You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(plugin): externalize Maven proxy + JRE source + version pin to config.env
The launcher's previously hardcoded URLs and version are now read from
plugin/skills/sonar-predictor/config.env. Edit that one file (or set a
same-named env var, which takes precedence) to point at a corporate
Nexus / Artifactory and a private JRE mirror — no code changes.
Configurable values (defaults shown):
SONAR_MAVEN_REPO_URL=https://repo1.maven.org/maven2
SONAR_BUNDLE_VERSION=0.1.1
SONAR_MIN_JAVA_VERSION=17
SONAR_JRE_URL_TEMPLATE=https://api.adoptium.net/v3/binary/latest/{version}/ga/{os}/{arch}/jre/hotspot/normal/eclipse
SONAR_JRE_VERSION=17
SONAR_DISABLE_JRE_AUTODOWNLOAD=
Both launchers parse the same KEY=VALUE file format.
The bash launcher also gains a 'no Java anywhere -> download a JRE' step
that runs after the bundle is cached and before exec'ing the real
launcher. Java is searched in $JAVA_HOME, on PATH, and in the same
common install dirs the bundle's own launcher already probes. Only when
all of those come up empty does the bootstrap fetch a JRE from the
configured URL template (tokens {os}, {arch}, {version} substituted),
extract it to ${XDG_CACHE_HOME:-~/.cache}/sonar-predictor/jre/<VERSION>/,
and export JAVA_HOME for the bundle launcher to pick up. Set
SONAR_DISABLE_JRE_AUTODOWNLOAD=1 to refuse this and fail cleanly instead.
Windows JRE auto-install is deferred -- the Windows launcher reads the
same config.env but still requires Java 17+ on the system (or in
JAVA_HOME). The bundle's launcher will discover it.
Tested end to end:
- default config: bundle from Maven Central, system Java used.
- env-var override: SONAR_MAVEN_REPO_URL=bad-url correctly steers the
download and fails as expected.
- JRE auto-install: forced via SONAR_MIN_JAVA_VERSION=99; Adoptium
Temurin 17.0.19 downloads and runs.
- disable toggle: SONAR_DISABLE_JRE_AUTODOWNLOAD=1 blocks the install
with the right error.
Forking workflow: clone, edit config.env, push to your fork, install via
`/plugin marketplace add <your-fork>`.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Acting on findings: fix `BUG`/`VULNERABILITY`/`SECURITY_HOTSPOT` and `CRITICAL`/`MAJOR` first. This is a fast first-pass gate, not the release gate — fix the real issues and move on.
17
17
18
-
**Air-gapped / pre-staged installs.**Set `SONAR_PREDICTOR_HOME=/path/to/extracted/sonar-predictor`to point the launcher at a pre-downloaded bundle and skip the first-run download.
18
+
**Configuration / corporate environments.**The launcher reads `config.env` next to this `SKILL.md` — Maven proxy URL, JRE download URL, bundle and Java version pins. Edit it (or override with same-named env vars) to point at a corporate Nexus / Artifactory mirror and a private JRE source. The defaults use Maven Central and Adoptium Temurin's public API. `SONAR_PREDICTOR_HOME=/path/to/extracted/sonar-predictor`skips the bundle download entirely for fully air-gapped / pre-staged installs.
19
19
20
20
**Plugin-bundled agent variants.** Two named scanner subagents ship with this plugin: invoke `sonar-scanner-claude` on Claude Code (model: haiku) or `sonar-scanner-copilot` on GitHub Copilot CLI (model: gpt-5-mini). Selection is by agent name — pick the one matching your platform.
0 commit comments