You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds MDM distribution support and custom installation directory flags, resolving issues with self-update logic, PATH registration, and version-skip optimizations. No issues found.
✅ 5 resolved✅ Bug: install.ps1 does not bypass version-skip for custom -InstallDir
📄 user-scripts/install.ps1:3-5📄 user-scripts/install.ps1:13-16📄 user-scripts/install.ps1:69-83📄 user-scripts/install.sh:227-235📄 CLAUDE.md:5
install.sh and install.ps1 implement the same version-skip optimization, but only install.sh bypasses it when an explicit install directory is supplied.
In install.sh (lines 227-235) the skip is guarded by CUSTOM_INSTALL_DIR == false, with a comment explaining that when --install-dir is provided the caller controls the location and must always receive the correctly-flavored binary (e.g. the MDM distribution), regardless of version. CLAUDE.md documents this same contract for both scripts: "When an explicit directory is provided, the version-skip optimisation is bypassed so the correctly-flavored binary is always installed."
However, install.ps1 (lines 72-83) performs the Test-Path $Dest / --version comparison unconditionally, with no check on whether -InstallDir was passed. So if an MDM/admin runs install.ps1 -InstallDir <path> and a same-version binary already exists at that path (e.g. a previously installed standalone build), the script prints "Already at version ..., nothing to do." and exits 0 without reinstalling — exactly the case the bash bypass was added to prevent. This makes Windows behavior inconsistent with the documented contract and with install.sh.
Suggested fix: track whether -InstallDir was explicitly provided and skip the version-check block in that case (mirroring CUSTOM_INSTALL_DIR in install.sh).
📄 src/lib/distribution.ts:54📄 user-scripts/install.sh:99-101📄 user-scripts/install.sh:224-226📄 user-scripts/install.ps1:72-74📄 user-scripts/install.ps1:88-89📄 CLAUDE.md:5
This PR makes the mdm distribution self-updatable (IS_SELF_UPDATABLE = DISTRIBUTION === 'standalone' || DISTRIBUTION === 'mdm' in src/lib/distribution.ts:54), so mdm-flavored binaries now expose the self-update command. However, the update path always fetches the standalone artifact:
selfUpdate() downloads and runs install.sh/install.ps1 with no distribution argument and no --install-dir (src/cli/commands/self-update/self-update.ts:88-99).
install.sh builds the artifact name as sonarqube-cli-${version}-${platform} with no distribution prefix (user-scripts/install.sh:99-101), and install.ps1 does the same (user-scripts/install.ps1:88-89). The CI job publishes flavored artifacts (mdm-linux-x86-64, etc.), but neither installer can select them.
Net effect: running sonar self-update on an mdm build replaces it with the standalone-flavored binary (losing any mdm-specific behavior/branding), and on Unix installs it into the default ~/.local/share/sonarqube-cli/bin rather than the mdm install location.
Relatedly, the new comments and docs are misleading: install.sh:224-226, install.ps1:72-74 and CLAUDE.md:5 claim the version-skip bypass exists so the "correctly-flavored binary (e.g. MDM distribution)" is always installed — but the scripts have no way to download the mdm flavor, so the bypass only ever re-downloads standalone.
Suggested fix: either (a) don't enable self-update for mdm builds (keep IS_SELF_UPDATABLE standalone-only) if MDM updates are managed externally, or (b) teach the install scripts / self-update flow to fetch the distribution-flavored artifact (e.g. pass the distribution and build the ${distribution}-${platform} artifact name), and correct the misleading comments/docs accordingly.
✅ Bug: self-update --force no longer reinstalls standalone builds at latest version
📄 user-scripts/install.sh:236-247📄 user-scripts/install.ps1:73-87📄 src/cli/commands/self-update/self-update.ts:75-88
This PR adds a version-skip optimization to install.sh (lines 239-247) and install.ps1 (lines 76-87) that exits early with "Already at version X, nothing to do." when the binary at the target path already matches the latest version. The skip is only bypassed when a custom install dir is supplied (CUSTOM_INSTALL_DIR / $IsCustomInstallDir).
For standalone builds, selfUpdate() passes NO extra args to the script (shExtraArgs/ps1ExtraArgs are empty when DISTRIBUTION === 'standalone'), so CUSTOM_INSTALL_DIR=false and the version-skip is active. However, selfUpdate() still runs the script even when no update is available if the user passed --force (self-update.ts:67: if (!updateAvailable && !options.force) return;). In that case the downloaded install script sees the installed version equals the latest and exits 0 without reinstalling — silently defeating --force. The user sees "nothing to do" instead of a forced reinstall, which is the whole purpose of --force (e.g. recovering a corrupted binary). Previously the installer always reinstalled.
Fix: propagate the force intent to the script so it can bypass the version-skip, e.g. pass a --force / -Force flag from self-update.ts when options.force is set, and add a matching parameter to install.sh/install.ps1 that bypasses the version-skip block (the scripts already bypass it for custom install dirs; the same bypass should apply for force).
📄 src/cli/commands/self-update/self-update.ts:82-92📄 user-scripts/install.sh:4📄 user-scripts/install.sh:193-202📄 user-scripts/install.sh:260📄 user-scripts/install.sh:266
This PR adds a --install-dir/-InstallDir override to the installer scripts, and selfUpdate() now forwards the running binary's directory (dirname(process.execPath)) to the script via --install-dir — but only for non-standalone distributions. For DISTRIBUTION === 'standalone', shExtraArgs/ps1ExtraArgs only contain the optional --force/-Force flag, so the script falls back to its hardcoded default INSTALL_DIR ($HOME/.local/share/sonarqube-cli/bin).
Consequence: a standalone user who installed to a custom directory (e.g. install.sh --install-dir /opt/sonar, now a supported flow) and later runs sonar self-update will get a new binary written to the default directory instead of updated in place. The running binary at /opt/sonar/sonar stays stale, and if PATH points there the user keeps running the old version while a duplicate accumulates in the default location.
The per-distribution branching also bypasses the script's version-skip optimization for non-standalone builds, but that is harmless because selfUpdate() already returns early via the !updateAvailable && !options.force gate before the script is ever invoked. That same gate means passing --install-dir for standalone too would be safe (the script only runs when an update is actually needed or forced).
Suggested fix: pass the install dir for all distributions so self-update always reinstalls in place.
✅ Edge Case: Re-running installer to repair PATH does nothing when binary is current
📄 user-scripts/install.sh:241-252📄 user-scripts/install.sh:275-289📄 user-scripts/install.ps1:74-88📄 user-scripts/install.sh:244-252
In user-scripts/install.sh, the new version-skip block (lines 244-252) calls exit 0 ("Already at version, nothing to do.") before update_profile runs. The equivalent block in install.ps1 (lines 77-88) also exit 0s before Add-ToPath. Previously the script always ran the profile/PATH update.
Impact: a user whose binary is already at the latest version but whose shell profile / PATH was never configured (e.g. the original install failed to write the profile, or the profile was edited) can no longer repair it by re-running the installer — it exits early without touching PATH. This only affects direct curl | bash (or .ps1) re-runs without --install-dir/--force; self-update is unaffected because it always passes --install-dir, which bypasses the skip.
Suggested fix: when the version matches, still run update_profile (which is already idempotent and skips if the dir is on PATH) before exiting, so a re-run can repair a missing PATH entry. Alternatively document that --force is required to repair PATH.
Options
Auto-apply is off → Gitar will not commit updates to this branch. Display: compact → Showing less information.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![gitar-bot[bot]](https://avatars.githubusercontent.com/in/827041?s=60&v=4){kind=small}
kirill-knize-sonarsource
force-pushed
the
feature/kk/CLI-745-mdm-distribution
branch
from
Summary by Gitar
mdmas a new distribution type alongsidestandaloneandhomebrew.IS_SELF_UPDATABLEto includemdmbuilds, ensuringself-updateremains available.--install-dir(Linux/macOS) and-InstallDir(Windows) flags to installation scripts.Machinescope when a custom installation directory is used.mdmbuilds in the build pipeline and artifacts publishing configuration.This will update automatically on new commits.