SONARXML-256 Migrate Cirrus CI tasks to GitHub Actions #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: QA | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - branch-* | |
| - dogfood-* | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| plugin-qa: | |
| runs-on: github-ubuntu-latest-s # Custom GitHub-hosted runner for public repos | |
| name: Plugin QA (${{ matrix.sq_version }}) | |
| permissions: | |
| id-token: write # Required for Vault OIDC authentication | |
| contents: write # Required for repository access | |
| strategy: | |
| matrix: | |
| sq_version: [LATEST_RELEASE, DEV] | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.7.12 | |
| - name: Vault | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Plugin QA | |
| env: | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| run: | | |
| cd its/plugin | |
| mvn verify -Pit-plugin -Dsonar.runtimeVersion=${{ matrix.sq_version }} -Dmaven.test.redirectTestOutputToFile=false -B -e -V | |
| ruling: | |
| runs-on: github-ubuntu-latest-s # Custom GitHub-hosted runner for public repos | |
| name: Ruling Tests | |
| permissions: | |
| id-token: write # Required for Vault OIDC authentication | |
| contents: write # Required for repository access | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.7.12 | |
| - name: Vault | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Ruling Tests | |
| env: | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| run: | | |
| cd its/ruling | |
| mvn verify -Pit-ruling -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V | |
| ruling-windows: | |
| runs-on: github-windows-latest-s # Custom GitHub-hosted Windows runner | |
| name: Ruling Tests (Windows) | |
| permissions: | |
| id-token: write # Required for Vault OIDC authentication | |
| contents: write # Required for repository access | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.7.12 | |
| - name: Vault | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Ruling Tests (Windows) | |
| env: | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| run: mvn verify -Pit-ruling -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V |