diff --git a/.cirrus.yml b/.cirrus.yml index 5c88182b5..21d685fa3 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -116,7 +116,7 @@ ruling_task: ruling_script: - source cirrus-env QA - source set_maven_build_version $BUILD_NUMBER - - export SONAR_JAVA_VERSION="$(.cirrus/resolve-sonar-java-plugin-version.sh "${JAVA_PLUGIN_VERSION}")" + - export SONAR_JAVA_VERSION="$(.github/scripts/resolve-sonar-java-plugin-version.sh "${JAVA_PLUGIN_VERSION}")" - echo "Using SONAR_JAVA_VERSION=${SONAR_JAVA_VERSION}" - cd its/ruling - mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.java.version="$SONAR_JAVA_VERSION" -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true diff --git a/.cirrus/resolve-sonar-java-plugin-version.sh b/.github/scripts/resolve-sonar-java-plugin-version.sh similarity index 100% rename from .cirrus/resolve-sonar-java-plugin-version.sh rename to .github/scripts/resolve-sonar-java-plugin-version.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..dfdbae8be --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,117 @@ +name: Build +on: + push: + branches: + - master + - branch-* + - dogfood-* + pull_request: + workflow_dispatch: + schedule: + - cron: "30 1 * * *" # Run daily at 1:30 AM UTC + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + name: Build + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + outputs: + build-number: ${{ steps.build-maven.outputs.BUILD_NUMBER }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0 + with: + version: 2025.7.12 + - uses: SonarSource/ci-github-actions/build-maven@v1 + id: build-maven + with: + deploy-pull-request: true + artifactory-reader-role: private-reader # Override default public-reader + artifactory-deployer-role: qa-deployer # Override default public-deployer + + qa: + needs: [build] + runs-on: github-ubuntu-latest-l + if: github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') + permissions: + id-token: write + strategy: + fail-fast: false + matrix: + item: + - { name: "with Lastest SonarJava Plugin", profile: "without-sonarqube-project", java_plugin_version: "LATEST_MASTER" } + - { name: "for SonarQube Project Only", profile: "only-sonarqube-project", java_plugin_version: "LATEST_MASTER" } + - { name: "with Prod SonarJava Plugin", profile: "without-sonarqube-project", java_plugin_version: "POM_PROPERTY" } + name: "QA Tests ${{ matrix.item.name }}" + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + submodules: recursive + - uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0 + with: + working-directory: its/ruling + version: 2025.7.12 + - name: Get GitHub Token for QA Licenses + id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/github/token/licenses-ro token | GITHUB_TOKEN; + - name: Configure Maven + id: configure-maven + uses: SonarSource/ci-github-actions/config-maven@v1 + with: + artifactory-reader-role: private-reader # Override default public-reader + - name: Get Sonar Java plugin version + id: resolve-sonar-java-plugin-version + run: | + VERSION=$(.github/scripts/resolve-sonar-java-plugin-version.sh "${{ matrix.item.java_plugin_version }}") + echo "version=${VERSION}" >> $GITHUB_OUTPUT + - name: Run QA Tests + working-directory: its/ruling + env: + GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} + BUILD_NUMBER: ${{ needs.build.outputs.build-number }} + MAVEN_OPTS: "-Xmx3g" + SONAR_JAVA_VERSION: ${{ steps.resolve-sonar-java-plugin-version.outputs.version }} + run: | + mvn package --batch-mode \ + "-Pit-ruling,${{ matrix.item.profile }}" \ + "-Dsonar.java.version=${SONAR_JAVA_VERSION}" \ + "-Dorchestrator.artifactory.accessToken=${ARTIFACTORY_ACCESS_TOKEN}" \ + "-Dsonar.runtimeVersion=LATEST_RELEASE" \ + "-Dmaven.test.redirectTestOutputToFile=false" \ + "-DbuildNumber=${BUILD_NUMBER}" \ + -B -e -V \ + "-Dparallel=methods" \ + "-DuseUnlimitedThreads=true" + - name: Upload ruling artifacts on failure + if: failure() + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.5.0 + with: + name: ruling-actual-${{ matrix.item.profile }}-${{ matrix.item.java_plugin_version }} + path: its/ruling/target/actual/**/* + + promote: + name: Promote + needs: [build, qa] + runs-on: github-ubuntu-latest-s + if: github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') + permissions: + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0 + with: + cache_save: false + version: 2025.7.12 + - name: Promote artifacts + uses: SonarSource/ci-github-actions/promote@v1 \ No newline at end of file diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml new file mode 100644 index 000000000..65c756fc6 --- /dev/null +++ b/.github/workflows/pr-cleanup.yml @@ -0,0 +1,13 @@ +name: Cleanup PR Resources +on: + pull_request: + types: + - closed + +jobs: + cleanup: + runs-on: github-ubuntu-latest-s + permissions: + actions: write + steps: + - uses: SonarSource/ci-github-actions/pr_cleanup@v1 diff --git a/its/ruling/mise.toml b/its/ruling/mise.toml new file mode 100644 index 000000000..5a685377c --- /dev/null +++ b/its/ruling/mise.toml @@ -0,0 +1,2 @@ +[tools] +java = "17.0" \ No newline at end of file diff --git a/mise.toml b/mise.toml new file mode 100644 index 000000000..9a5dc67a1 --- /dev/null +++ b/mise.toml @@ -0,0 +1,3 @@ +[tools] +java = "23" +maven = "3.9"