Skip to content

SCANNPM-127 Fix release#381

Merged
zglicz merged 8 commits intomasterfrom
fix-release
Jan 7, 2026
Merged

SCANNPM-127 Fix release#381
zglicz merged 8 commits intomasterfrom
fix-release

Conversation

@vdiez
Copy link
Contributor

@vdiez vdiez commented Jan 7, 2026

…20.6 (#379)"

This reverts commit 7a75b64.

Part of

@vdiez vdiez requested a review from zglicz January 7, 2026 15:08
@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title Fix release SCANNPM-127 Fix release Jan 7, 2026
@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Jan 7, 2026
edited by atlassian bot
Loading

SCANNPM-127

zglicz
zglicz approved these changes Jan 7, 2026
View reviewed changes
Copy link
Contributor

@zglicz zglicz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤞 for QA

zglicz and others added 5 commits January 7, 2026 16:48
@zglicz @claude
Pass environment to SonarQube spawn to inherit JAVA_HOME
febf55c 
Explicitly pass process.env to spawn so SonarQube uses the Java
version configured via mise (Java 21) instead of system default.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@zglicz @claude
Fix Java path for SonarQube startup by prepending JAVA_HOME/bin to PATH
aa5f02c 
SonarQube's wrapper uses `which java` which finds mise shim.
When run from SQ directory (no .mise.toml), shim falls back to system Java 17.

Fix: prepend $JAVA_HOME/bin to PATH so `which java` finds correct binary.
Added debug logs to verify Java paths.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@zglicz @claude
Test with mise 2025.11.2 (PATH fixes) instead of PATH prepend
e6b7c55 
Try newer mise version which has PATH preservation fixes.
Keep debug logs for JAVA_HOME and PATH.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@zglicz @claude
Test without explicit env: process.env in spawn
b629911 
Check if mise 2025.11.2 works without explicitly passing env.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@zglicz @claude
Remove debug logs from SonarQube startup
8d4d269 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@zglicz zglicz mentioned this pull request Jan 7, 2026
Closed
1 task
@zglicz zglicz enabled auto-merge (squash) January 7, 2026 16:20
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 7, 2026

SonarQube reviewer guide

Important

We are currently testing different models for AI Summary.
Please give us your feedback by filling this form.

Model A:

Summary: Update mise version to 2025.11.2, configure Java 21, rename scanner entry file from .ts to .js, add knip for dead code detection, and remove build validation step.

Review Focus: The TypeScript to JavaScript rename in bin/sonar-scanner (no extension change in functionality, just file extension), the new knip dependency and configuration for unused code detection, and the removal of build validation logic in the release workflow.

Start review at: bin/sonar-scanner.js and tsconfig.json. These files reflect the main structural change from TypeScript to JavaScript entry point, which affects the build process and may indicate a broader shift in how the scanner is executed.

Model B:

Summary: Update mise tool version, add dead code detection tooling, refactor entry point from TypeScript to JavaScript, and remove redundant build validation.

Review Focus:

  • The conversion of bin/sonar-scanner.ts to .js and corresponding tsconfig changes—verify the JavaScript file is functionally equivalent and properly configured
  • The addition of knip (dead code detector) with its configuration in knip.json—ensure entry points and ignore patterns are correctly defined
  • The removal of build validation step in release workflow—confirm this validation is no longer necessary or is covered elsewhere
  • Java 21 explicit configuration in one CI job—verify this is intentional and doesn't cause version conflicts

Start review at: knip.json. This is a new configuration file that establishes the project's dead code detection rules and entry points. It's critical to validate that all actual entry points are captured and that legitimate build artifacts/fixtures aren't incorrectly flagged as unused code, which could cause false positives in future CI runs.

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@zglicz zglicz merged commit 62fc21d into master Jan 7, 2026
6 checks passed
@zglicz zglicz deleted the fix-release branch January 7, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zglicz zglicz zglicz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vdiez @zglicz