SONARJAVA-5720 Unify Platform Dogfooding of sonar-java

alban-auzeill · alban-auzeill · commit 1d91961ad1d7 · 2025-09-22T11:52:39.000+02:00
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -89,6 +89,32 @@ build_task:
     - regular_mvn_build_deploy_analyze -Dmaven.test.skip=true -Dsonar.skip=true -pl '!java-checks-test-sources/default,!java-checks-test-sources/aws,!java-checks-test-sources/spring-web-4.0'
   cleanup_before_cache_script: cleanup_maven_repository
 
+sonar_shadow_scan_and_issue_replication_task:
+  <<: *COMMON_BUILD_DEFINITION
+  depends_on:
+    - build
+  # Only run when triggered by the cirrus-ci cron job named "nightly"
+  # TODO only_if: $CIRRUS_CRON == "nightly"
+  env:
+    SONAR_PROJECT_KEY: "org.sonarsource.java:java"
+    SHADOW_ORGANIZATION: "sonarsource"
+    SHADOW_PROJECT_KEY: "SonarSource_sonar-java"
+    # to replicate issue states from next
+    SONAR_TOKEN: VAULT[development/kv/data/next data.token]
+    SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
+    matrix:
+      - name: "sonarcloud.io"
+        SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token]
+        SHADOW_SONAR_HOST_URL: "https://sonarcloud.io"
+      - name: "sonarqube.us"
+        SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token]
+        SHADOW_SONAR_HOST_URL: "https://sonarqube.us"
+  build_script:
+    - *log_develocity_url_script
+    - source cirrus-env BUILD
+    - ./shadow-scan-and-issue-replication.sh
+  cleanup_before_cache_script: cleanup_maven_repository
+
 test_analyze_task:
   <<: *COMMON_BUILD_DEFINITION
   build_script:
@@ -282,6 +308,7 @@ autoscan_task:
 promote_task:
   depends_on:
     - build
+    - sonar_shadow_scan_and_issue_replication
     - test_analyze
     - qa_os_win
     - sanity
diff --git a/shadow-scan-and-issue-replication.sh b/shadow-scan-and-issue-replication.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# IRIS: Issue Replication for Sonarqube
+IRIS_JAR_URL="${ARTIFACTORY_URL}/sonarsource-private-releases/com/sonarsource/iris/iris/\[RELEASE\]/iris-\[RELEASE\]-jar-with-dependencies.jar"
+IRIS_JAR_PATH="target/libs/iris.jar"
+
+function build_and_analyze_the_project() {
+  echo
+  echo "===== Build and analyze the project targeting a shadow SonarQube instance"
+  mvn \
+    -Pcoverage \
+    -Dmaven.test.redirectTestOutputToFile=false \
+    -Dsonar.host.url="${SHADOW_SONAR_HOST_URL}" \
+    -Dsonar.token="${SHADOW_SONAR_TOKEN}" \
+    -Dsonar.organization="${SHADOW_ORGANIZATION}" \
+    -Dsonar.projectKey="${SHADOW_PROJECT_KEY}" \
+    -Dsonar.analysis.buildNumber="${BUILD_NUMBER}" \
+    -Dsonar.analysis.repository="${GITHUB_REPO}" \
+    --batch-mode --errors --show-version \
+    -Dsonar.analysisCache.enabled=true \
+    -Dsonar.sca.exclusions="**/test/files/**, **/test/resources/**, its/plugin/projects/**, java-checks-test-sources/**, its/sources/**," \
+    verify sonar:sonar
+}
+
+function download_iris() {
+  echo
+  echo "===== Download ${IRIS_JAR_URL}"
+  mkdir -p target/libs
+  curl --silent --fail-with-body --location --header "Authorization: Bearer ${ARTIFACTORY_PRIVATE_PASSWORD}" \
+      --output "${IRIS_JAR_PATH}" "${IRIS_JAR_URL}"
+}
+
+function run_iris() {
+  local DRY_RUN="$1"
+  java \
+    -Diris.source.projectKey="${SONAR_PROJECT_KEY}" \
+    -Diris.source.url="${SONAR_HOST_URL}" \
+    -Diris.source.token="${SONAR_TOKEN}" \
+    -Diris.destination.projectKey="${SHADOW_PROJECT_KEY}" \
+    -Diris.destination.organization="${SHADOW_ORGANIZATION}" \
+    -Diris.destination.url="${SHADOW_SONAR_HOST_URL}" \
+    -Diris.destination.token="${SHADOW_SONAR_TOKEN}" \
+    -Diris.dryrun="${DRY_RUN}" \
+    -jar "${IRIS_JAR_PATH}"
+}
+
+function run_iris_with_and_without_dry_run() {
+  echo
+  echo "===== Execute IRIS as dry-run"
+  if run_iris true; then
+    echo "===== Successful IRIS execution as dry-run"
+    echo "===== Execute IRIS for real"
+    if run_iris false; then
+      echo "===== Successful IRIS execution for real"
+      return 0
+    else
+      echo "===== Failed IRIS execution for real"
+      return 1
+    fi
+  else
+    echo "===== Failed IRIS execution as dry-run"
+    return 1
+  fi
+}
+
+source cirrus-env BUILD
+. set_maven_build_version "$BUILD_NUMBER"
+build_and_analyze_the_project
+download_iris
+run_iris_with_and_without_dry_run
