SCSCANGHA-28 Rebranding

Author: antonioaversa

README.md

@@ -1,131 +1,150 @@
-# Analyze your code for free with SonarCloud
+# Scan your code with SonarQube Cloud [![QA](https://github.com/SonarSource/sonarcloud-github-action/actions/workflows/qa.yml/badge.svg)](https://github.com/SonarSource/sonarcloud-github-action/actions/workflows/qa.yml)
 
-This SonarSource project, available as a GitHub Action, scans your projects with SonarCloud, and helps developers produce 
-[Clean Code](https://www.sonarsource.com/solutions/clean-code/?utm_medium=referral&utm_source=github&utm_campaign=clean-code&utm_content=sonarqube-scan-action).
+> [!WARNING]
+> This action is deprecated and will be removed in a future release. 
+> Please use the `sonarqube-scan-action` action instead. 
+> The `sonarqube-scan-action` is a drop-in replacement for this action.
 
-<img src="./images/SonarCloud-72px.png">
+This SonarSource project, available as a GitHub Action, scans your projects with SonarQube [Cloud](https://www.sonarsource.com/products/sonarcloud/).
 
-[SonarCloud](https://www.sonarsource.com/products/sonarcloud/) is a widely used static analysis solution for continuous code quality and security inspection. 
-It helps developers identify and fix issues in their code that could lead to bugs, vulnerabilities, or decreased development velocity.
-SonarCloud supports the most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and [many more](https://www.sonarsource.com/knowledge/languages/).
+![Logo](./images/SQ_Logo_Cloud_Dark_Backgrounds.png#gh-dark-mode-only)
+![Logo](./images/SQ_Logo_Cloud_Light_Backgrounds.png#gh-light-mode-only)
+
+SonarQube [Cloud](https://www.sonarsource.com/products/sonarcloud/) (formerly SonarCloud) is a widely used static analysis solution for continuous code quality and security inspection.
+
+It helps developers detect coding issues in 30+ languages, frameworks, and IaC platforms, including Java, JavaScript, TypeScript, C#, Python, C, C++, and [many more](https://www.sonarsource.com/knowledge/languages/).
+
+The solution also provides fix recommendations leveraging AI with Sonar's AI CodeFix capability.
 
 ## Requirements
 
-* Create your account on SonarCloud. Sign up for free now if it's not already the case! [SonarCloud Sign up](https://www.sonarsource.com/products/sonarcloud/signup/?utm_medium=referral&utm_source=github&utm_campaign=sc-signup&utm_content=signup-sonarcloud-listing-x-x&utm_term=ww-psp-x)
-* The repository to analyze is set up on SonarCloud. [Set it up](https://sonarcloud.io/projects/create) in just one click.
+* Create your account on SonarQube Cloud. [Sign up for free](https://www.sonarsource.com/products/sonarcloud/signup/?utm_medium=referral&utm_source=github&utm_campaign=sc-signup&utm_content=signup-sonarcloud-listing-x-x&utm_term=ww-psp-x) now if it's not already the case!
+* The repository to analyze is set up on SonarQube Cloud. [Set it up](https://sonarcloud.io/projects/create) in just one click.
 
 ## Usage
 
 Project metadata, including the location of the sources to be analyzed, must be declared in the file `sonar-project.properties` in the base directory:
 
 ```properties
-sonar.organization=<replace with your SonarCloud organization key>
-sonar.projectKey=<replace with the key generated when setting up the project on SonarCloud>
+sonar.organization=<replace with your SonarQube Cloud organization key>
+sonar.projectKey=<replace with the key generated when setting up the project on SonarQube Cloud>
 
 # relative paths to source directories. More details and properties are described
-# in https://sonarcloud.io/documentation/project-administration/narrowing-the-focus/
+# at https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/analysis-scope/
 sonar.sources=.
 ```
 
-The workflow, usually declared in `.github/workflows/build.yml`, looks like:
+The workflow, usually declared under `.github/workflows`, looks like:
 
 ```yaml
 on:
-  # Trigger analysis when pushing in master or pull requests, and when creating
-  # a pull request.
+  # Trigger analysis when pushing to your main branches, and when creating a pull request.
   push:
     branches:
+      - main
       - master
+      - develop
+      - 'releases/**'
   pull_request:
       types: [opened, synchronize, reopened]
+
 name: Main Workflow
 jobs:
-  sonarcloud:
+  sonarqube:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
       with:
-        # Disabling shallow clone is recommended for improving relevancy of reporting
+        # Disabling shallow clones is recommended for improving the relevancy of reporting
         fetch-depth: 0
-    - name: SonarCloud Scan
-      uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
+    - name: SonarQube Scan
+      uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v4.0.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 ```
 
+## Action parameters
+
 You can change the analysis base directory by using the optional input `projectBaseDir` like this:
 
 ```yaml
-uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
-with:
-  projectBaseDir: my-custom-directory
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  with:
+    projectBaseDir: app/src
+```
+
+In case you need to specify the version of the Sonar Scanner, you can use the `scannerVersion` option:
+
+```yaml
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  with:
+    scannerVersion: 6.2.0.4584
 ```
 
-In case you need to add additional analysis parameters, you can use the `args` option:
+In case you need to add additional analysis parameters, and you do not wish to set them in the `sonar-project.properties` file, you can use the `args` option:
 
 ```yaml
-- name: Analyze with SonarCloud
-  uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
+- uses: sonarsource/sonarcloud-github-action@<action version>
   with:
-    projectBaseDir: my-custom-directory
+    projectBaseDir: app/src
     args: >
       -Dsonar.organization=my-organization
       -Dsonar.projectKey=my-projectkey
       -Dsonar.python.coverage.reportPaths=coverage.xml
       -Dsonar.sources=lib/
-      -Dsonar.test.exclusions=tests/**
       -Dsonar.tests=tests/
+      -Dsonar.test.exclusions=tests/**
       -Dsonar.verbose=true
 ```
 
-More information about possible analysis parameters is found in the documentation at:
-https://docs.sonarcloud.io/advanced-setup/analysis-parameters
-
-In case you need to specify the version of the Sonar Scanner, you can use the `scannerVersion` option:
+You can also specify the URL where to retrieve the SonarScanner CLI from.
+The specified URL overrides the default address: `https://binaries.sonarsource.com/Distribution/sonar-scanner-cli`.
+This can be useful when the runner executing the action is self-hosted and has regulated or no access to the Internet:
 
 ```yaml
-uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
-with:
-  scannerVersion: 6.2.0.4584
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  with:
+    scannerBinariesUrl: https://my.custom.binaries.url.com/Distribution/sonar-scanner-cli/
 ```
 
-See also example configurations at:
-https://github.com/sonarsource/sonarcloud-github-action-samples/
+More information about possible analysis parameters can be found in the [Analysis parameters page](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/analysis-parameters/) of the SonarQube Cloud documentation.
 
-### Secrets
+### Environment variables
 
-- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarCloud. You can generate a token on your [Security page in SonarCloud](https://sonarcloud.io/account/security/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository.
+- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens in the [documentation](https://docs.sonarsource.com/sonarqube-cloud/managing-your-account/managing-tokens/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
 - *`GITHUB_TOKEN` – Provided by Github (see [Authenticating with the GITHUB_TOKEN](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)).*
+- `SONAR_ROOT_CERT` – Holds an additional certificate (in PEM format) that is used to validate the certificate of a secured proxy to SonarQube Cloud. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
 
-## Error cleaning up workspace
+Here is an example of how you can pass a certificate (in PEM format) to the Scanner truststore:
 
-In some cases, the checkout action may fail to clean up the workspace. This is a known problem for GitHub actions implemented as a docker container (such as `sonarcloud-github-actions`) when self-hosted runners are used. 
-Example of the error message: `File was unable to be removed Error: EACCES: permission denied, unlink '/actions-runner/_work//project/.scannerwork/.sonar_lock'`
-To work around the problem, `sonarcloud-github-action` attempts to fix the permission of the temporary files that it creates. If that doesn't work, you can manually clean up the workspace by running the following action:
-```
-- name: Clean the workspace
-  uses: docker://alpine
-  with:
-    args: /bin/sh -c "find \"${GITHUB_WORKSPACE}\" -mindepth 1 ! -name . -prune -exec rm -rf {} +"
+```yaml
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  env:
+    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
 ```
-You can find more info [here](https://github.com/actions/runner/issues/434).
 
-## Example of pull request analysis
+If your source code file names contain special characters that are not covered by the locale range of `en_US.UTF-8`, you can configure your desired locale like this:
 
-<img src="./images/SonarCloud-analysis-in-Checks.png">
+```yaml
+- uses: sonarsource/sonarcloud-github-action@<action version>
+  env:
+    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    LC_ALL: "ru_RU.UTF-8"
+```
 
-Want to see more examples of SonarCloud in action? You can [explore current Open Source projects in SonarCloud](https://sonarcloud.io/explore/projects?sort=-analysis_date?utm_medium=referral&utm_source=github&utm_campaign=sc-signup&utm_content=signup-sonarcloud-listing-x-x&utm_term=ww-psp-x) that are using the Clean as You Code methodology.
+## Alternatives for Java, .NET, and C/C++ projects
 
-## Do not use this GitHub action if you are in the following situations
+This GitHub Action will not work for all technologies. If you are in one of the following situations, you should use the following alternatives:
 
-* Your code is built with Maven: run 'org.sonarsource.scanner.maven:sonar' during the build
-* Your code is built with Gradle: use the SonarQube plugin for Gradle during the build
-* You want to analyze a .NET solution: Follow our interactive tutorial for GitHub Actions after importing your project directly into SonarCloud
-* You want to analyze C and C++ code: rely on our [SonarCloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) and look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=)
+* Your code is built with Maven. Read the documentation about our [SonarScanner for Maven](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-maven/).
+* Your code is built with Gradle. Read the documentation about our [SonarScanner for Gradle](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-gradle/).
+* You want to analyze a .NET solution. Read the documentation about our [SonarScanner for .NET](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-dotnet/introduction/).
+* You want to analyze C or C++ code. Starting from SonarQube 10.6, this GitHub Action will scan C and C++ out of the box. If you want to have better control over the scan configuration/setup, you can switch to the [SonarQube Cloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) GitHub Action - look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=).
 
 ## Have questions or feedback?
 
-To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/) with the tag `sonarcloud`.
+To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/tags/c/help/sc/9/github-actions).
 
 ## License
 

action.yml

@@ -1,4 +1,4 @@
-name: SonarCloud Scan
+name: SonarQube Cloud Scan
 description: >
   Scan your code with SonarQube Cloud to detect coding issues in 30+ 
   languages, frameworks, and IaC platforms.