SONARJAVA-5946 Use develocity in GHA build (#5386)

 * Configure Develocity to fix errors in logs and speed up the build.
 * Split test-analyze, it is a long step, which can block the pipeline.
 * Remove wrong config-maven parameters, they apply to build-maven, not config-maven.

Author: tomasz-tylenda-sonarsource

.github/workflows/build.yml

@@ -14,6 +14,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
+env:
+  USE_DEVELOCITY: true
+  DEVELOCITY_URL: https://develocity-public.sonar.build/
+
 jobs:
   build:
     runs-on: github-ubuntu-latest-m  # Public repo uses custom GitHub-hosted runner
@@ -39,6 +43,8 @@ jobs:
           # Override artifactory roles for public repo using private access
           artifactory-reader-role: private-reader
           artifactory-deployer-role: qa-deployer
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
           maven-args: >
             --define maven.test.skip=true
             --define sonar.skip=true
@@ -77,6 +83,8 @@ jobs:
         uses: SonarSource/ci-github-actions/config-maven@v1
         with:
           artifactory-reader-role: private-reader
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
       - name: Getting Vault Secrets
         id: secrets
         uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0
@@ -126,6 +134,8 @@ jobs:
         uses: SonarSource/ci-github-actions/config-maven@v1
         with:
           artifactory-reader-role: private-reader
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
       - name: Getting Vault Secrets
         id: secrets
         uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0
@@ -170,9 +180,9 @@ jobs:
           mvn clean compile --batch-mode
       - uses: SonarSource/ci-github-actions/config-maven@v1
         with:
-          deploy: false
           artifactory-reader-role: private-reader
-          artifactory-deployer-role: qa-deployer
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
       - name: Sanity Test
         env:
           SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
@@ -208,11 +218,45 @@ jobs:
           deploy: false
           artifactory-reader-role: private-reader    # Override default public-reader
           artifactory-deployer-role: qa-deployer     # Override default public-deployer
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
           scanner-java-opts: '-Xmx2g'
         env:
           SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
           SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
           JAVA_TOOL_OPTIONS: "" # Set an empty value to avoid issues with runners hanging and significantly slowing down builds
+
+  custom-rules-license-check:
+    name: Custom Rules and License Check
+    needs:
+      - build
+    if: ${{ needs.build.outputs.deployed }}
+    runs-on: github-ubuntu-latest-m
+    permissions:
+      id-token: write
+      contents: write
+    env:
+      BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
+        with:
+          version: 2025.7.12
+      - uses: SonarSource/vault-action-wrapper@v3
+        id: secrets
+        with:
+          secrets: |
+            development/kv/data/next url | SONAR_HOST_URL;
+            development/kv/data/next token | SONAR_TOKEN;
+      - uses: SonarSource/ci-github-actions/config-maven@v1
+        with:
+          artifactory-reader-role: private-reader
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
+        env:
+          SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
+          SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
+          JAVA_TOOL_OPTIONS: "" # Set an empty value to avoid issues with runners hanging and significantly slowing down builds
       - name: Build Java Custom Rules Example
         env:
           SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
@@ -266,9 +310,9 @@ jobs:
         run: mise use java@17
       - uses: SonarSource/ci-github-actions/config-maven@v1
         with:
-          deploy: false
           artifactory-reader-role: private-reader
-          artifactory-deployer-role: qa-deployer
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
       - name: Run autoscan tests
         env:
           SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
@@ -297,6 +341,12 @@ jobs:
       - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
         with:
           version: 2025.7.12
+      - name: Configure Maven
+        uses: SonarSource/ci-github-actions/config-maven@v1
+        with:
+          artifactory-reader-role: private-reader
+          use-develocity: ${{ env.USE_DEVELOCITY }}
+          develocity-url: ${{ env.DEVELOCITY_URL }}
       - name: Run Maven
         run: mvn clean verify --batch-mode
 
@@ -307,6 +357,7 @@ jobs:
       - plugin-qa
       - sanity
       - test-analyze
+      - custom-rules-license-check
       - autoscan
       - qa-os-win
     if: ${{ needs.build.outputs.deployed }}

.mvn/develocity.xml

@@ -1,6 +1,6 @@
 <develocity>
   <server>
-    <url>https://develocity.sonar.build</url>
+    <url>https://develocity-public.sonar.build</url>
   </server>
   <buildCache>
     <local>