Skip to content

BUILD-11270: Add README for check-sca action#251

Merged
julien-carsique-sonarsource merged 2 commits into
masterfrom
feat/bwalsh/BUILD-11270-add-readme-for-check-sca-action
May 7, 2026
Merged

BUILD-11270: Add README for check-sca action#251
julien-carsique-sonarsource merged 2 commits into
masterfrom
feat/bwalsh/BUILD-11270-add-readme-for-check-sca-action

Conversation

@bwalsh434
Copy link
Copy Markdown
Contributor

@bwalsh434 bwalsh434 commented May 7, 2026
edited
Loading

What Changed?

  • Adds README for check-sca action
  • Changes local check-sca action invocation to use github-ubuntu-latest-s per the docs

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown

hashicorp-vault-sonar-prod Bot commented May 7, 2026
edited by atlassian Bot
Loading

BUILD-11270

@bwalsh434 bwalsh434 marked this pull request as ready for review May 7, 2026 09:00
@bwalsh434 bwalsh434 requested a review from a team as a code owner May 7, 2026 09:00
Copilot AI review requested due to automatic review settings May 7, 2026 09:00
@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented May 7, 2026
edited
Loading

Summary

This PR adds documentation for the check-sca action and updates the internal test workflow. The new README section covers the action's purpose (verifying SonarQube SCA ran for a project), its requirements (GitHub permissions and Vault access), usage examples, and all inputs/outputs. The workflow file has been updated to use the local action reference and changed to github-ubuntu-latest-s runner, which aligns with the documentation guidance for public repositories.

What reviewers should know

Start with: The README section at the bottom of the file (## check-sca) shows the full user-facing documentation including the recommended runner choice for different scenarios.

Key points for reviewers:

  • The workflow file is now a self-testing example—it uses sparse-checkout to fetch only the action directory and then runs ./check-sca locally instead of calling the remote version. This is intentional and good practice for GitHub action repositories.
  • The runner changed from ubuntu-latest to github-ubuntu-latest-s. The README documents this choice: private repos should use sonar-xs, public repos should use github-ubuntu-latest-s.
  • The README documents the action's discovery mechanism (looks for project keys in multiple config files), required permissions (id-token: write and contents: read), and Vault access needs.
  • All three inputs have defaults and are optional; all outputs are conditionally set based on success/failure.
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds end-user documentation for the new check-sca GitHub Action to the repository’s main README, including requirements, usage, inputs, and outputs.

Changes:

  • Adds check-sca to the README action index.
  • Introduces a new ## check-sca section documenting behavior, requirements, and configuration.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread README.md Outdated
Comment thread README.md Outdated
Comment thread README.md
sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

@bwalsh434 bwalsh434 force-pushed the feat/bwalsh/BUILD-11270-add-readme-for-check-sca-action branch from 9bc9d5a to f224295 Compare May 7, 2026 09:16
sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

@bwalsh434 bwalsh434 force-pushed the feat/bwalsh/BUILD-11270-add-readme-for-check-sca-action branch from c2930ce to d30fba5 Compare May 7, 2026 09:23
sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

@bwalsh434 bwalsh434 force-pushed the feat/bwalsh/BUILD-11270-add-readme-for-check-sca-action branch from d30fba5 to 2ec0588 Compare May 7, 2026 09:25
sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

bwalsh434
bwalsh434 commented May 7, 2026
View reviewed changes
Comment thread README.md Outdated
bwalsh434
bwalsh434 commented May 7, 2026
View reviewed changes
Comment thread .github/workflows/check-sca.yml Outdated
julien-carsique-sonarsource
julien-carsique-sonarsource approved these changes May 7, 2026
View reviewed changes
Comment thread README.md
Comment thread .github/workflows/check-sca.yml Outdated
Comment thread README.md Outdated
@bwalsh434 @sonar-review-alpha @julien-carsique-sonarsource
BUILD-11270: Make check-sca locally run on github-ubuntu-latest-s
cd52d3a 
Co-authored-by: sonar-review-alpha[bot] <266116024+sonar-review-alpha[bot]@users.noreply.github.com>
@julien-carsique-sonarsource julien-carsique-sonarsource force-pushed the feat/bwalsh/BUILD-11270-add-readme-for-check-sca-action branch from 2ec0588 to cd52d3a Compare May 7, 2026 10:45
@julien-carsique-sonarsource julien-carsique-sonarsource enabled auto-merge (rebase) May 7, 2026 10:46
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 7, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Solid documentation addition — the inputs, outputs, Vault paths, permissions, and project-key discovery description all match the implementation. The workflow changes (runner, sparse-checkout, local action reference) are consistent with how test-build-number.yml and test-pr-cleanup.yml handle the same pattern.

🗣️ Give feedback

Comment thread README.md
@julien-carsique-sonarsource julien-carsique-sonarsource merged commit 9456e3a into master May 7, 2026
14 checks passed
@julien-carsique-sonarsource julien-carsique-sonarsource deleted the feat/bwalsh/BUILD-11270-add-readme-for-check-sca-action branch May 7, 2026 10:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@julien-carsique-sonarsource julien-carsique-sonarsource julien-carsique-sonarsource approved these changes

+1 more reviewer

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bwalsh434 @julien-carsique-sonarsource