SONARIAC-2156 Add "Update Integration Tickets" Github Action (#10)

yasen-pavlov-sonarsource · web-flow · commit 234f272782b8 · 2025-07-28T10:52:13.000+02:00
* SONARIAC-2156 add 'Update Integration Tickets' Github Action

* fix typo in readme example

* fix review issues

* put back project key inputs
diff --git a/README.md b/README.md
@@ -9,3 +9,5 @@ A centralized collection of reusable GitHub Actions designed to streamline and a
 * [**Update Release ticket Status**](update-release-ticket-status/README.md): Updates the status of a Jira release ticket and can change its assignee.
 * [**Publish GitHub Release**](publish-github-release/README.md): Publishes a GitHub Release with notes fetched from Jira or provided directly.
 * [**Release Jira Version**](release-jira-version/README.md): Releases a Jira version and creates the next one.
+* [**Update integration tickets**](update-integration-tickets/README.md): Finds and optionally updates SQS and SC integration tickets.
+
diff --git a/update-integration-tickets/README.md b/update-integration-tickets/README.md
@@ -0,0 +1,77 @@
+# Update integrations tickets Action
+
+This GitHub Action automates the process of finding and updating Jira integration tickets.
+
+The action finds both a SonarQube (SQS) integration ticket and a SonarCloud (SC) integration ticket by searching for tickets linked to a specified release ticket. It can then optionally update the `fixVersions` field of the found SQS ticket. If updating the `fixVersions` fails (e.g., due to a non-existent version), it will issue a warning without failing the action.
+
+## Prerequisites
+
+The action requires that the repository has the `development/kv/data/jira` token configured in vault.
+This can be done using the SPEED self-service portal ([more info](https://xtranet-sonarsource.atlassian.net/wiki/spaces/Platform/pages/3553787989/Manage+Vault+Policy+-+SPEED)).
+
+## Inputs
+
+| Input                | Description                                                                                                    | Required | Default |
+|----------------------|----------------------------------------------------------------------------------------------------------------|----------|---------|
+| `jira_user`          | The Jira user (email) for authentication.                                                                      | `true`   |         |
+| `jira_token`         | The Jira API token for authentication.                                                                         | `true`   |         |
+| `release_ticket_key` | The key of the release ticket (e.g., `REL-1234`) to find the linked integration tickets from.                  | `true`   |         |
+| `sqs_project_key`    | The Jira project key to search for the linked SQS integration ticket.                                          | `false`  | `SONAR` |
+| `sc_project_key`     | The Jira project key to search for the linked SC integration ticket.                                           | `false`  | `SC`    |
+| `sqs_fix_versions`   | A comma-separated list of fix versions to set on the SQS integration ticket (e.g., `"sqs-2025.4, sqcb-25.7"`). | `false`  |         |
+| `use_sandbox`        | Set to `false` to use the Jira production server.                                                              | `false`  | `true`  |
+
+## Outputs
+
+| Output           | Description                                                        |
+|------------------|--------------------------------------------------------------------|
+| `sqs_ticket_key` | The key of the SQS integration ticket that was found.              |
+| `sc_ticket_key`  | The key of the SC integration ticket that was found.               |
+
+## Example Usage
+
+Here is an example of how to use this action in a workflow. This job will be triggered manually, find the linked SQS and SC tickets, and update the SQS ticket's fix versions.
+
+```yaml
+name: Update Integration Tickets
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_ticket:
+        description: 'Release Ticket Key (e.g., REL-1234)'
+        required: true
+      fix_versions:
+        description: 'Optional comma-separated fix versions for the SONAR ticket'
+        required: false
+
+jobs:
+  update-integration-tickets:
+    name: Find and Update Integration Tickets
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Get Jira Credentials from Vault
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+
+      - name: Find and Update Tickets
+        id: integration_update
+        uses: SonarSource/release-github-actions/update-integration-tickets@master
+        with:
+          jira_user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira_token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}
+          release_ticket_key: ${{ github.event.inputs.release_ticket }}
+          sqs_fix_versions: ${{ github.event.inputs.fix_versions }}
+
+      - name: Echo Found Ticket Keys
+        run: |
+          echo "Found SQS integration ticket: ${{ steps.integration_update.outputs.sqs_ticket_key }}"
+          echo "Found SC integration ticket: ${{ steps.integration_update.outputs.sc_ticket_key }}"
diff --git a/update-integration-tickets/action.yml b/update-integration-tickets/action.yml
@@ -0,0 +1,73 @@
+name: 'Update integrations tickets'
+description: 'Finds SQS and SC integration tickets linked to a release ticket and optionally updates the SQS ticket fix versions.'
+author: 'SonarSource'
+
+inputs:
+  jira_user:
+    description: 'Jira user (email) for authentication.'
+    required: true
+  jira_token:
+    description: 'Jira API token for authentication.'
+    required: true
+  release_ticket_key:
+    description: 'The key of the release ticket (e.g., REL-1234) to find the linked integration tickets from.'
+    required: true
+  sqs_project_key:
+    description: 'The Jira project key to search for the linked SQS integration ticket.'
+    required: false
+    default: 'SONAR'
+  sc_project_key:
+    description: 'The Jira project key to search for the linked SC integration ticket.'
+    required: false
+    default: 'SC'
+  sqs_fix_versions:
+    description: 'Comma-separated list of fix versions to set on the SQS integration ticket (e.g., "10.1, 10.2").'
+    required: false
+  use_sandbox:
+    description: "Set to 'false' to use the production Jira server."
+    required: false
+    default: 'true'
+
+outputs:
+  sqs_ticket_key:
+    description: 'The key of the found SQS integration ticket.'
+    value: ${{ steps.run_python_script.outputs.sqs_ticket_key }}
+  sc_ticket_key:
+    description: 'The key of the found SC integration ticket.'
+    value: ${{ steps.run_python_script.outputs.sc_ticket_key }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      with:
+        python-version: '3.8'
+
+    - name: Install dependencies
+      shell: bash
+      run: pip install -r ${{ github.action_path }}/requirements.txt
+
+    - name: Run Python Script to Find Tickets
+      id: run_python_script
+      shell: bash
+      run: |
+        SANDBOX_FLAG=""
+        if [[ "${{ inputs.use_sandbox }}" == "true" ]]; then
+          SANDBOX_FLAG="--use-sandbox"
+        fi
+
+        OPTS=""
+        if [[ -n "${{ inputs.sqs_fix_versions }}" ]]; then
+          OPTS="$OPTS --sqs-fix-versions=${{ inputs.sqs_fix_versions }}"
+        fi
+
+        python ${{ github.action_path }}/update_integration_tickets.py \
+          --release-ticket-key="${{ inputs.release_ticket_key }}" \
+          --sqs-project-key="${{ inputs.sqs_project_key }}" \
+          --sc-project-key="${{ inputs.sc_project_key }}" \
+          $SANDBOX_FLAG \
+          $OPTS >> $GITHUB_OUTPUT
+      env:
+        JIRA_USER: ${{ inputs.jira_user }}
+        JIRA_TOKEN: ${{ inputs.jira_token }}
diff --git a/update-integration-tickets/requirements.txt b/update-integration-tickets/requirements.txt
@@ -0,0 +1 @@
+jira==3.8.0
diff --git a/update-integration-tickets/update_integration_tickets.py b/update-integration-tickets/update_integration_tickets.py
@@ -0,0 +1,117 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+"""
+This script finds SQS and SC integration tickets linked to a given release ticket,
+optionally updates the SQS ticket's fix versions, and returns both keys.
+"""
+
+import argparse
+import os
+import sys
+from jira import JIRA
+from jira.exceptions import JIRAError
+
+JIRA_SANDBOX_URL = "https://sonarsource-sandbox-608.atlassian.net/"
+JIRA_PROD_URL = "https://sonarsource.atlassian.net/"
+
+
+def eprint(*args, **kwargs):
+    """Prints messages to the standard error stream."""
+    print(*args, file=sys.stderr, **kwargs)
+
+
+# noinspection DuplicatedCode
+def get_jira_instance(use_sandbox=False):
+    """Initializes and returns a JIRA client instance."""
+    jira_user = os.environ.get('JIRA_USER')
+    jira_token = os.environ.get('JIRA_TOKEN')
+
+    if not jira_user or not jira_token:
+        eprint("Error: JIRA_USER and JIRA_TOKEN environment variables must be set.")
+        sys.exit(1)
+
+    jira_url = JIRA_SANDBOX_URL if use_sandbox else JIRA_PROD_URL
+    eprint(f"Connecting to JIRA server at: {jira_url}")
+
+    try:
+        jira_client = JIRA(jira_url, basic_auth=(jira_user, jira_token))
+        return jira_client
+    except JIRAError as e:
+        eprint(f"Error: JIRA authentication failed. Status: {e.status_code}, Response: {e.text}")
+        sys.exit(1)
+
+
+def find_linked_ticket(release_issue, target_project_key):
+    """Finds a linked ticket from a specific project."""
+    eprint(f"Searching for linked ticket in project '{target_project_key}'...")
+
+    linked_tickets = []
+    for link in release_issue.fields.issuelinks:
+        linked_issue = getattr(link, 'outwardIssue', getattr(link, 'inwardIssue', None))
+        if linked_issue and linked_issue.key.startswith(f"{target_project_key}-"):
+            linked_tickets.append(linked_issue.key)
+
+    if len(linked_tickets) == 0:
+        eprint(f"Error: No linked ticket found in project '{target_project_key}' for ticket '{release_issue.key}'.")
+        sys.exit(1)
+
+    if len(linked_tickets) > 1:
+        eprint(
+            f"Error: Found multiple linked tickets in project '{target_project_key}': {', '.join(linked_tickets)}. Please ensure only one is linked.")
+        sys.exit(1)
+
+    found_key = linked_tickets[0]
+    eprint(f"✅ Found linked ticket: {found_key}")
+    return found_key
+
+
+def update_sqs_fix_versions(jira, ticket_key, fix_versions_str):
+    """Attempts to update the fixVersions of the SQS ticket."""
+    if not fix_versions_str:
+        return
+
+    eprint(f"Attempting to set fix versions for SQS ticket {ticket_key} to: '{fix_versions_str}'")
+    versions_list = [{'name': v.strip()} for v in fix_versions_str.split(',')]
+
+    try:
+        issue = jira.issue(ticket_key)
+        issue.update(fields={'fixVersions': versions_list})
+        eprint("✅ Successfully updated fix versions for SQS ticket.")
+    except JIRAError as e:
+        eprint(
+            f"##[warning]Could not update fix versions for {ticket_key}. Jira API failed with status {e.status_code}: {e.text}")
+
+
+def main():
+    parser = argparse.ArgumentParser(description="Finds linked Jira tickets and optionally updates one.")
+    parser.add_argument("--release-ticket-key", required=True, help="The key of the release ticket.")
+    parser.add_argument("--sqs-project-key", default="SONAR", help="The project key for the SQS ticket.")
+    parser.add_argument("--sc-project-key", default="SC", help="The project key for the SC ticket.")
+    parser.add_argument("--sqs-fix-versions", help="Comma-separated list of fix versions for the SQS ticket.")
+    parser.add_argument('--use-sandbox', action='store_true', help="Use the sandbox Jira server.")
+
+    args = parser.parse_args()
+
+    jira = get_jira_instance(args.use_sandbox)
+
+    try:
+        eprint(f"Fetching release ticket '{args.release_ticket_key}' to find linked issues...")
+        release_issue = jira.issue(args.release_ticket_key, fields='issuelinks')
+    except JIRAError as e:
+        eprint(
+            f"Error: Could not retrieve issue '{args.release_ticket_key}'. Status: {e.status_code}, Response: {e.text}")
+        sys.exit(1)
+
+    sqs_ticket_key = find_linked_ticket(release_issue, args.sqs_project_key)
+    sc_ticket_key = find_linked_ticket(release_issue, args.sc_project_key)
+
+    update_sqs_fix_versions(jira, sqs_ticket_key, args.sqs_fix_versions)
+
+    # Output for the GitHub Action
+    print(f"sqs_ticket_key={sqs_ticket_key}")
+    print(f"sc_ticket_key={sc_ticket_key}")
+
+
+if __name__ == "__main__":
+    main()
