Update plugin and tools

.github/workflows/cd.yml

@@ -24,13 +24,13 @@ on:
 env:
   DOCKERFILE_PATH: "."
   DOCKERFILE_FILENAME: "Dockerfile"
-  DOCKER_IMAGE_NAME: "lequal/sonar-scanner"
+  DOCKER_IMAGE_NAME: "lequal/sonar-scanner-catlab"
 
 jobs:
   # Job to test if a new version is ready to be released
   deliverability:
     name: Check if a new version must be released
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     # The job is run only if the CI workflow succeeded
     if: github.event.workflow_run.conclusion == 'success'
     outputs:
@@ -48,7 +48,7 @@ jobs:
           if [ "$milestones" == "[]" ]
           then
             echo No milestone completed, not delivering
-            echo "::set-output name=delivery::forbidden"
+            echo "delivery=forbidden" >> $GITHUB_OUTPUT
             exit 0
           fi
           echo -e "Completed milestones:\n$milestones"
@@ -62,17 +62,18 @@ jobs:
             exit 1
           fi
           echo Ready to deliver
-          echo "::set-output name=version::$version"
-          echo "::set-output name=milestone_number::$milestone_number"
-          echo "::set-output name=delivery::allowed"
+          echo "version=$version" >> $GITHUB_OUTPUT
+          echo "milestone_number=$milestone_number" >> $GITHUB_OUTPUT
+          echo "delivery=allowed" >> $GITHUB_OUTPUT
+
   release:
     name: Release a new version of the docker image
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs: deliverability
     if: needs.deliverability.outputs.delivery == 'allowed'
     steps:
       # git clone
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       # Merge develop into master (fast forward) and tag master
@@ -91,7 +92,7 @@ jobs:
         run: |
           tags=($(git tag --sort="-v:refname" | grep -P -e '[0-9]+\.[0-9]+\.[0-9]+'))
           echo The tag of the previous release is ${tags[1]}
-          echo "::set-output name=tag::${tags[1]}"
+          echo "tag=${tags[1]}" >> $GITHUB_OUTPUT
       # Generate the changelog since last release
       - name: Generate the changelog
         uses: charmixer/auto-changelog-action@v1
@@ -117,47 +118,78 @@ jobs:
 
   push_to_registry:
     name: Push Docker image to Docker Hub
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs: deliverability
     if: needs.deliverability.outputs.delivery == 'allowed'
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.DOCKER_IMAGE_NAME }}
 
       - name: Build and push Docker image to version number
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE_FILENAME }}
           push: true
           tags: ${{ env.DOCKER_IMAGE_NAME}}:${{ needs.deliverability.outputs.version }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Build and push Docker image to  lastest repo
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+      - name: Build and push Docker image to lastest repo
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE_FILENAME }}
           push: true
           tags: ${{ env.DOCKER_IMAGE_NAME }}:latest
           labels: ${{ steps.meta.outputs.labels }}
 
+      - name: Update repo description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+          repository: ${{ env.DOCKER_IMAGE_NAME }}
+
+      - name: Build and push Docker image old name to version number
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE_FILENAME }}
+          push: true
+          tags: lequal/sonar-scanner:${{ needs.deliverability.outputs.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Build and push Docker image old name to lastest repo
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE_FILENAME }}
+          push: true
+          tags: lequal/sonar-scanner:latest
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Update old name repo description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+          repository: lequal/sonar-scanner
 
   close_milestone:
     name: Close the milestone
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs:
       - deliverability
       - release

.github/workflows/ci.yml

@@ -25,13 +25,13 @@ on:
 env:
   DOCKERFILE_PATH: '.'
   DOCKERFILE_FILENAME: 'Dockerfile'
-  DOCKER_IMAGE_NAME: 'lequal/sonar-scanner'
+  DOCKER_IMAGE_NAME: 'lequal/sonar-scanner-catlab'
 
 jobs:
   # Job that builds the image and upload it as an artifact
   build:
     name: Build the docker image
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v2
       - name: Build docker image
@@ -46,7 +46,7 @@ jobs:
   # Jobs that test the image and the embedded tools
   test:
     name: Test the Docker image
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs: build
     steps:
       - uses: actions/checkout@v2

Dockerfile

@@ -1,41 +1,44 @@
 # Builder image for analysis tools
-FROM debian:11-slim AS builder
+FROM ubuntu:22.04 AS builder
 
 # Install tools from sources
-RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >> /etc/apt/sources.list \
-    && apt-get update \
-    && apt-get install -y --no-install-recommends \
-    curl=7.74.0-* \
+RUN apt update \
+    && apt install -y --no-install-recommends \
+    curl=7.81.0-* \
     # for C/C++ tools
     make=4.3-* \
-    g\+\+=4:10.2.1-* \
-    python3=3.9.2-* \
+    g\+\+=4:11.2.0-* \
+    python3=3.10.6-* \
     libpcre3-dev=2:8.39-* \
     unzip=6.0-* \
-    xz-utils=5.2.5-*
+    xz-utils=5.2.5-* \
+    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
 
 # sonar-scanner
-RUN curl -ksSLO https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856.zip \
-    && unzip sonar-scanner-cli-4.8.0.2856.zip \
-    && mv /sonar-scanner-4.8.0.2856 /sonar-scanner
+RUN curl -ksSLO https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006.zip \
+    && unzip sonar-scanner-cli-5.0.1.3006.zip \
+    && mv ./sonar-scanner-5.0.1.3006 /sonar-scanner \
+    && rm sonar-scanner-cli-5.0.1.3006.zip
 
 # CppCheck
-RUN curl -ksSLO https://github.com/danmar/cppcheck/archive/refs/tags/2.10.tar.gz \
-    && tar -zxvf 2.10.tar.gz  \
-    && make -C cppcheck-2.10/ install \
+RUN curl -ksSLO https://github.com/danmar/cppcheck/archive/refs/tags/2.14.0.tar.gz \
+    && tar -zxvf 2.14.0.tar.gz  \
+    && make -C cppcheck-2.14.0/ install \
     MATCHCOMPILER="yes" \
     FILESDIR="/usr/share/cppcheck" \
     HAVE_RULES="yes" \
-    CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function -Wno-deprecated-declarations"
+    CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function -Wno-deprecated-declarations" \
+    && rm -rf cppcheck-2.14.0 2.14.0.tar.gz
 
 # Infer
 RUN curl -ksSLO https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz \
-    && tar -C /opt -Jxvf infer-linux64-v1.1.0.tar.xz
+    && tar -C /opt -Jxvf infer-linux64-v1.1.0.tar.xz \
+    && rm infer-linux64-v1.1.0.tar.xz
 
 ################################################################################
 
 # Final image based on the official sonar-scanner image
-FROM debian:11-slim
+FROM ubuntu:22.04
 
 LABEL maintainer="CATLab"
 
@@ -88,55 +91,46 @@ COPY --from=builder /opt/infer-linux64-v1.1.0/lib /opt/infer-linux64-v1.1.0/lib
 # Add CNES pylintrc A_B, C, D
 COPY pylintrc.d/ /opt/python/
 
-# Download CNES pylint extension
-ADD https://github.com/cnescatlab/cnes-pylint-extension/archive/refs/tags/v6.0.0.tar.gz \
-    /tmp/python/
-
 # Install tools
-RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >> /etc/apt/sources.list \
-    && apt-get update \
+RUN apt update \
     && mkdir -p /usr/share/man/man1 \
-    && apt-get install -y --no-install-recommends \
+    && apt install -y --no-install-recommends \
     # Needed by sonar-scanner
     openjdk-17-jre=17.0.* \
     # Needed by Pylint
-    python3=3.9.2-* \
-    python3-pip=20.3.4-* \
+    python3=3.10.6-* \
+    python3-pip=22.0.2* \
     # Shellcheck
-    shellcheck=0.7.1-* \
+    shellcheck=0.8.0-* \
     # Needed by Infer
-    libsqlite3-0=3.34.1-* \
-    libtinfo5=6.2* \
+    libsqlite3-0=3.37.2-* \
     python2.7=2.7.18-* \
     # Compilation tools needed by Infer
-    gcc=4:10.2.1-* \
-    g\+\+=4:10.2.1-* \
-    clang=1:11.0-* \
+    gcc=4:11.2.0-* \
+    g\+\+=4:11.2.0-* \
+    clang=1:14.0-* \
     make=4.3-* \
     && rm -rf /var/lib/apt/lists/* \
     && rm -rf /usr/local/man \
     # Install pylint and CNES pylint extension
-    && mkdir -p /opt/python/cnes-pylint-extension-6.0.0 \
-    && tar -xvzf /tmp/python/v6.0.0.tar.gz -C /tmp/python \
-    && mv /tmp/python/cnes-pylint-extension-6.0.0/checkers /opt/python/cnes-pylint-extension-6.0.0/ \
-    && rm -rf /tmp/python \
     && pip install --no-cache-dir \
-    setuptools-scm==7.1.0 \
-    pytest-runner==6.0.0 \
-    wrapt==1.15.0 \
+    cnes-pylint-extension==7.0.0 \
+    pylint-sonarjson-catlab==2.0.0 \
+    setuptools-scm==8.0.4 \
+    pytest-runner==6.0.1 \
+    wrapt==1.16.0 \
     six==1.16.0 \
-    lazy-object-proxy==1.9.0 \
+    lazy-object-proxy==1.10.0 \
     mccabe==0.7.0 \
-    isort==5.12.0 \
-    typed-ast==1.5.4 \
-    astroid==2.15.2 \
-    pylint==2.17.2 \
+    isort==5.13.2 \
+    typed-ast==1.5.5 \
+    astroid==3.1.0 \
+    pylint==3.1.0 \
     # Infer
     && ln -s "/opt/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer
 
 # Make sonar-scanner, CNES pylint and C/C++ tools executable
-ENV PYTHONPATH="$PYTHONPATH:/opt/python/cnes-pylint-extension-6.0.0/checkers" \
-    PATH="$SONAR_SCANNER_HOME/bin:/usr/local/bin:$PATH" \
+ENV PATH="$SONAR_SCANNER_HOME/bin:/usr/local/bin:$PATH" \
     PYLINTHOME="$SONAR_SCANNER_HOME/.pylint.d" \
     JAVA_HOME="/usr/lib/jvm/java-17-openjdk-amd64"
 

README.md

@@ -1,16 +1,15 @@
-# CNES sonar-scanner image \[client\]
+# CNES sonar-scanner-catlab image
 
 ![](https://github.com/cnescatlab/sonar-scanner/workflows/CI/badge.svg)
 ![](https://github.com/cnescatlab/sonar-scanner/workflows/CD/badge.svg)
-[![Codacy Badge](https://app.codacy.com/project/badge/Grade/f5f71dea84ce4020ab15a99fc841a696)](https://www.codacy.com/gh/cnescatlab/sonar-scanner?utm_source=github.com&utm_medium=referral&utm_content=lequal/sonar-scanner&utm_campaign=Badge_Grade)
 
 > Docker environment containing open source code analysis tools configured by CNES and dedicated to Continuous Integration.
 
-This image is a pre-configured sonar-scanner image derived from [Docker-CAT](https://github.com/cnescatlab/docker-cat). It contains the same tools for code analysis and it is available on Docker Hub at [lequal/sonar-scanner](https://hub.docker.com/r/lequal/sonar-scanner/).
+This image is a pre-configured sonar-scanner image derived from [Docker-CAT](https://github.com/cnescatlab/docker-cat). It contains the same tools for code analysis and it is available on Docker Hub at [lequal/sonar-scanner](https://hub.docker.com/r/lequal/sonar-scanner-catlab/).
 
 SonarQube itself is an opensource project on GitHub: [SonarSource/sonarqube](https://github.com/SonarSource/sonarqube).
 
-For versions and changelog: [GitHub Releases](https://github.com/cnescatlab/sonar-scanner/releases).
+For versions and changelog: [GitHub Releases](https://github.com/cnescatlab/sonar-scanner-catlab/releases).
 
 :information_source: If you only need a containerized `sonar-scanner`, you better use the official image from SonarSource available on Docker Hub: [sonarsource/sonar-scanner-cli](https://hub.docker.com/r/sonarsource/sonar-scanner-cli). The official image is smaller because it does not embed any other tool.
 
@@ -25,13 +24,13 @@ Additional features are:
 - Configuration files
   - [pylintrc](#how-to-use-embedded-CNES-pylintrc)
 
-_This image is made to be used in conjunction with a pre-configured SonarQube server image that embeds all necessary plugins and configuration: [cnescatlab/sonarqube](https://github.com/cnescatlab/sonarqube). It is, however, not mandatory to use it._
+_This image is made to be used in conjunction with a pre-configured SonarQube server image that embeds all necessary plugins and configuration: [cnescatlab/sonarqube](https://github.com/cnescatlab/sonarqube-catlab). It is, however, not mandatory to use it._
 
 ## User guide
 
 1. Write a `sonar-project.properties` at the root of your project
-   - For information on what to write in it, see the [official SonarQube documentation](https://docs.sonarqube.org/7.9/analysis/analysis-parameters/)
-1. Execute the sonar-scanner on the project by running this image from the root of the project
+   - For information on what to write in it, see the [official SonarQube documentation](https://docs.sonarqube.org/sonarqube/9.9/)
+2. Execute the sonar-scanner on the project by running this image from the root of the project
    ```sh
    $ docker run \
            --rm \
@@ -52,7 +51,7 @@ _This image is made to be used in conjunction with a pre-configured SonarQube se
 This image suffers from the same limitations as the official SonarQube [sonarsource/sonar-scanner-cli](https://hub.docker.com/r/sonarsource/sonar-scanner-cli) image.
 
 - If you need to analyze .NET projects, you must use the SonarScanner for MSBuild.
-- If you want to save the sonar-scanner cache, you must create the directory to bind mount in the container before running it. For more information, see [SonarQube documentation](https://docs.sonarqube.org/8.4/analysis/scan/sonarscanner/#header-6).
+- If you want to save the sonar-scanner cache, you must create the directory to bind mount in the container before running it. For more information, see [SonarQube documentation](https://docs.sonarqube.org/sonarqube/9.9/).
 
 ### How to use embedded tools
 
@@ -236,11 +235,11 @@ sonar-scanning:
 
 | Tool                                                                           | Version    | Default report file |
 | ------------------------------------------------------------------------------ | ---------- | ------------------- |
-| [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) | 4.8.0.2856 |                     |
-| [ShellCheck](https://github.com/koalaman/shellcheck)                           | 0.7.1      |                     |
-| [pylint](http://pylint.pycqa.org/en/latest/user_guide/index.html)              | 2.17.2     | pylint-report.txt   |
-| [CNES pylint extension](https://github.com/cnescatlab/cnes-pylint-extension)   | 6.0.0      |                     |
-| [CppCheck](https://github.com/danmar/cppcheck)                                 | 2.10       | cppcheck-report.xml |
+| [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) | 5.0.1.3006 |                     |
+| [ShellCheck](https://github.com/koalaman/shellcheck)                           | 0.8.0      |                     |
+| [pylint](http://pylint.pycqa.org/en/latest/user_guide/index.html)              | 3.1.0      | pylint-report.txt   |
+| [CNES pylint extension](https://github.com/cnescatlab/cnes-pylint-extension)   | 7.0.0      |                     |
+| [CppCheck](https://github.com/danmar/cppcheck)                                 | 2.14.0     | cppcheck-report.xml |
 | [Infer](https://fbinfer.com/)                                                  | 1.1.0      |                     |
 
 ## Developer's guide