Skip to content

SONARJAVA-6114 Provide GitHub token with RSpec access to rule-api.jar#5470

Merged
tomasz-tylenda-sonarsource merged 2 commits into
masterfrom
tt/update-rule-metadata-rspec-fix
Feb 18, 2026
Merged

SONARJAVA-6114 Provide GitHub token with RSpec access to rule-api.jar#5470
tomasz-tylenda-sonarsource merged 2 commits into
masterfrom
tt/update-rule-metadata-rspec-fix

Conversation

@tomasz-tylenda-sonarsource

Copy link
Copy Markdown
Contributor

No description provided.

@hashicorp-vault-sonar-prod

hashicorp-vault-sonar-prod Bot commented Feb 17, 2026

Copy link
Copy Markdown
Contributor

SONARJAVA-6114

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource marked this pull request as ready for review February 17, 2026 13:41
@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource changed the title SONARJAVA-6114 Provide GitHub token to rule-api.jar SONARJAVA-6114 Provide GitHub token with RSpec access to rule-api.jar Feb 17, 2026
@sonarqube-next

Copy link
Copy Markdown

@asya-vorobeva asya-vorobeva left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM apart from commented command

GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN_RSPEC }}
run: |
java -jar "/tmp/rule-api.jar" update
sed --in-place='' -e 's/rule:java:S3649/rule:javasecurity:S3649/g' 'sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2077.html'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need to store this replacement as a regular thing? Probably it should be removed?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I verified locally that this sed command is still applicable.

I just ran rule-api update and it did change S2077.html. While I am not aware of the context, our release instructions ("Release sonar-java" on the xtranet) very specifically say "Warning: Make sure we not replace {rule:javasecurity:S3649} by {rule:java:S3649}."

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I see the problem, it's related to lack of configuration in sonar-rule-api repository when generating templates for rules. Probably it makes sense to create a task to fix such cases (for CFamily squad).

@asya-vorobeva asya-vorobeva left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See a comment.

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource merged commit c5c18d9 into master Feb 18, 2026
23 checks passed
@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource deleted the tt/update-rule-metadata-rspec-fix branch February 18, 2026 10:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants