-
Notifications
You must be signed in to change notification settings - Fork 63
318 lines (309 loc) · 12.6 KB
/
build.yml
File metadata and controls
318 lines (309 loc) · 12.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
name: Build
on:
push:
branches:
- master
- branch-*
- dogfood-*
pull_request:
merge_group:
workflow_dispatch:
concurrency:
group: >-
${{ github.workflow }}-
${{ github.event.pull_request.base.ref || 'push' }}-
${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
CACHE_BACKEND: s3
jobs:
build-number:
outputs:
BUILD_NUMBER: ${{ steps.build-number.outputs.BUILD_NUMBER }}
runs-on: github-ubuntu-latest-m
name: Get build number
permissions:
id-token: write
steps:
- uses: SonarSource/ci-github-actions/get-build-number@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
id: build-number
build:
runs-on: github-ubuntu-latest-m
needs: build-number
name: Build
permissions:
id-token: write
contents: write
env:
BUILD_NUMBER: ${{ needs.build-number.outputs.BUILD_NUMBER }}
outputs:
build_number: ${{ steps.build.outputs.build_number }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.3.16
- uses: SonarSource/ci-github-actions/build-maven@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
id: build
with:
sonar-platform: none
deploy-pull-request: true
artifactory-reader-role: private-reader
artifactory-deployer-role: qa-deployer
maven-args: -T 1C -P dist-no-arch,dist-windows_x64,dist-linux_x64,dist-linux_aarch64,dist-macosx_x64,dist-macosx_aarch64 -Dmaven.test.skip=true -Dsonar.skip=true
- name: Config Maven (cache setup)
run: |
mvn -B -e -V -Pits dependency:go-offline # populate cache including ITs deps too
test-linux:
needs: [ build-number, build ]
runs-on: github-ubuntu-latest-m
name: Test (Linux, Sonar Next)
permissions:
id-token: write
contents: write
env:
BUILD_NUMBER: ${{ needs.build-number.outputs.BUILD_NUMBER }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.3.16
- name: Vault
id: secrets
uses: SonarSource/vault-action-wrapper@c154b4a417b51cb98dd71137f49bf20e77c56820 # 3.4.0
with:
secrets: |
development/kv/data/next url | NEXT_URL;
development/kv/data/next token | NEXT_TOKEN;
- name: Cache Sonar Scanner artifacts
id: sonar-scanner-cache
uses: SonarSource/ci-github-actions/cache@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
with:
path: ~/.sonar/cache
key: sonar-scanner-${{ runner.os }}
- uses: SonarSource/ci-github-actions/config-maven@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
id: config
with:
artifactory-reader-role: private-reader
- name: Run tests
env:
SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).NEXT_URL }}
SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).NEXT_TOKEN }}
PROJECT_VERSION: ${{ steps.config.outputs.project-version }}
SCANNER_VERSION: 5.1.0.4751
PULL_REQUEST: ${{ github.event.pull_request.number || '' }}
run: |
mvn -B -Pcoverage -Dcommercial verify
maven_goals=("org.sonarsource.scanner.maven:sonar-maven-plugin:${SCANNER_VERSION}:sonar")
sonar_props=("-Dsonar.host.url=${SONAR_HOST_URL}" "-Dsonar.token=${SONAR_TOKEN}")
sonar_props+=("-Dsonar.projectVersion=${CURRENT_VERSION}")
sonar_props+=("-Dsonar.coverage.jacoco.aggregateXmlReportPaths=${{ github.workspace }}/report-aggregate/target/site/jacoco-aggregate/jacoco.xml")
echo "Maven command: mvn ${maven_goals[*]} ${sonar_props[*]}"
mvn -B "${maven_goals[@]}" "${sonar_props[@]}"
- name: Generate test report on failure
if: failure()
uses: dorny/test-reporter@a43b3a5f7366b97d083190328d2c652e1a8b6aa2 # v3.0.0
with:
name: QA Linux Test Report
reporter: java-junit
path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml'
list-suites: failed
list-tests: failed
fail-on-empty: false
- name: Upload failure diagnostics
if: failure()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: linux-test-report
path: |
**/target/surefire-reports/**
**/target/failsafe-reports/**
test-windows:
needs: [ build-number, build ]
runs-on: github-windows-latest-m
name: Test (Windows)
permissions:
id-token: write
contents: write
env:
BUILD_NUMBER: ${{ needs.build-number.outputs.BUILD_NUMBER }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.3.16
- uses: SonarSource/ci-github-actions/config-maven@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
id: config
with:
artifactory-reader-role: private-reader
- name: Run tests
env:
MAVEN_OPTS: -Xmx4g
PROJECT_VERSION: ${{ steps.config.outputs.project-version }}
run: |
mvn -B -Dcommercial verify
- name: Generate test report on failure
if: failure()
uses: dorny/test-reporter@a43b3a5f7366b97d083190328d2c652e1a8b6aa2 # v3.0.0
with:
name: QA Windows Test Report
reporter: java-junit
path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml'
list-suites: failed
list-tests: failed
fail-on-empty: false
- name: Upload failure diagnostics
if: failure()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: windows-test-report
path: |
**/target/surefire-reports/**
**/target/failsafe-reports/**
qa:
needs: [ build-number, build ]
runs-on: github-ubuntu-latest-m
name: QA (${{ matrix.name }})
permissions:
id-token: write
contents: write
env:
BUILD_NUMBER: ${{ needs.build-number.outputs.BUILD_NUMBER }}
strategy:
fail-fast: false
matrix:
include:
- name: SonarCloudEU
sq_version: SonarCloudEU
category: "-Dgroups=SonarCloud"
sc: true
sc_token_path: sonarcloud-it
region: EU
- name: SonarCloudUS
sq_version: SonarCloudUS
category: "-Dgroups=SonarCloud"
sc: true
sc_token_path: sonarcloud-it-US
region: US
- name: SQDogfood
sq_version: DEV
category: "-DexcludedGroups=SonarCloud"
- name: SQLatest
sq_version: LATEST_RELEASE
category: "-DexcludedGroups=SonarCloud"
- name: SQLts99
sq_version: "LATEST_RELEASE[9.9]"
category: "-DexcludedGroups=SonarCloud"
customOrchestratorJavaVersion: 17
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.3.16
- name: Setup Java ${{ matrix.customOrchestratorJavaVersion }} for Orchestrator
if: matrix.customOrchestratorJavaVersion
run: |
mise install java@${{ matrix.customOrchestratorJavaVersion }}
echo "ORCHESTRATOR_JAVA_HOME=$(mise where java@${{ matrix.customOrchestratorJavaVersion }})" >> "$GITHUB_ENV"
- name: Compute month key
#Avoid caching for DEV since it is frequently changing
if: ${{ matrix.sc != true && matrix.sq_version != 'DEV' }}
id: month
shell: bash
run: |
THIS_MONTH="$(date +%Y-%m)"
echo "month=${THIS_MONTH}" >> "$GITHUB_OUTPUT"
ORCHESTRATOR_HOME="${GITHUB_WORKSPACE}/orchestrator/${THIS_MONTH}"
echo "ORCHESTRATOR_HOME=${ORCHESTRATOR_HOME}" >> "$GITHUB_ENV"
echo "Create dir ${ORCHESTRATOR_HOME} if needed"
mkdir -p "${ORCHESTRATOR_HOME}"
- uses: SonarSource/ci-github-actions/cache@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
if: ${{ matrix.sc != true && matrix.sq_version != 'DEV' }}
with:
path: ${{ github.workspace }}/orchestrator/${{ steps.month.outputs.month }}
key: cache-${{ runner.os }}-${{ steps.month.outputs.month }}-${{ matrix.name }} # Use matrix name to differentiate caches
- name: Vault (SonarCloud IT token)
if: ${{ matrix.sc == true }}
id: secrets-sc
uses: SonarSource/vault-action-wrapper@c154b4a417b51cb98dd71137f49bf20e77c56820 # 3.4.0
with:
secrets: |
development/team/sonarlint/kv/data/${{ matrix.sc_token_path }} token | SONARCLOUD_IT_TOKEN;
- name: Vault (GITHUB Token)
id: secrets-gh
uses: SonarSource/vault-action-wrapper@c154b4a417b51cb98dd71137f49bf20e77c56820 # 3.4.0
with:
secrets: |
development/github/token/licenses-ro token | GITHUB_TOKEN;
- uses: SonarSource/ci-github-actions/config-maven@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
with:
artifactory-reader-role: private-reader
- name: Run QA
if: ${{ github.event_name == 'pull_request' || github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, 'branch-') || startsWith(github.ref_name, 'dogfood-on-') }}
env:
MAVEN_OPTS: -Xmx4g
SONARCLOUD_IT_TOKEN: ${{ steps.secrets-sc.outputs.vault && fromJSON(steps.secrets-sc.outputs.vault).SONARCLOUD_IT_TOKEN || '' }}
SONARCLOUD_REGION: ${{ matrix.sc && matrix.region || '' }}
GITHUB_TOKEN: ${{ fromJSON(steps.secrets-gh.outputs.vault).GITHUB_TOKEN }}
SONAR_SEARCH_JAVAADDITIONALOPTS: -XX:-UseContainerSupport
SONAR_WEB_JAVAADDITIONALOPTS: -XX:-UseContainerSupport
SONAR_CE_JAVAADDITIONALOPTS: -XX:-UseContainerSupport
run: |
mvn -f its/pom.xml -Dsonar.runtimeVersion=${{ matrix.sq_version }} ${{ matrix.category }} verify surefire-report:report
- name: Generate QA test report on failure
if: failure()
uses: dorny/test-reporter@2dcf091ad558da2cabf16f6b423e02cd078c937a
with:
name: QA ${{ matrix.name }} Test Report
reporter: java-junit
path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml'
list-suites: failed
list-tests: failed
fail-on-empty: false
- name: Upload failure diagnostics
if: failure()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: qa-test-report ${{ matrix.name }}
path: |
**/target/surefire-reports/**
**/target/failsafe-reports/**
- name: debug
if: failure()
shell: bash
run: |
echo "=== Listing surefire-reports contents ==="
find ./its/tests/target/surefire-reports -type f || true
echo "=== Checking if directory is empty ==="
[ -d ./its/tests/target/surefire-reports ] && ls -la ./its/tests/target/surefire-reports/ || echo "Directory doesn't exist"
- name: Inspect Orchestrator Cache
if: always()
shell: bash
run: |
echo "=== Listing orchestrator cache contents ==="
CACHE_DIR="${{ github.workspace }}/orchestrator/${{ steps.month.outputs.month }}"
if [ -d "${CACHE_DIR}" ]; then
echo "Directory exists: ${CACHE_DIR}"
ls -lah "${CACHE_DIR}"
echo ""
echo "=== Detailed file tree ==="
find "${CACHE_DIR}" -type f -ls || true
else
echo "Directory does not exist: ${CACHE_DIR}"
fi
promote:
needs: [ build-number, build, qa, test-linux, test-windows ]
runs-on: github-ubuntu-latest-s
name: Promote
permissions:
id-token: write
contents: write
env:
BUILD_NUMBER: ${{ needs.build-number.outputs.BUILD_NUMBER }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: SonarSource/ci-github-actions/promote@d8400ed2a8b8019e4dfe43d612a7eb6280334968 # 1.3.29
with:
promote-pull-request: true