diff --git a/.cirrus.star b/.cirrus.star deleted file mode 100644 index 9f91e154..00000000 --- a/.cirrus.star +++ /dev/null @@ -1,4 +0,0 @@ -load("github.com/SonarSource/cirrus-modules@v3", "load_features") - -def main(ctx): - return load_features(ctx) diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 013ddb1f..00000000 --- a/.cirrus.yml +++ /dev/null @@ -1,49 +0,0 @@ -env: - CIRRUS_CLONE_DEPTH: 20 - ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url] - ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader - ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] - ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer - ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token] - #Possible values for ARTIFACTORY_DEPLOY_REPO: sonarsource-private-qa, sonarsource-public-qa - ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa - # Use bash (instead of sh on linux or cmd.exe on windows) - CIRRUS_SHELL: bash - -container_definition: &CONTAINER_DEFINITION - image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest - cluster_name: ${CIRRUS_CLUSTER_NAME} - region: eu-central-1 - namespace: default - -only_sonarsource_qa: &ONLY_SONARSOURCE_QA - only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*") - -build_task: - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_DEFINITION - cpu: 2 - memory: 2G - env: - # analysis on next - SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_HOST_URL: https://next.sonarqube.com/sonarqube - #allow deployment of pull request artifacts to repox - DEPLOY_PULL_REQUEST: true - build_script: - - source cirrus-env BUILD - - regular_mvn_build_deploy_analyze - -promote_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_DEFINITION - cpu: 0.5 - memory: 500M - env: - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] - GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token] - script: cirrus_promote_maven diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..e8c197b8 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,46 @@ +name: Build +on: + push: + branches: + - master + - branch-* + - dogfood-* + pull_request: + merge_group: + workflow_dispatch: + schedule: + - cron: '0 1 * * *' # nightly build at 1AM UTC + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + runs-on: github-ubuntu-latest-s # Public repo with auth actions + name: Build + permissions: + id-token: write # Required for Vault OIDC authentication + contents: write # Required for repository access and tagging + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 + with: + version: 2025.7.12 + - uses: SonarSource/ci-github-actions/build-maven@v1 + with: + deploy-pull-request: true + artifactory-reader-role: private-reader + artifactory-deployer-role: qa-deployer + + promote: + needs: [build] + runs-on: github-ubuntu-latest-s # Public repo with auth actions + name: Promote + permissions: + id-token: write + contents: write + steps: + - uses: SonarSource/ci-github-actions/promote@v1 + with: + promote-pull-request: true diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml new file mode 100644 index 00000000..a05b2e50 --- /dev/null +++ b/.github/workflows/pr-cleanup.yml @@ -0,0 +1,11 @@ +name: Cleanup PR Resources +on: + pull_request: + types: [closed] +jobs: + cleanup: + runs-on: github-ubuntu-latest-s + permissions: + actions: write + steps: + - uses: SonarSource/ci-github-actions/pr_cleanup@v1 diff --git a/mise.toml b/mise.toml new file mode 100644 index 00000000..84c0deee --- /dev/null +++ b/mise.toml @@ -0,0 +1,3 @@ +[tools] +java = "17.0" +maven = "3.9"