GitHub's tool-cache library uses semver.clean() to look up cached tools, which
returns null for 4-part version strings like "8.0.1.6346". This caused
findAllVersions() to filter out any cached directory, resulting in a cache miss
on every run.
The fix converts the 4-part version to a semver pre-release format
(e.g. "8.0.1-build.6346") for tool-cache operations, while keeping the original
version string for download URLs and zip extraction.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Organisations using private Artifactory mirrors require authentication to
download the SonarScanner CLI. This adds an optional scannerBinariesAuthHeader
input whose value is forwarded as the Authorization HTTP header to both the
binary and GPG signature downloads via tc.downloadTool's built-in auth
parameter. No new dependencies are introduced.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Julien HENRY