From b2c1cffff16ceffa7178f7ce516ce46f66376c00 Mon Sep 17 00:00:00 2001 From: Claire Villard Date: Tue, 25 Nov 2025 16:56:36 +0100 Subject: [PATCH] SCANCLI-200 Migrate to GitHub Actions --- .cirrus.star | 4 - .cirrus.yml | 138 ------------------------------- .github/workflows/build.yml | 117 ++++++++++++++++++++++++++ .github/workflows/pr_cleanup.yml | 11 +++ mise.toml | 4 + 5 files changed, 132 insertions(+), 142 deletions(-) delete mode 100644 .cirrus.star delete mode 100644 .cirrus.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/pr_cleanup.yml create mode 100644 mise.toml diff --git a/.cirrus.star b/.cirrus.star deleted file mode 100644 index 9f91e154..00000000 --- a/.cirrus.star +++ /dev/null @@ -1,4 +0,0 @@ -load("github.com/SonarSource/cirrus-modules@v3", "load_features") - -def main(ctx): - return load_features(ctx) diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index a865f17f..00000000 --- a/.cirrus.yml +++ /dev/null @@ -1,138 +0,0 @@ -# -# ENV VARIABLES -# -env: - ### Shared variables - CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci - CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME} - CIRRUS_VAULT_URL: https://vault.sonar.build:8200 - ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url] - ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader - ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-private-reader access_token] - ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-private-reader access_token] - ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer - ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/SonarSource-sonar-scanner-cli-qa-deployer access_token] - ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] - - ### Project variables - DEPLOY_PULL_REQUEST: true - NIGHTLY_CRON: 'nightly-cron' -# -# RE-USABLE CONFIGS -# -eks_container: &EKS_CONTAINER - region: eu-central-1 - cluster_name: ${CIRRUS_CLUSTER_NAME} - namespace: default - image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3-latest - cpu: 1 - memory: 4G - -ec2_instance: &EC2_INSTANCE_WINDOWS - region: eu-central-1 - type: t2.2xlarge - image: base-windows-jdk17-v* - platform: windows - -only_sonarsource_qa: &ONLY_SONARSOURCE_QA - only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BUILD_SOURCE == 'api' ) - -except_nightly_cron: &ONLY_SONARSOURCE_QA_EXCEPT_ON_NIGHTLY_CRON - only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BUILD_SOURCE == 'api' ) && $CIRRUS_CRON != $NIGHTLY_CRON - -# -# TASKS -# -build_task: - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *EKS_CONTAINER - env: - SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_HOST_URL: VAULT[development/kv/data/next data.url] - SIGN_KEY: VAULT[development/kv/data/sign data.key] - PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase] - # Fetch all commit history so that Sonar has exact blame information for issue auto-assignment - CIRRUS_CLONE_DEPTH: "0" - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - script: - - source cirrus-env BUILD - - regular_mvn_build_deploy_analyze -Pdist-linux-x64,dist-linux-aarch64,dist-windows-x64,dist-macosx-x64,dist-macosx-aarch64 - always: - junit_artifacts: - path: "**/surefire-reports/**.xml" - type: text/xml - format: junit - cleanup_before_cache_script: - - cleanup_maven_repository - -linux_x64_qa_java11_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *EKS_CONTAINER - env: - matrix: - - SQ_VERSION: LATEST_RELEASE[9.9] - - SQ_VERSION: LATEST_RELEASE - - SQ_VERSION: DEV - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - qa_script: - - nodeVersion=18.17.0 - - nodeName=node-v${nodeVersion}-linux-x64 - - wget https://nodejs.org/download/release/v${nodeVersion}/${nodeName}.tar.gz - - tar xzf ${nodeName}.tar.gz -C /tmp - - export PATH=$PATH:/tmp/${nodeName}/bin - - source cirrus-env QA - - source set_maven_build_version $BUILD_NUMBER - - wget -O OpenJDK11U-jre_x64_linux_hotspot_11.0.27_6.tar.gz https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.27%2B6/OpenJDK11U-jre_x64_linux_hotspot_11.0.27_6.tar.gz - - tar xzf OpenJDK11U-jre_x64_linux_hotspot_11.0.27_6.tar.gz -C /tmp - - export JAVA_11_HOME=/tmp/jdk-11.0.27+6-jre - - cd it - - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify - cleanup_before_cache_script: - - cleanup_maven_repository - -win_x64_qa_java17_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - ec2_instance: - <<: *EC2_INSTANCE_WINDOWS - env: - CIRRUS_SHELL: bash - matrix: - - SQ_VERSION: LATEST_RELEASE[9.9] - - SQ_VERSION: LATEST_RELEASE - - SQ_VERSION: DEV - maven_cache: - folder: ${CIRRUS_WORKING_DIR}/.m2/repository - qa_script: - - source cirrus-env QA - - source set_maven_build_version $BUILD_NUMBER - - cd it - - mvn -B -e -Dsonar.runtimeVersion="$SQ_VERSION" -Dmaven.test.redirectTestOutputToFile=false verify - cleanup_before_cache_script: - - cleanup_maven_repository - -promote_task: - depends_on: - - linux_x64_qa_java11 - - win_x64_qa_java17 - <<: *ONLY_SONARSOURCE_QA_EXCEPT_ON_NIGHTLY_CRON - eks_container: - <<: *EKS_CONTAINER - cpu: 0.5 - memory: 500M - env: - GITHUB_TOKEN: VAULT[development/github/token/SonarSource-sonar-scanner-cli-promotion token] - maven_cache: - folder: $CIRRUS_WORKING_DIR/.m2/repository - script: - - cirrus_promote_maven - cleanup_before_cache_script: - - cleanup_maven_repository diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..77dae1e4 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,117 @@ +name: Build +on: + push: + branches: + - master + - branch-* + - dogfood-* + pull_request: + merge_group: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + runs-on: github-ubuntu-latest-s + name: Build + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + with: + version: 2025.7.12 + - uses: SonarSource/ci-github-actions/build-maven@v1 + with: + deploy-pull-request: true + maven-args: -Pdist-linux-x64,dist-linux-aarch64,dist-windows-x64,dist-macosx-x64,dist-macosx-aarch64 + artifactory-reader-role: private-reader + artifactory-deployer-role: qa-deployer + + + linux-qa: + needs: build + runs-on: github-ubuntu-latest-s + name: Linux QA + permissions: + id-token: write + contents: read + strategy: + fail-fast: false + matrix: + sq_version: + - LATEST_RELEASE[9.9] + - LATEST_RELEASE + - DEV + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + with: + version: 2025.7.12 + + - uses: SonarSource/ci-github-actions/config-maven@v1 + with: + artifactory-reader-role: private-reader + cache-paths: | + ~/.m2/repository + + - name: Run Integration Tests + env: + SQ_VERSION: ${{ matrix.sq_version }} + run: | + cd it + mvn -B -e -Dsonar.runtimeVersion="${SQ_VERSION}" -Dmaven.test.redirectTestOutputToFile=false verify + + windows-qa: + needs: build + runs-on: github-windows-latest-s + name: Windows QA + permissions: + id-token: write + contents: read + strategy: + fail-fast: false + matrix: + sq_version: + - LATEST_RELEASE[9.9] + - LATEST_RELEASE + - DEV + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + with: + version: 2025.7.12 + + - uses: SonarSource/ci-github-actions/config-maven@v1 + with: + artifactory-reader-role: private-reader + cache-paths: | + ~/.m2/repository + + - name: Run Integration Tests + shell: bash + env: + SQ_VERSION: ${{ matrix.sq_version }} + run: | + cd it + mvn -B -e -Dsonar.runtimeVersion="${SQ_VERSION}" -Dmaven.test.redirectTestOutputToFile=false verify + + promote: + needs: + - linux-qa + - windows-qa + runs-on: github-ubuntu-latest-s + name: Promote + permissions: + id-token: write + contents: write + steps: + - uses: SonarSource/ci-github-actions/promote@v1 + with: + promote-pull-request: true diff --git a/.github/workflows/pr_cleanup.yml b/.github/workflows/pr_cleanup.yml new file mode 100644 index 00000000..b074bc62 --- /dev/null +++ b/.github/workflows/pr_cleanup.yml @@ -0,0 +1,11 @@ +name: Cleanup PR Resources +on: + pull_request: + types: [ closed ] +jobs: + cleanup: + runs-on: sonar-xs + permissions: + actions: write + steps: + - uses: SonarSource/ci-github-actions/pr_cleanup@v1 diff --git a/mise.toml b/mise.toml new file mode 100644 index 00000000..2d3469f1 --- /dev/null +++ b/mise.toml @@ -0,0 +1,4 @@ +[tools] +java = "17.0" +maven = "3.9" +node = "18.17.0"