From d3628f62c0f797e4c88c9ff661338636ae011ab1 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Mon, 22 Sep 2025 15:45:05 +0200 Subject: [PATCH 1/9] BUILD-8389 Migrate from Cirrus CI to GitHub Actions --- .github/workflows/build.yml | 47 ++++++++++++++++++++++++++++++++ .github/workflows/pr-cleanup.yml | 11 ++++++++ mise.toml | 3 ++ 3 files changed, 61 insertions(+) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/pr-cleanup.yml create mode 100644 mise.toml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..4e5ccfe6 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,47 @@ +name: Build +on: + push: + branches: + - master + - branch-* + - dogfood-* + pull_request: + merge_group: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + runs-on: github-ubuntu-latest-s # Public repo with auth actions + name: Build + permissions: + id-token: write # Required for Vault OIDC authentication + contents: write # Required for repository access and tagging + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 + with: + version: 2025.7.12 + - uses: SonarSource/ci-github-actions/build-maven@v1 + with: + deploy-pull-request: true + + promote: + needs: [build] + runs-on: github-ubuntu-latest-s # Public repo with auth actions + name: Promote + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 + with: + cache_save: false + version: 2025.7.12 + - uses: SonarSource/ci-github-actions/promote@v1 + with: + promote-pull-request: true diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml new file mode 100644 index 00000000..a05b2e50 --- /dev/null +++ b/.github/workflows/pr-cleanup.yml @@ -0,0 +1,11 @@ +name: Cleanup PR Resources +on: + pull_request: + types: [closed] +jobs: + cleanup: + runs-on: github-ubuntu-latest-s + permissions: + actions: write + steps: + - uses: SonarSource/ci-github-actions/pr_cleanup@v1 diff --git a/mise.toml b/mise.toml new file mode 100644 index 00000000..84c0deee --- /dev/null +++ b/mise.toml @@ -0,0 +1,3 @@ +[tools] +java = "17.0" +maven = "3.9" From af15c0f207208d65f20d380eca62dcf1c4cc06f2 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Mon, 22 Sep 2025 17:03:56 +0200 Subject: [PATCH 2/9] Update conf --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4e5ccfe6..dbb4a743 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,6 +28,8 @@ jobs: - uses: SonarSource/ci-github-actions/build-maven@v1 with: deploy-pull-request: true + artifactory-reader-role: private-reader + artifactory-deployer-role: qa-deployer promote: needs: [build] From bb535d92297128df0b1f357619ef96e23f488745 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Mon, 22 Sep 2025 17:04:55 +0200 Subject: [PATCH 3/9] Remove Cirrus CI files --- .cirrus.star | 4 ---- .cirrus.yml | 49 ------------------------------------------------- 2 files changed, 53 deletions(-) delete mode 100644 .cirrus.star delete mode 100644 .cirrus.yml diff --git a/.cirrus.star b/.cirrus.star deleted file mode 100644 index 9f91e154..00000000 --- a/.cirrus.star +++ /dev/null @@ -1,4 +0,0 @@ -load("github.com/SonarSource/cirrus-modules@v3", "load_features") - -def main(ctx): - return load_features(ctx) diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 013ddb1f..00000000 --- a/.cirrus.yml +++ /dev/null @@ -1,49 +0,0 @@ -env: - CIRRUS_CLONE_DEPTH: 20 - ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url] - ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader - ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] - ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer - ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token] - #Possible values for ARTIFACTORY_DEPLOY_REPO: sonarsource-private-qa, sonarsource-public-qa - ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa - # Use bash (instead of sh on linux or cmd.exe on windows) - CIRRUS_SHELL: bash - -container_definition: &CONTAINER_DEFINITION - image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest - cluster_name: ${CIRRUS_CLUSTER_NAME} - region: eu-central-1 - namespace: default - -only_sonarsource_qa: &ONLY_SONARSOURCE_QA - only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*") - -build_task: - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_DEFINITION - cpu: 2 - memory: 2G - env: - # analysis on next - SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_HOST_URL: https://next.sonarqube.com/sonarqube - #allow deployment of pull request artifacts to repox - DEPLOY_PULL_REQUEST: true - build_script: - - source cirrus-env BUILD - - regular_mvn_build_deploy_analyze - -promote_task: - depends_on: - - build - <<: *ONLY_SONARSOURCE_QA - eks_container: - <<: *CONTAINER_DEFINITION - cpu: 0.5 - memory: 500M - env: - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] - GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token] - script: cirrus_promote_maven From 713e4f910d2af0989dc362f5e4029f123d6d4c26 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Mon, 22 Sep 2025 17:14:09 +0200 Subject: [PATCH 4/9] nightly cron --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dbb4a743..4d594d64 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,6 +8,8 @@ on: pull_request: merge_group: workflow_dispatch: + schedule: + - cron: '0 1 * * *' # nightly build at 1AM UTC concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} From aca6fab5292e238c2b9a4bdee76e5735595990a9 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Mon, 29 Sep 2025 14:26:46 +0200 Subject: [PATCH 5/9] simplify --- .github/workflows/build.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4d594d64..006e862c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,20 +32,6 @@ jobs: deploy-pull-request: true artifactory-reader-role: private-reader artifactory-deployer-role: qa-deployer - - promote: - needs: [build] - runs-on: github-ubuntu-latest-s # Public repo with auth actions - name: Promote - permissions: - id-token: write - contents: write - steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 - with: - cache_save: false - version: 2025.7.12 - uses: SonarSource/ci-github-actions/promote@v1 with: promote-pull-request: true From 1cc21e6fdaa4a62866e6fddbf4eb20abea4c3ae2 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Mon, 29 Sep 2025 14:50:45 +0200 Subject: [PATCH 6/9] add name --- .github/workflows/build.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 006e862c..bb8c267f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,11 +27,13 @@ jobs: - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 with: version: 2025.7.12 - - uses: SonarSource/ci-github-actions/build-maven@v1 + - name: Build + uses: SonarSource/ci-github-actions/build-maven@v1 with: deploy-pull-request: true artifactory-reader-role: private-reader artifactory-deployer-role: qa-deployer - - uses: SonarSource/ci-github-actions/promote@v1 + - name: Promote + uses: SonarSource/ci-github-actions/promote@v1 with: promote-pull-request: true From 8cf2e0885468b49b5269b8fa1b7f0d0f7f3a4c02 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Wed, 1 Oct 2025 14:55:49 +0200 Subject: [PATCH 7/9] Revert "add name" This reverts commit 1cc21e6fdaa4a62866e6fddbf4eb20abea4c3ae2. --- .github/workflows/build.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bb8c267f..006e862c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,13 +27,11 @@ jobs: - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 with: version: 2025.7.12 - - name: Build - uses: SonarSource/ci-github-actions/build-maven@v1 + - uses: SonarSource/ci-github-actions/build-maven@v1 with: deploy-pull-request: true artifactory-reader-role: private-reader artifactory-deployer-role: qa-deployer - - name: Promote - uses: SonarSource/ci-github-actions/promote@v1 + - uses: SonarSource/ci-github-actions/promote@v1 with: promote-pull-request: true From a5927c7ce731590770bd083eb8198872b1224a06 Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Wed, 1 Oct 2025 14:56:05 +0200 Subject: [PATCH 8/9] Revert "simplify" This reverts commit aca6fab5292e238c2b9a4bdee76e5735595990a9. --- .github/workflows/build.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 006e862c..4d594d64 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,6 +32,20 @@ jobs: deploy-pull-request: true artifactory-reader-role: private-reader artifactory-deployer-role: qa-deployer + + promote: + needs: [build] + runs-on: github-ubuntu-latest-s # Public repo with auth actions + name: Promote + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 + with: + cache_save: false + version: 2025.7.12 - uses: SonarSource/ci-github-actions/promote@v1 with: promote-pull-request: true From f52316db2b1cbe42cd42d39592e8fc4fbe0fdb1d Mon Sep 17 00:00:00 2001 From: Massimo Paladin Date: Wed, 1 Oct 2025 17:34:53 +0200 Subject: [PATCH 9/9] remove useless --- .github/workflows/build.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4d594d64..e8c197b8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,11 +41,6 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 - with: - cache_save: false - version: 2025.7.12 - uses: SonarSource/ci-github-actions/promote@v1 with: promote-pull-request: true