JAVASE-144 Bootstrap GHA for sonar-java-symbolic-execution (#40) #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - branch-* | |
| - dogfood-* | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "30 1 * * *" # Run daily at 1:30 AM UTC | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: github-ubuntu-latest-s | |
| permissions: | |
| id-token: write | |
| contents: write | |
| outputs: | |
| build-number: ${{ steps.build-maven.outputs.BUILD_NUMBER }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/ci-github-actions/build-maven@v1 | |
| id: build-maven | |
| with: | |
| deploy-pull-request: true | |
| artifactory-reader-role: private-reader # Override default public-reader | |
| artifactory-deployer-role: qa-deployer # Override default public-deployer | |
| qa: | |
| needs: [build] | |
| runs-on: github-ubuntu-latest-l | |
| if: github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') | |
| permissions: | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| item: | |
| - { name: "with Lastest SonarJava Plugin", profile: "without-sonarqube-project", java_plugin_version: "LATEST_MASTER" } | |
| - { name: "for SonarQube Project Only", profile: "only-sonarqube-project", java_plugin_version: "LATEST_MASTER" } | |
| - { name: "with Prod SonarJava Plugin", profile: "without-sonarqube-project", java_plugin_version: "POM_PROPERTY" } | |
| name: "QA Tests ${{ matrix.item.name }}" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| submodules: recursive | |
| - uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0 | |
| with: | |
| working-directory: its/ruling | |
| version: 2025.7.12 | |
| - name: Get GitHub Token for QA Licenses | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Configure Maven | |
| id: configure-maven | |
| uses: SonarSource/ci-github-actions/config-maven@v1 | |
| with: | |
| artifactory-reader-role: private-reader # Override default public-reader | |
| - name: Get Sonar Java plugin version | |
| id: resolve-sonar-java-plugin-version | |
| run: | | |
| VERSION=$(.github/scripts/resolve-sonar-java-plugin-version.sh "${{ matrix.item.java_plugin_version }}") | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| - name: Run QA Tests | |
| working-directory: its/ruling | |
| env: | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| MAVEN_OPTS: "-Xmx3g" | |
| SONAR_JAVA_VERSION: ${{ steps.resolve-sonar-java-plugin-version.outputs.version }} | |
| run: | | |
| mvn package --batch-mode \ | |
| "-Pit-ruling,${{ matrix.item.profile }}" \ | |
| "-Dsonar.java.version=${SONAR_JAVA_VERSION}" \ | |
| "-Dorchestrator.artifactory.accessToken=${ARTIFACTORY_ACCESS_TOKEN}" \ | |
| "-Dsonar.runtimeVersion=LATEST_RELEASE" \ | |
| "-Dmaven.test.redirectTestOutputToFile=false" \ | |
| "-DbuildNumber=${BUILD_NUMBER}" \ | |
| -B -e -V \ | |
| "-Dparallel=methods" \ | |
| "-DuseUnlimitedThreads=true" | |
| - name: Upload ruling artifacts on failure | |
| if: failure() | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.5.0 | |
| with: | |
| name: ruling-actual-${{ matrix.item.profile }}-${{ matrix.item.java_plugin_version }} | |
| path: its/ruling/target/actual/**/* | |
| promote: | |
| name: Promote | |
| needs: [build, qa] | |
| runs-on: github-ubuntu-latest-s | |
| if: github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0 | |
| with: | |
| cache_save: false | |
| version: 2025.7.12 | |
| - name: Promote artifacts | |
| uses: SonarSource/ci-github-actions/promote@v1 |