Skip to content

SONARJAVA-5946 Use develocity in GHA build #5386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tomasz-tylenda-sonarsource merged 5 commits into from
Jan 8, 2026
Merged

SONARJAVA-5946 Use develocity in GHA build #5386

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5eca7e8
Use develocity in GHA build
tomasz-tylenda-sonarsource Jan 8, 2026
7b2faff
config-maven on Windows
tomasz-tylenda-sonarsource Jan 8, 2026
149811a
Split test-analyze
tomasz-tylenda-sonarsource Jan 8, 2026
b51b755
remove undefined config-maven parameters
tomasz-tylenda-sonarsource Jan 8, 2026
883e8ef
Use env for develocity parameters
tomasz-tylenda-sonarsource Jan 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 51 additions & 4 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ jobs:
# Override artifactory roles for public repo using private access
artifactory-reader-role: private-reader
artifactory-deployer-role: qa-deployer
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
Copy link
Contributor

@asya-vorobeva asya-vorobeva Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think, it makes sense to use workflow variable here and in following usages. What do you think?

Copy link
Contributor Author

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean env block at the top-level? I just added it. I also thought of using & and * to repeat the entire config-maven step, but I'm not sure if I like this yaml feature.

Copy link
Contributor

@GabrielFleischer GabrielFleischer Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I honestly prefer to avoid & and * features in most places. I feel like they hide the configuration and makes reading the pipeline harder.

If there is really a big duplication, it's ok.

Copy link
Contributor

@asya-vorobeva asya-vorobeva Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I meant exactly this :) I think now it looks good, we don't need to add another generalization.

Copy link
Contributor

@asya-vorobeva asya-vorobeva Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, didn't know about '& and *' feature, looks really ugly. Agree with Gabriel.

maven-args: >
--define maven.test.skip=true
--define sonar.skip=true
Expand Down Expand Up @@ -77,6 +79,8 @@ jobs:
uses: SonarSource/ci-github-actions/config-maven@v1
with:
artifactory-reader-role: private-reader
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
- name: Getting Vault Secrets
id: secrets
uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0
Expand Down Expand Up @@ -126,6 +130,8 @@ jobs:
uses: SonarSource/ci-github-actions/config-maven@v1
with:
artifactory-reader-role: private-reader
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
- name: Getting Vault Secrets
id: secrets
uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0
Expand Down Expand Up @@ -170,9 +176,9 @@ jobs:
mvn clean compile --batch-mode
- uses: SonarSource/ci-github-actions/config-maven@v1
with:
deploy: false
artifactory-reader-role: private-reader
artifactory-deployer-role: qa-deployer
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
- name: Sanity Test
env:
SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
Expand Down Expand Up @@ -208,11 +214,45 @@ jobs:
deploy: false
artifactory-reader-role: private-reader # Override default public-reader
artifactory-deployer-role: qa-deployer # Override default public-deployer
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
scanner-java-opts: '-Xmx2g'
env:
SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
JAVA_TOOL_OPTIONS: "" # Set an empty value to avoid issues with runners hanging and significantly slowing down builds

custom-rules-license-check:
name: Custom Rules and License Check
needs:
- build
if: ${{ needs.build.outputs.deployed }}
runs-on: github-ubuntu-latest-m
permissions:
id-token: write
contents: write
env:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
with:
version: 2025.7.12
- uses: SonarSource/vault-action-wrapper@v3
id: secrets
with:
secrets: |
development/kv/data/next url | SONAR_HOST_URL;
development/kv/data/next token | SONAR_TOKEN;
- uses: SonarSource/ci-github-actions/config-maven@v1
with:
artifactory-reader-role: private-reader
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
env:
SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
JAVA_TOOL_OPTIONS: "" # Set an empty value to avoid issues with runners hanging and significantly slowing down builds
- name: Build Java Custom Rules Example
env:
SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
Expand Down Expand Up @@ -266,9 +306,9 @@ jobs:
run: mise use java@17
- uses: SonarSource/ci-github-actions/config-maven@v1
with:
deploy: false
artifactory-reader-role: private-reader
artifactory-deployer-role: qa-deployer
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
- name: Run autoscan tests
env:
SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
Expand Down Expand Up @@ -297,6 +337,12 @@ jobs:
- uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
with:
version: 2025.7.12
- name: Configure Maven
uses: SonarSource/ci-github-actions/config-maven@v1
with:
artifactory-reader-role: private-reader
use-develocity: true
develocity-url: https://develocity-public.sonar.build/
- name: Run Maven
run: mvn clean verify --batch-mode

Expand All @@ -307,6 +353,7 @@ jobs:
- plugin-qa
- sanity
- test-analyze
- custom-rules-license-check
- autoscan
- qa-os-win
if: ${{ needs.build.outputs.deployed }}
Expand Down
2 changes: 1 addition & 1 deletion .mvn/develocity.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<develocity>
<server>
<url>https://develocity.sonar.build</url>
<url>https://develocity-public.sonar.build</url>
</server>
<buildCache>
<local>
Expand Down
Loading