SONARJAVA-5858 Migrate Autoscan Task from Cirrus to GitHub actions (#5348)

tomasz-tylenda-sonarsource · leonardo-pilastri-sonarsource · commit b90186d1c7df · 2025-12-08T10:18:24.000+01:00
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -253,6 +253,7 @@ ruling_win_task:
     - mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true
   cleanup_before_cache_script: cleanup_maven_repository
 
+# Migrated to GHA.
 autoscan_task:
   depends_on:
     - build
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -176,3 +176,57 @@ jobs:
             "-Dlicense.missingFile=${PWD}/missing-dep-licenses.properties" \
             -DuseMissingFile \
             "-Dlicense.overrideUrl=file://${PWD}/override-dep-licenses.properties"
+
+  autoscan:
+    name: Autoscan Tests
+    needs:
+      - build
+    if: ${{ needs.build.outputs.deployed }}
+    runs-on: github-ubuntu-latest-m
+    permissions:
+      id-token: write
+      contents: write
+    env:
+      BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      # For now, the autoscan job need to execute two mvn commands:
+      #   * The build of java-checks-test-sources module which requires Java 24.
+      #   * The tests using Orchestrator and SonarQube that, for now, fail to work using Java 24
+      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
+        with:
+          version: 2025.7.12
+      - uses: SonarSource/vault-action-wrapper@v3
+        id: secrets
+        with:
+          secrets: |
+            development/kv/data/next url | SONAR_HOST_URL;
+            development/kv/data/next token | SONAR_TOKEN;
+            development/github/token/licenses-ro token | GITHUB_TOKEN;
+      - name: Compile Test Sources
+        env:
+          SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
+          SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
+        working-directory: java-checks-test-sources
+        run: |
+          mvn clean compile test-compile --batch-mode
+      - name: Select Java 17
+        run: mise use java@17
+      - uses: SonarSource/ci-github-actions/config-maven@v1
+        with:
+          deploy: false
+          artifactory-reader-role: private-reader
+          artifactory-deployer-role: qa-deployer
+      - name: Run autoscan tests
+        env:
+          SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }}
+          SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
+        working-directory: its/autoscan
+        run: >
+          mvn clean package --batch-mode --errors --show-version
+          --activate-profiles it-autoscan
+          -Dsonar.runtimeVersion=LATEST_RELEASE
+          -Dmaven.test.redirectTestOutputToFile=false
+          -Dparallel=methods
+          -DuseUnlimitedThreads=true
