SCANPY-197 setup shadow scans

.cirrus.yml

@@ -5,8 +5,6 @@ env:
   ARTIFACTORY_DEPLOY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
   ARTIFACTORY_DEPLOY_REPO: sonarsource-pypi-public-qa
   GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
-  SONAR_TOKEN: VAULT[development/kv/data/next data.token]
-  SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
   DEPLOY_PULL_REQUEST: 'true'
   POETRY_VIRTUALENVS_PATH: "~/.cache/poetry/venvs"
   POETRY_CACHE_DIR: "~/.cache/poetry/pypoetry"
@@ -158,12 +156,12 @@ documentation_task:
     - poetry run python tools/generate_cli_documentation.py
     - git diff --exit-code CLI_ARGS.md
 
-analysis_linux_task:
+analysis_base_linux_template: &ANALYSIS_BASE_LINUX_TEMPLATE
   <<: *LINUX_CONTAINER_DEFINITION
-  alias: analysis
-  name: "NEXT Analysis"
+  alias: analysis_base
+  name: "Analysis Base"
   <<: *POETRY_INSTALL
-  # For NEXT analysis we don't need to set the build versions, but we still need to access jfrog to recover the dependencies
+  # For analysis we don't need to set the build versions, but we still need to access jfrog to recover the dependencies
   analysis_script:
     - poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
     - poetry run mypy src/ > mypy-report.txt || true # mypy exits with 1 if there are errors
@@ -177,6 +175,30 @@ analysis_linux_task:
       format: junit
       type: text/xml
 
+analysis_next_task:
+  <<: *ANALYSIS_BASE_LINUX_TEMPLATE
+  alias: sonar_analysis_next
+  name: "NEXT Analysis"
+  env:
+    SONAR_TOKEN: VAULT[development/kv/data/next data.token]
+    SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
+
+analysis_SQC_EU_shadow_task:
+  <<: *ANALYSIS_BASE_LINUX_TEMPLATE
+  alias: sonar_analysis_shadow_sqc_eu
+  name: "SQC-EU Shadow Analysis"
+  env:
+    SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token]
+    SONAR_HOST_URL: https://sonarcloud.io
+
+analysis_SQC_US_shadow_task:
+  <<: *ANALYSIS_BASE_LINUX_TEMPLATE
+  alias: sonar_analysis_shadow_sqc_us
+  name: "SQC-US Shadow Analysis"
+  env:
+    SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token]
+    SONAR_HOST_URL: https://sonarqube.us
+
 qa_task:
   alias: qa
   matrix:
@@ -275,7 +297,9 @@ its_macos_task:
 promote_task:
   depends_on:
     - formatting
-    - analysis
+    - sonar_analysis_next
+    - sonar_analysis_shadow_sqc_eu
+    - sonar_analysis_shadow_sqc_us
     - qa
     - qa_windows
     - build

.cirrus/analysis.sh

@@ -1,9 +1,16 @@
 #!/bin/bash
 
 function run_analysis {
+  # deal with strange SonarQube configuration for the US region
+  SONAR_REGION=""
+  if [ "$SONAR_HOST_URL" == "https://sonarqube.us" ]; then
+    SONAR_REGION="-Dsonar.region=us"
+  fi
+
   # extra analysis parameters are set in the 'sonar-project.properties'
   pysonar \
   -Dsonar.host.url="$SONAR_HOST_URL" \
+  ${SONAR_REGION} \
   -Dsonar.token="$SONAR_TOKEN" \
   -Dsonar.analysis.buildNumber=$CI_BUILD_NUMBER \
   -Dsonar.analysis.pipeline="$PIPELINE_ID" \

sonar-project.properties

@@ -1,5 +1,6 @@
 sonar.projectKey=SonarSource_sonar-scanner-python
 sonar.projectName=Python Scanner
+sonar.organization=sonarsource
 sonar.python.version=3.9,3.10,3.11,3.12,3.13
 sonar.python.coverage.reportPaths=coverage.xml
 sonar.python.mypy.reportPaths=mypy-report.txt