Skip to content

CLI-88 Use GitHub releases to fetch latest version #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vnaskos-sonar wants to merge 1 commit into from
Closed

CLI-88 Use GitHub releases to fetch latest version #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,11 +259,6 @@ jobs:
- name: Copy user scripts to dist
run: cp user-scripts/install.sh user-scripts/install.ps1 dist/

- name: Generate latest-version.txt
env:
PROJECT_VERSION: ${{ needs.prepare.outputs.PROJECT_VERSION }}
run: echo "${PROJECT_VERSION}" > dist/latest-version.txt

- name: Upload binaries to Artifactory
env:
ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }}
Expand Down
16 changes: 10 additions & 6 deletions user-scripts/install.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,14 @@ $BaseUrl = 'https://binaries.sonarsource.com/Distribution/sonarqube-cli'
$Platform = 'windows-x86-64'

function Resolve-LatestVersion {
$Version = (Invoke-WebRequest -Uri "$BaseUrl/latest-version.txt" -UseBasicParsing).Content.Trim()
if (-not $Version) {
$ReleasesUrl = 'https://github.com/SonarSource/sonarqube-cli/releases/latest'
Copy link
Contributor

@damien-urruty-sonarsource damien-urruty-sonarsource Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this can work reliably. In our release process, the GH release is created at some point, and the artifacts are published on binaries a bit later. So there is a short period of time where artifact lookup from the latest GH release will fail for users trying to install. It's even worse if the GH release creation works but the actual release fails for any reason, as it wouldn't be temporary

Copy link
Contributor Author

@vnaskos-sonar vnaskos-sonar Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For projects without the release automation, the GitHub Release remains as Draft until the Release pipeline finishes successfully, in case the pipeline fails the GitHub Release stays as a draft.

With the release automation, isn't it the same? Does the GitHub Release becomes public (not Draft)?

https://github.com/SonarSource/sonarqube-cli/releases/latest excludes Draft releases.

Copy link
Contributor

@damien-urruty-sonarsource damien-urruty-sonarsource Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you're right, but the approach is fragile. We couple the ability for users to install our tool to some details of our release pipeline. I would be reluctant to use GH as the install gateway. Another reason is: what if it's down (as it happens at least every month)? It would block our users from installing (or updating when we support it). Using GitHub was fine at the beginning to bootstrap the distribution, but I think we need to find a better approach

$Request = [System.Net.WebRequest]::Create($ReleasesUrl)
$Request.AllowAutoRedirect = $true
$Response = $Request.GetResponse()
$FinalUrl = $Response.ResponseUri.AbsoluteUri
$Response.Close()
$Version = ($FinalUrl -split '/')[-1] -replace '^v', ''
if (-not $Version -or $Version -eq 'latest') {
Write-Error 'Could not determine the latest version.'
exit 1
}
Expand Down Expand Up @@ -42,10 +48,8 @@ function Add-ToUserPath {

# --- Main ---

#Write-Host 'Fetching latest version...'
#$SonarVersion = Resolve-LatestVersion

$SonarVersion = "0.4.0.345"
Write-Host 'Fetching latest version...'
$SonarVersion = Resolve-LatestVersion
Write-Host "Latest version: $SonarVersion"

$Filename = "sonarqube-cli-$SonarVersion-$Platform.exe"
Expand Down
14 changes: 7 additions & 7 deletions user-scripts/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,18 +30,19 @@ detect_platform() {
}

resolve_latest_version() {
local releases_url="https://github.com/SonarSource/sonarqube-cli/releases/latest"
local version
if command -v curl &>/dev/null; then
version="$(curl -fsSL "$BASE_URL/latest-version.txt")"
version="$(curl -fsSL -o /dev/null -w '%{url_effective}' "$releases_url" | grep -oE '[^/]+$')"
elif command -v wget &>/dev/null; then
version="$(wget -qO- "$BASE_URL/latest-version.txt")"
version="$(wget -qO /dev/null --server-response "$releases_url" 2>&1 | grep -i 'location:' | tail -1 | grep -oE '[^/]+$')"
else
echo "Error: neither curl nor wget is available. Please install one and retry." >&2
exit 1
fi

version="$(printf '%s' "$version" | tr -d '[:space:]')"
if [[ -z "$version" ]]; then
version="$(printf '%s' "$version" | tr -d '[:space:]' | sed 's/^v//')"
if [[ -z "$version" ]] || [[ "$version" == "latest" ]]; then
echo "Error: could not determine the latest version." >&2
exit 1
fi
Expand All @@ -68,9 +69,8 @@ main() {
platform="$(detect_platform)"

local version
#echo "Fetching latest version..."
#version="$(resolve_latest_version)"
version="0.4.0.345"
echo "Fetching latest version..."
version="$(resolve_latest_version)"
echo "Latest version: $version"

local filename="sonarqube-cli-${version}-${platform}.exe"
Expand Down