chore(deps): bump sonarqube-scan-action v5 → v6 (supersedes #71) by kienbui1995 · Pull Request #75 · kienbui1995/mc-code

kienbui1995 · 2026-04-19T10:44:11Z

What

Bumps SonarSource/sonarqube-scan-action from v5 to v6 in .github/workflows/sonarcloud.yml.

Why

Supersedes #71. That PR was opened by Dependabot and its SonarCloud Scan check fails because Dependabot-triggered workflows don't receive SONAR_TOKEN by default — a GitHub-level secret scoping issue, not a problem with the bump itself. Re-submitting from a regular branch so the scan can authenticate and validate the upgrade.

How

One-line change: @v5 → @v6.

The v6 release introduces a breaking change in how the args input is parsed (quotes handling). This workflow only sets projectBaseDir: . and passes no args, so the breaking change does not apply.

Test plan

All CI checks pass on this PR, including SonarCloud Scan (the target of the upgrade)
After merge, close chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows #71

https://claude.ai/code/session_01R2n6wKqFkYPvHkwaip8EnJ

Summary by CodeRabbit

Chores
- Updated the code scanning tool in the continuous integration pipeline to a newer version for enhanced analysis capabilities.

Supersedes #71 (Dependabot PR cannot access SONAR_TOKEN, so the SonarCloud Scan check always fails on that PR). The v6 breaking change only affects workflows that pass the `args` input with quoted values; this workflow passes only `projectBaseDir: .`, so no further changes are needed. https://claude.ai/code/session_01R2n6wKqFkYPvHkwaip8EnJ

gemini-code-assist · 2026-04-19T10:44:16Z

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

coderabbitai · 2026-04-19T10:44:23Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8f36a2b4-2a6d-43fa-909f-574e033d996b

📥 Commits

Reviewing files that changed from the base of the PR and between c75f265 and 2ff341b.

📒 Files selected for processing (1)

.github/workflows/sonarcloud.yml

📝 Walkthrough

Walkthrough

The SonarCloud GitHub Actions workflow has been updated to use version 6 of the SonarSource/sonarqube-scan-action, replacing the previously referenced version 5. The step inputs and environment variables remain unchanged.

Changes

Cohort / File(s)	Summary
SonarCloud Action Version Upgrade `.github/workflows/sonarcloud.yml`	Updated `SonarSource/sonarqube-scan-action` from `@v5` to `@v6` in the SonarCloud Scan step. No input parameters or environment variables were modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested labels

dependencies, github_actions

Poem

🐰 A hop, a skip, a version bump so bright!
From five to six, the scan's in flight!
With Bash rewritten into JS so fine,
Our code quality checks will surely shine! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: bumping sonarqube-scan-action from v5 to v6, with a note that it supersedes `#71`.
Description check	✅ Passed	The PR description covers What, Why, and How sections as required, providing clear motivation and implementation details. The test plan section is present but uses checkboxes rather than checklist format.
Linked Issues check	✅ Passed	The PR fully meets the requirement from linked issue `#71` to upgrade sonarqube-scan-action from v5 to v6, with correct handling of the breaking change in args parsing.
Out of Scope Changes check	✅ Passed	All changes are within scope; only the sonarqube-scan-action version is updated in the workflow file with no extraneous modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch chore/bump-sonar-scan-action-v6

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

sonarqubecloud · 2026-04-19T10:46:14Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Supersedes #76 (same Dependabot SONAR_TOKEN issue as #71/#75). The v4 release excludes hidden files (dotfiles) by default. The workflow uploads docs/site/, which contains only index.html — no dotfiles — so the breaking change does not affect this pipeline. https://claude.ai/code/session_01R2n6wKqFkYPvHkwaip8EnJ

…) (#78) * chore(deps): bump actions/upload-pages-artifact from v3 to v5 Supersedes #76 (same Dependabot SONAR_TOKEN issue as #71/#75). The v4 release excludes hidden files (dotfiles) by default. The workflow uploads docs/site/, which contains only index.html — no dotfiles — so the breaking change does not affect this pipeline. https://claude.ai/code/session_01R2n6wKqFkYPvHkwaip8EnJ * chore(deps): bump rustls-webpki to 0.103.13 for RUSTSEC-2026-0104 Fresh transitive advisory: panic during CRL parsing. Blocks License & Supply Chain and Dependency Audit on main, not specific to this PR. Folding the fix here to unblock CI. https://claude.ai/code/session_01R2n6wKqFkYPvHkwaip8EnJ --------- Co-authored-by: Claude <noreply@anthropic.com>

kienbui1995 mentioned this pull request Apr 19, 2026

chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows #71

Closed

kienbui1995 merged commit c2035a6 into main Apr 19, 2026
16 checks passed

coderabbitai Bot mentioned this pull request Apr 20, 2026

ci: bump SonarSource/sonarqube-scan-action from 6 to 7 #77

Merged

This was referenced Apr 21, 2026

chore(deps): bump actions/upload-pages-artifact v3 → v5 (supersedes #76) #78

Merged

ci: bump actions/upload-pages-artifact from 3 to 5 #76

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump sonarqube-scan-action v5 → v6 (supersedes #71)#75

chore(deps): bump sonarqube-scan-action v5 → v6 (supersedes #71)#75
kienbui1995 merged 1 commit intomainfrom
chore/bump-sonar-scan-action-v6

kienbui1995 commented Apr 19, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

gemini-code-assist Bot commented Apr 19, 2026

Uh oh!

coderabbitai Bot commented Apr 19, 2026 •

edited

Loading

Walkthrough

Changes

Estimated code review effort

Suggested labels

Poem

Uh oh!

sonarqubecloud Bot commented Apr 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

kienbui1995 commented Apr 19, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What

Why

How

Test plan

Summary by CodeRabbit

Uh oh!

gemini-code-assist Bot commented Apr 19, 2026

Uh oh!

coderabbitai Bot commented Apr 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Suggested labels

Poem

Uh oh!

sonarqubecloud Bot commented Apr 19, 2026

Quality Gate passed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

kienbui1995 commented Apr 19, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Apr 19, 2026 •

edited

Loading