SONARJAVA-5849 Migrate test analyze from Cirrus to GitHub actions #53
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - branch-* | |
| - dogfood-* | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "30 1 * * *" # Run daily at 1:30 AM UTC | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # build: | |
| # runs-on: github-ubuntu-latest-m # Public repo uses custom GitHub-hosted runner | |
| # name: Build | |
| # permissions: | |
| # id-token: write # Required for Vault OIDC authentication | |
| # contents: write # Required for repository access and tagging | |
| # steps: | |
| # - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| # - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| # with: | |
| # version: 2025.7.12 | |
| # - uses: SonarSource/ci-github-actions/build-maven@v1 | |
| # with: | |
| # deploy-pull-request: true | |
| # # Override artifactory roles for public repo using private access | |
| # artifactory-reader-role: private-reader | |
| # artifactory-deployer-role: qa-deployer | |
| # maven-args: > | |
| # -Dmaven.test.skip=true | |
| # -Dsonar.skip=true | |
| # -pl !java-checks-test-sources/default,!java-checks-test-sources/aws,!java-checks-test-sources/spring-web-4.0 | |
| test-analyze: | |
| name: Test Analyze | |
| # needs: | |
| # - build | |
| runs-on: github-ubuntu-latest-m | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| BUILD_NUMBER: 41697 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/vault-action-wrapper@v3 | |
| id: secrets | |
| with: | |
| secrets: | | |
| development/kv/data/next url | SONAR_HOST_URL; | |
| development/kv/data/next token | SONAR_TOKEN; | |
| - name: Test Analyze | |
| env: | |
| SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }} | |
| run: | | |
| # ignore duplications in the SE engine plugin, as it will be moved away from sonar-java at some point | |
| PULL_REQUEST_SHA=$GIT_SHA1 mvn clean verify sonar:sonar --batch-mode -P-deploy-sonarsource,-release,-sign -Dmaven.deploy.skip=true -Dsonar.analysisCache.enabled=true -Dsonar.sca.exclusions="**/test/files/**, **/test/resources/**, its/plugin/projects/**, java-checks-test-sources/**, its/sources/**," | |
| cd docs/java-custom-rules-example | |
| mvn clean package -f pom_SQ_10_6_LATEST.xml --batch-mode | |
| - name: Check License Compliance | |
| run: | | |
| # See https://xtranet.sonarsource.com/display/DEV/Open+Source+Licenses | |
| mvn org.codehaus.mojo:license-maven-plugin:aggregate-add-third-party \ | |
| --batch-mode \ | |
| "-Dlicense.missingFile=${PWD}/missing-dep-licenses.properties" \ | |
| -DuseMissingFile \ | |
| "-Dlicense.overrideUrl=file://${PWD}/override-dep-licenses.properties" |