diff --git a/.cirrus.star b/.cirrus.star deleted file mode 100644 index bc1f3998b6..0000000000 --- a/.cirrus.star +++ /dev/null @@ -1,4 +0,0 @@ -load("github.com/SonarSource/cirrus-modules@v3", "load_features") - -def main(ctx): - return load_features(ctx) diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 55c16823a0..0000000000 --- a/.cirrus.yml +++ /dev/null @@ -1,338 +0,0 @@ -env: - CIRRUS_VAULT_URL: https://vault.sonar.build:8200 - CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci - CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME} - ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url] - ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader - ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] - ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer - ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token] - #Possible values for ARTIFACTORY_DEPLOY_REPO: sonarsource-private-qa, sonarsource-public-qa - ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa - ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] - GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token] - DEVELOCITY_TOKEN: VAULT[development/kv/data/develocity data.token] - DEVELOCITY_ACCESS_KEY: develocity.sonar.build=${DEVELOCITY_TOKEN} - # Use bash (instead of sh on linux or cmd.exe on windows) - CIRRUS_SHELL: bash - # Allows to run builds for the 50 last commits in a branch: - CIRRUS_CLONE_DEPTH: 50 - -container_definition: &CONTAINER_DEFINITION - cluster_name: ${CIRRUS_CLUSTER_NAME} - region: eu-central-1 - namespace: default - nodeSelectorTerms: - - matchExpressions: - - key: node.kubernetes.io/instance-type - operator: In - values: - - m6a.8xlarge # 3.6 GHz 3rd generation AMD EPYC processors (AMD EPYC 7R13), 18 vCPU, 64 GiB Memory - -container_with_docker_definition: &CONTAINER_WITH_DOCKER_DEFINITION - <<: *CONTAINER_DEFINITION - dockerfile: .cirrus/Dockerfile.jdk17AndLatest - builder_role: cirrus-builder - builder_image: docker-builder-v* - builder_instance_type: t3.small - -win_vm_definition: &WINDOWS_VM_DEFINITION - experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051 - platform: windows - region: eu-central-1 - type: c5.4xlarge # 3.6 GHz (3.9GHz single core) Intel Xeon Scalable Processor, 16 vCPU, 32 GiB Memory - -only_sonarsource_qa: &ONLY_SONARSOURCE_QA - only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*") - -log_develocity_url_script: &log_develocity_url_script | - echo "Develocity URL: https://develocity.sonar.build/scans?search.publicHostnames=cirrus-ci-task-${CIRRUS_TASK_ID}" - - -common_build_definition: &COMMON_BUILD_DEFINITION - eks_container: - <<: *CONTAINER_WITH_DOCKER_DEFINITION - cpu: 4 - memory: 4G - env: - SIGN_KEY: VAULT[development/kv/data/sign data.key] - PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase] - # analysis on next - SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_HOST_URL: https://next.sonarqube.com/sonarqube - #allow deployment of pull request artifacts to repox - DEPLOY_PULL_REQUEST: true - JAVA_HOME: /opt/java/openjdk-latest - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - -orchestrator_cache_preparation_definition: &ORCHESTRATOR_CACHE_PREPARATION_DEFINITION - set_orchestrator_home_script: | - export TODAY=$(date '+%Y-%m-%d') - echo "TODAY=${TODAY}" >> $CIRRUS_ENV - echo "ORCHESTRATOR_HOME=${CIRRUS_WORKING_DIR}/orchestrator/${TODAY}" >> $CIRRUS_ENV - mkdir_orchestrator_home_script: | - echo "Create dir ${ORCHESTRATOR_HOME} if needed" - mkdir -p ${ORCHESTRATOR_HOME} - -orchestrator_cache_elements_definition: &ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - folder: ${ORCHESTRATOR_HOME} - fingerprint_script: echo ${TODAY} - reupload_on_changes: "true" - -# Only compile without "test and sonar:sonar". Note: Do not rename "build", it is used by "Check Releasability" -build_task: - <<: *COMMON_BUILD_DEFINITION - build_script: - - *log_develocity_url_script - - source cirrus-env BUILD - - regular_mvn_build_deploy_analyze -Dmaven.test.skip=true -Dsonar.skip=true -pl '!java-checks-test-sources/default,!java-checks-test-sources/aws,!java-checks-test-sources/spring-web-4.0' - cleanup_before_cache_script: cleanup_maven_repository - -sonar_shadow_scan_and_issue_replication_task: - <<: *COMMON_BUILD_DEFINITION - depends_on: - - build - # Only run when triggered by the cirrus-ci cron job named "nightly" - only_if: $CIRRUS_CRON == "nightly" - env: - SONAR_PROJECT_KEY: "org.sonarsource.java:java" - SHADOW_ORGANIZATION: "sonarsource" - SHADOW_PROJECT_KEY: "SonarSource_sonar-java" - # to replicate issue states from next - SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_HOST_URL: https://next.sonarqube.com/sonarqube - matrix: - - name: "sonarcloud.io" - SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token] - SHADOW_SONAR_HOST_URL: "https://sonarcloud.io" - - name: "sonarqube.us" - SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token] - SHADOW_SONAR_HOST_URL: "https://sonarqube.us" - build_and_shadow_scan_script: - - *log_develocity_url_script - - source cirrus-env BUILD - - ./shadow-scan-and-issue-replication.sh -Dsonar.analysisCache.enabled=true -Dsonar.sca.exclusions="**/test/files/**, **/test/resources/**, its/plugin/projects/**, java-checks-test-sources/**, its/sources/**," - cleanup_before_cache_script: cleanup_maven_repository - -# Migrated to GHA. -test_analyze_task: - <<: *COMMON_BUILD_DEFINITION - build_script: - - *log_develocity_url_script - - source cirrus-env BUILD - # ignore duplications in the SE engine plugin, as it will be moved away from sonar-java at some point - - PULL_REQUEST_SHA=$GIT_SHA1 regular_mvn_build_deploy_analyze -P-deploy-sonarsource,-release,-sign -Dmaven.deploy.skip=true -Dsonar.analysisCache.enabled=true -Dsonar.sca.exclusions="**/test/files/**, **/test/resources/**, its/plugin/projects/**, java-checks-test-sources/**, its/sources/**," - - cd docs/java-custom-rules-example - - mvn clean package -f pom_SQ_10_6_LATEST.xml --batch-mode - - cd "${CIRRUS_WORKING_DIR}" - - ./check-license-compliance.sh - cleanup_before_cache_script: cleanup_maven_repository - -# Migrated to GHA. -qa_os_win_task: - ec2_instance: - image: base-windows-jdk21-v* - <<: *WINDOWS_VM_DEFINITION - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - java_download_cache: - folder: ${CIRRUS_WORKING_DIR}/.java_download_cache - build_script: - - *log_develocity_url_script - - source cirrus-env CI - - ps: .cirrus/install-latest-java-on-windows.ps1 ; if ($?) { & mvn.cmd --batch-mode clean verify } - cleanup_before_cache_script: cleanup_maven_repository - -# Migrated to GHA -plugin_qa_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_WITH_DOCKER_DEFINITION - cpu: 14 - memory: 16G - <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION - matrix: - - env: - SQ_VERSION: LATEST_RELEASE - orchestrator_LATEST_RELEASE_cache: - <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - - env: - SQ_VERSION: DEV - orchestrator_DEV_cache: - <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - submodules_script: - - git submodule update --init --recursive - qa_script: - - *log_develocity_url_script - - source cirrus-env QA - - source set_maven_build_version $BUILD_NUMBER - - cd its/plugin - - mvn package --batch-mode -Pit-plugin -Dsonar.runtimeVersion=${SQ_VERSION} -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=classes -DuseUnlimitedThreads=true - cleanup_before_cache_script: cleanup_maven_repository - -# Migrated to GHA. -sanity_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_WITH_DOCKER_DEFINITION - cpu: 4 - memory: 16G - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - env: - JAVA_HOME: /opt/java/openjdk-latest - sanity_script: - - *log_develocity_url_script - - source cirrus-env QA - - source set_maven_build_version $BUILD_NUMBER - - cd java-checks-test-sources - - mvn clean compile --batch-mode - - cd ../ - - mvn verify --batch-mode -f sonar-java-plugin/pom.xml -Psanity -Dtest=SanityTest - cleanup_before_cache_script: cleanup_maven_repository - -# Migrated to GHA -ruling_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_WITH_DOCKER_DEFINITION - cpu: 14 - memory: 16G - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION - orchestrator_LATEST_RELEASE_cache: - <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - submodules_script: - - git submodule update --init --recursive - env: - MAVEN_OPTS: "-Xmx3g" - matrix: - - PROFILE: without-sonarqube-project - - PROFILE: only-sonarqube-project - ruling_script: - - *log_develocity_url_script - - source cirrus-env QA - - source set_maven_build_version $BUILD_NUMBER - - cd its/ruling - - mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true - cleanup_before_cache_script: cleanup_maven_repository - on_failure: - actual_artifacts: - path: "${CIRRUS_WORKING_DIR}/its/ruling/target/actual/**/*" - -# Migrated to GHA -ruling_win_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - ec2_instance: - image: base-windows-jdk17-v* - <<: *WINDOWS_VM_DEFINITION - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION - orchestrator_LATEST_RELEASE_cache: - <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - env: - MAVEN_OPTS: "-Xmx3g" - matrix: - - PROFILE: without-sonarqube-project - - PROFILE: only-sonarqube-project - ruling_script: - - *log_develocity_url_script - - source cirrus-env QA - - source set_maven_build_version $BUILD_NUMBER - - init_git_submodules its/sources - - git submodule update --init --recursive - - cd its/ruling - - mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true - cleanup_before_cache_script: cleanup_maven_repository - -# Migrated to GHA. -autoscan_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_WITH_DOCKER_DEFINITION - # For now, this autoscan_task need to execute two mvn commands: - # * The build of java-checks-test-sources module which requires Java 24. - # * The tests using Orchestrator and SonarQube that, for now, fail to work using Java 24 - # This is why we have a local Dockerfile that provide the 2 versions of Java, 17 and 24. - cpu: 14 - memory: 16G - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION - orchestrator_LATEST_RELEASE_cache: - <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - autoscan_script: - - *log_develocity_url_script - - source cirrus-env QA - - source set_maven_build_version $BUILD_NUMBER - - cd java-checks-test-sources - - JAVA_HOME=/opt/java/openjdk-latest mvn clean compile test-compile --batch-mode - - cd ../its/autoscan - - mvn clean package --batch-mode --errors --show-version --activate-profiles it-autoscan -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -Dparallel=methods -DuseUnlimitedThreads=true - cleanup_before_cache_script: cleanup_maven_repository - on_failure: - actual_artifacts: - path: "${CIRRUS_WORKING_DIR}/its/autoscan/target/actual/**/*" - -promote_task: - depends_on: - - build - - sonar_shadow_scan_and_issue_replication - - test_analyze - - qa_os_win - - sanity - - ruling - - ruling_win - - plugin_qa - - autoscan - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_WITH_DOCKER_DEFINITION - cpu: 2 - memory: 1G - env: - #promotion cloud function - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] - GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token] - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - script: cirrus_promote_maven - cleanup_before_cache_script: cleanup_maven_repository - -# This task can be used to debug the cache content -inspect_orchestrator_cache_task: - <<: *ONLY_SONARSOURCE_QA - depends_on: ruling # To improve cache usage we should introduce a task to warm the cache. - trigger_type: manual - eks_container: - <<: *CONTAINER_WITH_DOCKER_DEFINITION - cpu: 1 - memory: 1G - <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION - matrix: - - orchestrator_LATEST_RELEASE_cache: - <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - - orchestrator_DEV_cache: - <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION - inspect_cache_script: | - echo "Inspecting cache ${ORCHESTRATOR_HOME}..." - cd "${ORCHESTRATOR_HOME}" - ls -l - find . -ls - echo "Inspecting cache done." diff --git a/.cirrus/Dockerfile.jdk17AndLatest b/.cirrus/Dockerfile.jdk17AndLatest deleted file mode 100644 index 31395b91eb..0000000000 --- a/.cirrus/Dockerfile.jdk17AndLatest +++ /dev/null @@ -1,22 +0,0 @@ -ARG CIRRUS_AWS_ACCOUNT=275878209202 -FROM ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest - -LABEL maintainer="JVM Squad at SonarSource" - -USER root - -ENV DEBIAN_FRONTEND=noninteractive - -# Copy openjdk from https://github.com/adoptium/containers/blob/main/24/jdk/ubuntu/noble/Dockerfile -COPY --from=eclipse-temurin:24.0.1_9-jdk-noble /opt/java/openjdk /opt/java/openjdk-latest - -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' -# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472 -RUN find "/opt/java/openjdk-latest/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \ - ldconfig; \ - # https://github.com/docker-library/openjdk/issues/212#issuecomment-420979840 - # https://openjdk.java.net/jeps/341 - java -Xshare:dump; - -USER sonarsource -WORKDIR /home/sonarsource diff --git a/.cirrus/install-latest-java-on-windows.ps1 b/.cirrus/install-latest-java-on-windows.ps1 deleted file mode 100644 index fed60b6f12..0000000000 --- a/.cirrus/install-latest-java-on-windows.ps1 +++ /dev/null @@ -1,100 +0,0 @@ -$javaVersion = "24.0.1+9" -$sha256_x64 = "2ef7f20c00577747d23999c7b29a0d35d73aeeb9d67aec0aa9825e59084447c3" -$sha256_aarch64 = "aarch64 platform is currently unavailable, see https://adoptium.net/en-GB/news/2025/04/eclipse-temurin-8u452-11027-17015-2107-2401-available/" - -Write-Output "Installing Java ${javaVersion}" - -$javaMajorVersion = ($javaVersion -split '\.')[0] -Write-Output "Major version: ${javaMajorVersion}" - -$javaUriVersion = $javaVersion -replace '\+', '%2B' -$javaFileVersion = $javaVersion -replace '\+', '_' -$arch = (Get-WmiObject -Class Win32_Processor).AddressWidth -if ($arch -eq 64) { - $arch = "x64" - $sha256 = $sha256_x64 -} else { - $arch = "aarch64" - $sha256 = $sha256_aarch64 -} -$zipFileName = "OpenJDK${javaMajorVersion}U-jdk_${arch}_windows_hotspot_${javaFileVersion}.zip" -$binaryUrl = "https://github.com/adoptium/temurin${javaMajorVersion}-binaries/releases/download/jdk-${javaUriVersion}/${zipFileName}" -$javaDownloadDirectory = "${env:CIRRUS_WORKING_DIR}/.java_download_cache" -$zipPath = "${javaDownloadDirectory}\${zipFileName}" -$javaHomeParent = "${env:CIRRUS_WORKING_DIR}/.openjdk" -$javaHome = "${javaHomeParent}\jdk-${javaVersion}" - -Write-Output "Prepare download directory: ${javaDownloadDirectory}" -if (-not (Test-Path "${javaDownloadDirectory}")) { - New-Item -ItemType Directory -Path $javaDownloadDirectory -Force -} -$itemsToDelete = Get-ChildItem -Path $javaDownloadDirectory | Where-Object { $_.Name -ne $zipFileName } -foreach ($item in $itemsToDelete) { - Write-Output "Remove: ${item}" - Remove-Item -Path $item.FullName -Recurse -Force -} - -Write-Output "Prepare installation directory: ${javaHomeParent}" -if (-not (Test-Path "${javaHomeParent}")) { - New-Item -ItemType Directory -Path $javaHomeParent -Force -} -Write-Output "Remove other jdk in ${javaHomeParent}" -$itemsToDelete = Get-ChildItem -Path $javaHomeParent | Where-Object { $_.Name -ne "jdk-${javaVersion}" } -foreach ($item in $itemsToDelete) { - Write-Output "Remove: $item" - Remove-Item -Path $item.FullName -Recurse -Force -} - -if (-not (Test-Path "${javaHome}\bin\java.exe")) { - if (Test-Path $zipPath) { - Write-Output "Zip '$zipPath' already exists." - } else { - Write-Output "Download from '$binaryUrl' into '$zipPath'" - Invoke-WebRequest -Uri $binaryUrl -OutFile $zipPath -UseBasicParsing > $null - - # Verify the checksum - Write-Output "Check the sha256 checksum of $zipPath" - $actualChecksum = Get-FileHash -Path $zipPath -Algorithm SHA256 | Select-Object -ExpandProperty Hash - if ($actualChecksum -ne $sha256) { - Write-Error "Checksum verification failed. Expected: $expectedChecksum, Actual: $actualChecksum" - exit 1 - } else { - Write-Output "Checksum verification passed." - } - } - - # Extract the zip file - Write-Output "Extract JDK archive" - $global:ProgressPreference = "SilentlyContinue" - Expand-Archive -Path $zipPath -DestinationPath $javaHomeParent -Force > $null - - # Check if java is present - if (-not (Test-Path "${javaHome}\bin\java.exe")) { - Write-Error "Fail to find ${javaHome}\bin\java.exe in the extracted directory" - exit 1 - } -} else { - Write-Output "Java already installed in ${javaHome}" -} - -# Set JAVA_HOME -Write-Output "Set JAVA_HOME to $javaHome" -$env:JAVA_HOME = "${javaHome}" - -# Set PATH -$javaBinPath = "${env:JAVA_HOME}\bin" - -if ($env:Path -split ';' -contains $javaBinPath) { - Write-Output "The path $javaBinPath is already in the Path environment variable." -} else { - Write-Output "Adding $javaBinPath to the Path environment variable." - $env:Path = "$javaBinPath;$env:Path" -} - -# Print the version -Write-Output "java.exe --version" -& "${env:JAVA_HOME}\bin\java.exe" --version - -Write-Output "-- Java ${javaVersion} Installed Successfully --" - -exit 0 diff --git a/.github/workflows/ReleasabilityCheck.yml b/.github/workflows/ReleasabilityCheck.yml index 0ca69e827b..a910e4d9db 100644 --- a/.github/workflows/ReleasabilityCheck.yml +++ b/.github/workflows/ReleasabilityCheck.yml @@ -1,32 +1,28 @@ name: Releasability Check -# Update releasability check. This workflow run continuously, -# in contrast to the other releasability, which needs to be triggered manually. +# Triggered when the "Build" workflow completes on specific branches. 'on': - check_suite: - types: - - completed + workflow_run: + workflows: [ "Build" ] + types: [ completed ] + branches: + - master + - dogfood-* + - branch-* jobs: - update_releasability_status: + releasability-status: + name: Releasability status runs-on: github-ubuntu-latest-s - name: Releasability Check permissions: id-token: write statuses: write contents: read - if: >- - (contains(fromJSON('["main", "master"]'), - github.event.check_suite.head_branch) || - startsWith(github.event.check_suite.head_branch, 'dogfood-') || - startsWith(github.event.check_suite.head_branch, 'branch-')) && - github.event.check_suite.conclusion == 'success' && - github.event.check_suite.app.slug == 'cirrus-ci' + if: github.event.workflow_run.conclusion == 'success' steps: - - uses: >- - SonarSource/gh-action_releasability/releasability-status@v3 - with: - optional_checks: "Jira" - env: - GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + - uses: SonarSource/gh-action_releasability/releasability-status@v3 + with: + optional_checks: "Jira" + env: + GITHUB_TOKEN: ${{ github.token }} diff --git a/README.md b/README.md index d9d691e2e0..35b0b0d202 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Code Quality and Security for Java [![Build Status](https://api.cirrus-ci.com/github/SonarSource/sonar-java.svg?branch=master)](https://cirrus-ci.com/github/SonarSource/sonar-java) [![Quality Gate](https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.java%3Ajava&metric=alert_status)](https://next.sonarqube.com/sonarqube/dashboard?id=org.sonarsource.java%3Ajava) [![Coverage](https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.java%3Ajava&metric=coverage)](https://next.sonarqube.com/sonarqube/component_measures/domain/Coverage?id=org.sonarsource.java%3Ajava) +Code Quality and Security for Java [![Build Status](https://github.com/SonarSource/sonar-java/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/SonarSource/sonar-java/actions/workflows/build.yml) [![Quality Gate](https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.java%3Ajava&metric=alert_status)](https://next.sonarqube.com/sonarqube/dashboard?id=org.sonarsource.java%3Ajava) [![Coverage](https://next.sonarqube.com/sonarqube/api/project_badges/measure?project=org.sonarsource.java%3Ajava&metric=coverage)](https://next.sonarqube.com/sonarqube/component_measures/domain/Coverage?id=org.sonarsource.java%3Ajava) ========== This Sonar project is a code analyzer for Java projects to help developers deliver integrated code quality and security. Information about the analysis of Java features is available [here](https://redirect.sonarsource.com/plugins/java.html). diff --git a/check-license-compliance.sh b/check-license-compliance.sh deleted file mode 100755 index 527394a9e2..0000000000 --- a/check-license-compliance.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# See https://xtranet.sonarsource.com/display/DEV/Open+Source+Licenses - -mvn org.codehaus.mojo:license-maven-plugin:aggregate-add-third-party \ - -Dlicense.missingFile=$(pwd)/missing-dep-licenses.properties \ - -DuseMissingFile \ - -Dlicense.overrideUrl=file://$(pwd)/override-dep-licenses.properties diff --git a/pom.xml b/pom.xml index 076af71d42..30ccec5823 100644 --- a/pom.xml +++ b/pom.xml @@ -75,8 +75,8 @@ https://jira.sonarsource.com/browse/SONARJAVA - Cirrus CI - https://cirrus-ci.com/github/SonarSource/sonar-java + GitHub Actions + https://github.com/SonarSource/sonar-java/actions/workflows/build.yml diff --git a/shadow-scan-and-issue-replication.sh b/shadow-scan-and-issue-replication.sh deleted file mode 100755 index 1fe21b6974..0000000000 --- a/shadow-scan-and-issue-replication.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# IRIS: Issue Replication for Sonarqube -IRIS_JAR_URL="${ARTIFACTORY_URL}/sonarsource-private-releases/com/sonarsource/iris/iris/\[RELEASE\]/iris-\[RELEASE\]-jar-with-dependencies.jar" -IRIS_JAR_PATH="target/libs/iris.jar" - -function build_and_analyze_the_project() { - echo - echo "===== Build and analyze the project targeting a shadow SonarQube instance" - local BUILD_CMD - if [[ -e "gradlew" ]]; then - BUILD_CMD="./gradlew --info --stacktrace --console plain build sonar" - else - source set_maven_build_version "$BUILD_NUMBER" - BUILD_CMD="mvn -Pcoverage -Dmaven.test.redirectTestOutputToFile=false --batch-mode --errors --show-version verify sonar:sonar" - fi - ${BUILD_CMD} \ - -DbuildNumber="${BUILD_NUMBER}" \ - -Dsonar.host.url="${SHADOW_SONAR_HOST_URL}" \ - -Dsonar.token="${SHADOW_SONAR_TOKEN}" \ - -Dsonar.organization="${SHADOW_ORGANIZATION}" \ - -Dsonar.projectKey="${SHADOW_PROJECT_KEY}" \ - -Dsonar.analysis.buildNumber="${BUILD_NUMBER}" \ - -Dsonar.analysis.repository="${GITHUB_REPO}" \ - "$@" -} - -function download_iris() { - echo - echo "===== Download ${IRIS_JAR_URL}" - mkdir -p target/libs - curl --silent --fail-with-body --location --header "Authorization: Bearer ${ARTIFACTORY_PRIVATE_PASSWORD}" \ - --output "${IRIS_JAR_PATH}" "${IRIS_JAR_URL}" -} - -function sonarcloud_compute_engine_status_for_given_project() { - local PROJECT_KEY="$1" - local RESPONSE - RESPONSE="$( - curl --silent --fail-with-body --location --request GET \ - --header "Authorization: Bearer ${SHADOW_SONAR_TOKEN}" \ - --output - \ - "${SHADOW_SONAR_HOST_URL}/api/ce/component?component=${PROJECT_KEY}" - )" - local STATUS - # we first check if there is one or more 'PENDING' tasks in the queue - STATUS="$(echo "${RESPONSE}" | jq -r '.queue[].status')" - if [[ "${STATUS}" == "null" ]]; then - STATUS="" - fi - if [[ -z "${STATUS}" ]]; then - # otherwise we get the status of the current task - STATUS="$(echo "${RESPONSE}" | jq -r '.current.status')" - fi - echo -n "${STATUS}" -} - -function wait_for_sonarcloud_compute_engine_to_finish() { - local MAX_WAIT_TIME_SECONDS="300" # Default to 5 minutes - local SLEEP_INTERVAL_SECONDS="1" - local ELAPSED_TIME=0 - local LAST_STATUS="" - local STATUS - - echo "Waiting for SonarCloud compute engine to finish for project key: ${SHADOW_PROJECT_KEY}" - while (( ELAPSED_TIME < MAX_WAIT_TIME_SECONDS )); do - STATUS=$(sonarcloud_compute_engine_status_for_given_project "${SHADOW_PROJECT_KEY}") - if [[ "${STATUS}" != "${LAST_STATUS}" ]]; then - echo -n " ${STATUS} " - LAST_STATUS="${STATUS}" - fi - - if [[ "${STATUS}" == "PENDING" || "${STATUS}" == "IN_PROGRESS" ]]; then - echo -n "." - elif [[ "${STATUS}" == "FAILED" || "${STATUS}" == "CANCELED" ]]; then - echo -e "\nERROR: SonarCloud compute engine finished with status: ${STATUS}" - return 1 - elif [[ "${STATUS}" == "SUCCESS" ]]; then - echo -e "\nSonarCloud compute engine finished successfully." - return 0 - else - echo -e "\nERROR: Unknown status: ${STATUS}" - return 1 - fi - sleep "${SLEEP_INTERVAL_SECONDS}" - ELAPSED_TIME=$((ELAPSED_TIME + SLEEP_INTERVAL_SECONDS)) - done - echo -e "\nERROR: Timeout reached after ${MAX_WAIT_TIME_SECONDS} seconds." - return 1 -} - -function run_iris() { - local DRY_RUN="$1" - java \ - -Diris.source.projectKey="${SONAR_PROJECT_KEY}" \ - -Diris.source.url="${SONAR_HOST_URL}" \ - -Diris.source.token="${SONAR_TOKEN}" \ - -Diris.destination.projectKey="${SHADOW_PROJECT_KEY}" \ - -Diris.destination.organization="${SHADOW_ORGANIZATION}" \ - -Diris.destination.url="${SHADOW_SONAR_HOST_URL}" \ - -Diris.destination.token="${SHADOW_SONAR_TOKEN}" \ - -Diris.dryrun="${DRY_RUN}" \ - -jar "${IRIS_JAR_PATH}" -} - -function run_iris_with_and_without_dry_run() { - echo - echo "===== Execute IRIS as dry-run" - if run_iris true; then - echo "===== Successful IRIS execution as dry-run" - echo "===== Execute IRIS for real" - if run_iris false; then - echo "===== Successful IRIS execution for real" - return 0 - else - echo "===== Failed IRIS execution for real" - return 1 - fi - else - echo "===== Failed IRIS execution as dry-run" - return 1 - fi -} - -build_and_analyze_the_project "$@" -download_iris -wait_for_sonarcloud_compute_engine_to_finish -run_iris_with_and_without_dry_run