From 161bcab538b940a4842f0a92b167f546ec5705f1 Mon Sep 17 00:00:00 2001 From: Michal Zgliczynski Date: Fri, 31 Oct 2025 13:36:05 +0100 Subject: [PATCH 1/7] Migrate --- .cirrus.star | 5 --- .cirrus.yml | 62 ----------------------------------- .github/workflows/build.yml | 29 ++++++++++++++++ .github/workflows/promote.yml | 23 +++++++++++++ mise.toml | 3 ++ 5 files changed, 55 insertions(+), 67 deletions(-) delete mode 100644 .cirrus.star delete mode 100644 .cirrus.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/promote.yml create mode 100644 mise.toml diff --git a/.cirrus.star b/.cirrus.star deleted file mode 100644 index 462c380..0000000 --- a/.cirrus.star +++ /dev/null @@ -1,5 +0,0 @@ -load("github.com/SonarSource/cirrus-modules@v3", "load_features") - - -def main(ctx): - return load_features(ctx, only_if=dict()) diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 220b419..0000000 --- a/.cirrus.yml +++ /dev/null @@ -1,62 +0,0 @@ -env: - CIRRUS_SHELL: bash - CIRRUS_VAULT_URL: https://vault.sonar.build:8200 - CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci - CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME} - - ARTIFACTORY_URL: https://repox.jfrog.io/artifactory - ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader - ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] - ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer - ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token] - ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa - ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] - -only_sonarsource_qa: &ONLY_SONARSOURCE_QA - only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*") - -nodejs_runtimes_cache_definition: &RUNTIME_CACHE - runtime_cache: - folder: runtime/downloads/ - fingerprint_script: cat runtime/pom.xml | grep -o ".*" - -eks_container_definition: &CONTAINER_DEFINITION - image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest - cluster_name: ${CIRRUS_CLUSTER_NAME} - region: eu-central-1 - namespace: default - -build_task: - eks_container: - <<: *CONTAINER_DEFINITION - cpu: 2 - memory: 10G - env: - DEPLOY_PULL_REQUEST: "true" - SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_HOST_URL: https://next.sonarqube.com/sonarqube - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - <<: *RUNTIME_CACHE - build_script: - - source cirrus-env BUILD - - regular_mvn_build_deploy_analyze - cleanup_before_cache_script: - - cleanup_maven_repository - -promote_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_DEFINITION - cpu: 2 - memory: 2G - env: - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] - GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token] - maven_cache: - folder: $CIRRUS_WORKING_DIR/.m2/repository - script: cirrus_promote_maven - cleanup_before_cache_script: - - cleanup_maven_repository diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..dafdc9f --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,29 @@ +name: Build +on: + push: + branches: [master, branch-*, dogfood-*] + pull_request: + merge_group: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 + with: + version: 2025.7.12 + - uses: SonarSource/ci-github-actions/build-maven@v1 + with: + deploy-pr: true + sonar: true diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml new file mode 100644 index 0000000..9b8d95d --- /dev/null +++ b/.github/workflows/promote.yml @@ -0,0 +1,23 @@ +name: Promote +on: + workflow_run: + workflows: [Build] + types: [completed] + +jobs: + promote: + if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group' && (github.event.workflow_run.event == 'push' || github.event.workflow_run.event == 'workflow_dispatch') + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 + with: + version: 2025.7.12 + - uses: SonarSource/ci-github-actions/promote@v1 + with: + project-type: maven diff --git a/mise.toml b/mise.toml new file mode 100644 index 0000000..84c0dee --- /dev/null +++ b/mise.toml @@ -0,0 +1,3 @@ +[tools] +java = "17.0" +maven = "3.9" From 4936bd8c0df4a9506e8e2eae5f800d2677a9cdd4 Mon Sep 17 00:00:00 2001 From: Michal Zgliczynski Date: Mon, 3 Nov 2025 09:38:55 +0100 Subject: [PATCH 2/7] update small things --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dafdc9f..3338935 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ concurrency: jobs: build: - runs-on: github-ubuntu-latest-s + runs-on: github-ubuntu-latest-m permissions: id-token: write contents: write @@ -25,5 +25,5 @@ jobs: version: 2025.7.12 - uses: SonarSource/ci-github-actions/build-maven@v1 with: - deploy-pr: true - sonar: true + deploy-pull-request: true + sonar-platform: true From 0b6be5ccf6380513331f43d594b3af0030954a30 Mon Sep 17 00:00:00 2001 From: Michal Zgliczynski Date: Mon, 3 Nov 2025 11:16:17 +0100 Subject: [PATCH 3/7] add push step --- .github/workflows/build.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3338935..e6de633 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,4 +26,20 @@ jobs: - uses: SonarSource/ci-github-actions/build-maven@v1 with: deploy-pull-request: true - sonar-platform: true + sonar-platform: next + + promote: + needs: build + if: > + github.event_name == 'push' + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 + - uses: SonarSource/ci-github-actions/promote@v1 + env: + ARTIFACTORY_PROMOTE_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_PROMOTE_ACCESS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From dc16b53c0f28d1348a6de307f0f8ed4775047f18 Mon Sep 17 00:00:00 2001 From: Michal Zgliczynski Date: Mon, 3 Nov 2025 15:00:27 +0100 Subject: [PATCH 4/7] run promote on pull request --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e6de633..b5ac21d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,7 +31,7 @@ jobs: promote: needs: build if: > - github.event_name == 'push' + github.event_name == 'push' || github.event_name == 'pull_request' runs-on: github-ubuntu-latest-s permissions: id-token: write From 1f5e35c82e5533d2eb545b7d952540a5031b3b41 Mon Sep 17 00:00:00 2001 From: Michal Zgliczynski Date: Wed, 5 Nov 2025 10:18:01 +0100 Subject: [PATCH 5/7] remove separate Promote.yml --- .github/workflows/build.yml | 5 +---- .github/workflows/promote.yml | 23 ----------------------- 2 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 .github/workflows/promote.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b5ac21d..e570d67 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,7 +39,4 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 - - uses: SonarSource/ci-github-actions/promote@v1 - env: - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_PROMOTE_ACCESS_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + - uses: SonarSource/ci-github-actions/promote@v1 \ No newline at end of file diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml deleted file mode 100644 index 9b8d95d..0000000 --- a/.github/workflows/promote.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Promote -on: - workflow_run: - workflows: [Build] - types: [completed] - -jobs: - promote: - if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group' && (github.event.workflow_run.event == 'push' || github.event.workflow_run.event == 'workflow_dispatch') - runs-on: github-ubuntu-latest-s - permissions: - id-token: write - contents: write - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - fetch-depth: 0 - - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 - with: - version: 2025.7.12 - - uses: SonarSource/ci-github-actions/promote@v1 - with: - project-type: maven From 18daabcb874b58326f2844a7ac4aa24615c43078 Mon Sep 17 00:00:00 2001 From: Michal Zgliczynski Date: Wed, 5 Nov 2025 10:28:43 +0100 Subject: [PATCH 6/7] single aciton --- .github/workflows/build.yml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e570d67..2bef6bd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,16 +27,6 @@ jobs: with: deploy-pull-request: true sonar-platform: next - - promote: - needs: build - if: > - github.event_name == 'push' || github.event_name == 'pull_request' - runs-on: github-ubuntu-latest-s - permissions: - id-token: write - contents: write - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 - - uses: SonarSource/ci-github-actions/promote@v1 \ No newline at end of file + - uses: SonarSource/ci-github-actions/promote@v1 + with: + promote-pull-request: true \ No newline at end of file From 9297807b6a0a15e01377706c5dd9b6aa39dcc659 Mon Sep 17 00:00:00 2001 From: Michal Zgliczynski Date: Thu, 6 Nov 2025 07:21:46 +0100 Subject: [PATCH 7/7] try again --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2bef6bd..fd36c0e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,6 +25,7 @@ jobs: version: 2025.7.12 - uses: SonarSource/ci-github-actions/build-maven@v1 with: + artifactory-reader-role: private-reader deploy-pull-request: true sonar-platform: next - uses: SonarSource/ci-github-actions/promote@v1