JACOCO-56 SONARJAVA-5813 Fix QA and add its job to GH Action (#134)

Author: GabrielFleischer

.cirrus.star

@@ -22,35 +22,78 @@ jobs:
       id-token: write  # Required for Vault OIDC authentication
       contents: write  # Required for repository access and tagging
     outputs:
-      build-number: ${{ steps.build-gradle.outputs.BUILD_NUMBER }}
+      build-number: ${{ steps.build-step.outputs.BUILD_NUMBER }}
+      deployed: ${{ steps.build-step.outputs.deployed }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
         with:
           version: 2025.7.12
       - uses: SonarSource/ci-github-actions/build-gradle@v1
-        id: build-gradle
+        id: build-step
         with:
           deploy-pull-request: true
           artifactory-reader-role: private-reader
           artifactory-deployer-role: qa-deployer
 
-  # QA is broken due to JACOCO-56
+  qa:
+    needs: [build]
+    if: ${{ needs.build.outputs.deployed }}
+    runs-on: github-ubuntu-latest-m
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        item:
+        - { sq-version: LATEST_RELEASE }
+        - { sq-version: DEV }
+    name: "QA Tests - SQ : ${{ matrix.item.sq-version }}"
+    env:
+      BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
+        with:
+          version: 2025.7.12
+      - name: Get GitHub Token for Artifactory access
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0
+        with:
+          secrets: |
+            development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
+      - name: Configure Gradle
+        uses: SonarSource/ci-github-actions/build-gradle@v1
+        with:
+          gradle-args: "-x build -x sonar -x artifactoryPublish"  # Skip everything to only configure Gradle and Artifactory access
+          artifactory-reader-role: private-reader
+          artifactory-deployer-role: qa-deployer
+      - name: Run QA Tests
+        shell: bash
+        env:
+          ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
+          SQ_VERSION: ${{ matrix.item.sq-version }}
+        run: >-
+          ./gradlew -DbuildNumber=$BUILD_NUMBER
+          -PintegrationTests=true
+          -Dsonar.runtimeVersion=$SQ_VERSION
+          -Dorchestrator.artifactory.accessToken=$ARTIFACTORY_ACCESS_TOKEN
+          --console plain --no-daemon --info
+          build test
 
   promote:
-    needs:
-      - build
+    needs: [build, qa]
+    if: ${{ needs.build.outputs.deployed }}
     runs-on: github-ubuntu-latest-s
     name: Promote
     permissions:
       id-token: write
       contents: write
+    env:
+      BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
-        with:
-          cache_save: false
-          version: 2025.7.12
       - uses: SonarSource/ci-github-actions/promote@v1
         with:
           promote-pull-request: true

.cirrus.yml

@@ -177,7 +177,7 @@ signing {
   def signingPassword = findProperty("signingPassword")
   useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
   required {
-    def branch = System.getenv()["GITHUB_REF_NAME"] ?: System.getenv()["CIRRUS_BRANCH"]
+    def branch = System.getenv()["GITHUB_REF_NAME"]
     return (branch == 'master' || branch ==~ 'branch-[\\d.]+') &&
       gradle.taskGraph.hasTask(":artifactoryPublish")
   }

.github/workflows/build.yml

@@ -64,8 +64,8 @@ static void beforeAll() {
     }
     builder.addPlugin(pluginLocation);
     try {
-      builder.addPlugin(URLLocation.create(new URL("https://binaries.sonarsource.com/Distribution/sonar-java-plugin/sonar-java-plugin-6.2.0.21135.jar")));
-      builder.addPlugin(URLLocation.create(new URL("https://binaries.sonarsource.com/Distribution/sonar-kotlin-plugin/sonar-kotlin-plugin-2.12.0.1956.jar")));
+      builder.addPlugin(URLLocation.create(new URL("https://binaries.sonarsource.com/Distribution/sonar-java-plugin/sonar-java-plugin-8.19.0.40387.jar")));
+      builder.addPlugin(URLLocation.create(new URL("https://binaries.sonarsource.com/Distribution/sonar-kotlin-plugin/sonar-kotlin-plugin-3.3.0.7402.jar")));
     } catch (MalformedURLException e) {
       throw new IllegalStateException("Failed to download plugin", e);
     }