SonarCloud analysis is broken #2274
Description
The SonarCloud analysis for OCIO has been broken since 2025-11-27, for example:
https://github.com/AcademySoftwareFoundation/OpenColorIO/actions/runs/23099434512/job/67097431524
fails with:
Error: Unable to resolve action sonarsource/sonarcloud-github-c-cpp, repository not found
Around that time SonarCloud had a security issue and switched to updated actions.
Installing, running the Sonar Scanner and uploading results for non C/C++ projects should now be as simple as:
- name: Install and Run Sonar Scanner
uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
as demonstrated here:
The repo for the new action is here:
https://github.com/SonarSource/sonarqube-scan-action
For C/C++ projects you still need to download and install the build wrapper, as documented here:
Another important detail: when OCIO was first registered against SonarCloud, it was still using master as the main git branch, it is now using main, but SonarCloud still sees master:
https://sonarcloud.io/project/branches_list?id=AcademySoftwareFoundation_OpenColorIO
I believe that once CI integration is restored, the main branch should get automatically added to the SonarCloud console, but it will still show old warnings from the master branch, and will default to those when you first navigate to the SonarCloud project page for OCIO. Someone from the OCIO team will need to open a ticket with the LF Release Engineering helpdesk to have them remove the master branch from Sonar Cloud and tag the main branch as the MAIN BRANCH.