1,89 @@
+name: 'Update Analyzer'
+description: 'Updates the version of a specified analyzer in SonarQube or SonarCloud and creates a pull request.'
+author: 'SonarSource'
+
+inputs:
+  version:
+    description: 'The new version to set for the analyzer (e.g., 1.12.0.12345).'
+    required: true
+  ticket:
+    description: 'The Jira ticket number (e.g., SONAR-12345 or SC-12345). This determines the target product.'
+    required: true
+  plugin-language:
+    description: 'The language key of the plugin to update (e.g., architecture, java, csharp).'
+    required: true
+  github-token:
+    description: 'A GitHub token with permissions to create pull requests in the target repository.'
+    required: true
+  base_branch:
+    description: 'The base branch for the product pull request.'
+    required: false
+    default: 'master'
+  draft:
+    description: 'A boolean value to control if the pull request is created as a draft.'
+    required: false
+    default: 'false'
+  reviewers:
+    description: 'A comma-separated list of GitHub usernames to request a review from.'
+    required: false
+  pr_body:
+    description: 'The body of the pull request.'
+    required: false
+
+outputs:
+  pr-url:
+    description: 'The URL of the created pull request.'
+    value: ${{ steps.create_pr.outputs.pull-request-url }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up environment
+      id: setup_env
+      shell: bash
+      run: |
+        if [[ "${{ inputs.ticket }}" == SONAR-* ]]; then
+          echo "PRODUCT_REPOSITORY=sonar-enterprise" >> $GITHUB_ENV
+          echo "BUILD_GRADLE_FILE=build.gradle" >> $GITHUB_ENV
+        elif [[ "${{ inputs.ticket }}" == SC-* ]]; then
+          echo "PRODUCT_REPOSITORY=sonarcloud-core" >> $GITHUB_ENV
+          echo "BUILD_GRADLE_FILE=private/edition-sonarcloud/build.gradle" >> $GITHUB_ENV
+        else
+          echo "::error::Invalid ticket format. Must start with SONAR- or SC-."
+          exit 1
+        fi
+
+    - name: Checkout target repository
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      with:
+        repository: SonarSource/${{ env.PRODUCT_REPOSITORY }}
+        ref: ${{ inputs.base_branch }}
+        sparse-checkout: ${{ env.BUILD_GRADLE_FILE }}
+        sparse-checkout-cone-mode: false
+        fetch-depth: 0
+        token: ${{ inputs.github-token }}
+
+    - name: Update analyzer version in build file
+      shell: bash
+      run: |
+        set -euo pipefail
+        echo "Updating analyzer version in ${{ env.BUILD_GRADLE_FILE }} for plugin ${{ inputs.plugin-language }}"
+        
+        sed -i "s/\(:sonar-${{ inputs.plugin-language }}.*-plugin:\)[0-9.]*/\1${{ inputs.version }}/g" ${{ env.BUILD_GRADLE_FILE }}
+        
+        echo "Showing diff:"
+        git --no-pager diff ${{ env.BUILD_GRADLE_FILE }}
+
+    - name: Create Pull Request
+      id: create_pr
+      uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+      with:
+        author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+        commit-message: '${{ inputs.ticket }} Update `${{ inputs.plugin-language }}` plugins to version ${{ inputs.version }}'
+        title: '${{ inputs.ticket }} Update `${{ inputs.plugin-language }}` to version ${{ inputs.version }}'
+        body: ${{ inputs.pr_body }}
+        base: ${{ inputs.base_branch }}
+        branch: '${{ inputs.plugin-language }}/update-analyzer-${{ inputs.version }}'
+        token: ${{ inputs.github-token }}
+        draft: ${{ inputs.draft }}
+        reviewers: ${{ inputs.reviewers }}
