From 58f8dc5b56ffdf03d4574846ed9d5fae851aea7b Mon Sep 17 00:00:00 2001
From: Alban Auzeill <alban.auzeill@sonarsource.com>
Date: Mon, 22 Sep 2025 18:12:49 +0200
Subject: [PATCH] SONARSCALA-66 Unify Platform Dogfooding of sonar-scala

---
 .cirrus.yml                          | 31 ++++++++++++
 shadow-scan-and-issue-replication.sh | 73 ++++++++++++++++++++++++++++
 2 files changed, 104 insertions(+)
 create mode 100755 shadow-scan-and-issue-replication.sh

diff --git a/.cirrus.yml b/.cirrus.yml
index 5c09139..b205126 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -67,6 +67,36 @@ build_task:
     heap_dump_artifacts:
       path: "*.hprof"
 
+sonar_shadow_scan_and_issue_replication_task:
+  depends_on:
+    - build
+  # Only run when triggered by the cirrus-ci cron job named "nightly"
+  only_if: $CIRRUS_CRON == "nightly"
+  eks_container:
+    <<: *CONTAINER_DEFINITION
+    cpu: 8
+    memory: 4G
+  env:
+    SONAR_PROJECT_KEY: "SonarSource_sonar-scala"
+    SHADOW_ORGANIZATION: "sonarsource"
+    SHADOW_PROJECT_KEY: "SonarSource_sonar-scala"
+    # to replicate issue states from next
+    SONAR_TOKEN: VAULT[development/kv/data/next data.token]
+    SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
+    matrix:
+      - name: "sonarcloud.io"
+        SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token]
+        SHADOW_SONAR_HOST_URL: "https://sonarcloud.io"
+      - name: "sonarqube.us"
+        SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token]
+        SHADOW_SONAR_HOST_URL: "https://sonarqube.us"
+  <<: *SETUP_GRADLE_CACHE
+  build_script:
+    - *log_develocity_url_script
+    - source cirrus-env BUILD
+    - source set_gradle_build_version
+    - ./shadow-scan-and-issue-replication.sh
+
 mend_task:
   depends_on:
     - build
@@ -134,6 +164,7 @@ qa_ruling_task:
 promote_task:
   depends_on:
     - build
+    - sonar_shadow_scan_and_issue_replication
     - qa_plugin
     - qa_ruling
   eks_container:
diff --git a/shadow-scan-and-issue-replication.sh b/shadow-scan-and-issue-replication.sh
new file mode 100755
index 0000000..725db31
--- /dev/null
+++ b/shadow-scan-and-issue-replication.sh
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# IRIS: Issue Replication for Sonarqube
+IRIS_JAR_URL="${ARTIFACTORY_URL}/sonarsource-private-releases/com/sonarsource/iris/iris/\[RELEASE\]/iris-\[RELEASE\]-jar-with-dependencies.jar"
+IRIS_JAR_PATH="target/libs/iris.jar"
+
+function build_and_analyze_the_project() {
+  echo
+  echo "===== Build and analyze the project targeting a shadow SonarQube instance"
+  local BUILD_CMD
+  if [[ -e "gradlew" ]]; then
+    BUILD_CMD="./gradlew --info --stacktrace --console plain build sonar"
+  else
+    source set_maven_build_version "$BUILD_NUMBER"
+    BUILD_CMD="mvn -Pcoverage -Dmaven.test.redirectTestOutputToFile=false --batch-mode --errors --show-version verify sonar:sonar"
+  fi
+  ${BUILD_CMD} \
+    -DbuildNumber="${BUILD_NUMBER}" \
+    -Dsonar.host.url="${SHADOW_SONAR_HOST_URL}" \
+    -Dsonar.token="${SHADOW_SONAR_TOKEN}" \
+    -Dsonar.organization="${SHADOW_ORGANIZATION}" \
+    -Dsonar.projectKey="${SHADOW_PROJECT_KEY}" \
+    -Dsonar.analysis.buildNumber="${BUILD_NUMBER}" \
+    -Dsonar.analysis.repository="${GITHUB_REPO}" \
+    "$@"
+}
+
+function download_iris() {
+  echo
+  echo "===== Download ${IRIS_JAR_URL}"
+  mkdir -p target/libs
+  curl --silent --fail-with-body --location --header "Authorization: Bearer ${ARTIFACTORY_PRIVATE_PASSWORD}" \
+      --output "${IRIS_JAR_PATH}" "${IRIS_JAR_URL}"
+}
+
+function run_iris() {
+  local DRY_RUN="$1"
+  java \
+    -Diris.source.projectKey="${SONAR_PROJECT_KEY}" \
+    -Diris.source.url="${SONAR_HOST_URL}" \
+    -Diris.source.token="${SONAR_TOKEN}" \
+    -Diris.destination.projectKey="${SHADOW_PROJECT_KEY}" \
+    -Diris.destination.organization="${SHADOW_ORGANIZATION}" \
+    -Diris.destination.url="${SHADOW_SONAR_HOST_URL}" \
+    -Diris.destination.token="${SHADOW_SONAR_TOKEN}" \
+    -Diris.dryrun="${DRY_RUN}" \
+    -jar "${IRIS_JAR_PATH}"
+}
+
+function run_iris_with_and_without_dry_run() {
+  echo
+  echo "===== Execute IRIS as dry-run"
+  if run_iris true; then
+    echo "===== Successful IRIS execution as dry-run"
+    echo "===== Execute IRIS for real"
+    if run_iris false; then
+      echo "===== Successful IRIS execution for real"
+      return 0
+    else
+      echo "===== Failed IRIS execution for real"
+      return 1
+    fi
+  else
+    echo "===== Failed IRIS execution as dry-run"
+    return 1
+  fi
+}
+
+build_and_analyze_the_project "$@"
+download_iris
+run_iris_with_and_without_dry_run