Build #193
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - branch-* | |
| - dogfood-* | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "15 1 * * *" # Run daily at 01:15 AM UTC | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| quick-build-deploy: | |
| runs-on: github-ubuntu-latest-s # Public repo uses custom GitHub-hosted runners | |
| name: Build + UTs + Deploy | |
| permissions: &write_permissions | |
| id-token: write # Required for Vault OIDC authentication | |
| contents: write # Required for repository access and tagging | |
| outputs: | |
| build-number: ${{ steps.build-maven.outputs.BUILD_NUMBER }} | |
| deployed: ${{ steps.build-maven.outputs.deployed }} | |
| steps: | |
| - &checkout | |
| name: Checkout source code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - &mise | |
| uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/ci-github-actions/build-maven@v1 | |
| id: build-maven | |
| with: | |
| deploy-pull-request: true | |
| artifactory-reader-role: private-reader # Override default public-reader | |
| artifactory-deployer-role: qa-deployer # Override default public-deployer | |
| sonar-platform: none | |
| maven-args: -Dinvoker.skip=true | |
| scan: | |
| needs: | |
| - quick-build-deploy | |
| runs-on: github-ubuntu-latest-s # Public repo uses custom GitHub-hosted runners | |
| name: SQ Analysis | |
| permissions: &read_permissions | |
| id-token: write # Required for Vault OIDC authentication | |
| contents: read | |
| env: | |
| BUILD_NUMBER: ${{ needs.quick-build-deploy.outputs.build-number }} | |
| steps: | |
| - *checkout | |
| - *mise | |
| - name: Cache Sonar Scanner artifacts | |
| id: sonar-scanner-cache | |
| uses: SonarSource/ci-github-actions/cache@v1 | |
| with: | |
| path: ~/.sonar/cache | |
| key: sonar-scanner-${{ runner.os }} | |
| - uses: SonarSource/ci-github-actions/build-maven@v1 | |
| with: | |
| deploy: false | |
| artifactory-reader-role: private-reader # Override default public-reader | |
| artifactory-deployer-role: qa-deployer # Override default public-deployer | |
| invoker-integration-tests: | |
| needs: | |
| - quick-build-deploy | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| item: | |
| - {maven_version: 4.0.0-rc-5} | |
| - {maven_version: 3.9.11} | |
| - {maven_version: 3.8.9} | |
| - {maven_version: 3.6.3} | |
| - {maven_version: 3.5.4} | |
| - {maven_version: 3.3.9} | |
| - {maven_version: 3.2.5} | |
| runs-on: github-ubuntu-latest-s | |
| name: Invoker Integration Tests | |
| permissions: *read_permissions | |
| env: | |
| BUILD_NUMBER: ${{ needs.quick-build-deploy.outputs.build-number }} | |
| steps: | |
| - *checkout | |
| - *mise | |
| - &download_maven_matrix | |
| name: Download maven ${{ matrix.item.maven_version }} | |
| id: download_maven | |
| env: | |
| MAVEN_VERSION: ${{ matrix.item.maven_version }} | |
| run: | | |
| MAVEN_HOME_IT="${GITHUB_WORKSPACE}/target/downloaded-maven-${MAVEN_VERSION}" | |
| mkdir -p "${MAVEN_HOME_IT}" | |
| MAVEN_BINARY_URL="https://repo1.maven.org/maven2/org/apache/maven/apache-maven/${MAVEN_VERSION}/apache-maven-${MAVEN_VERSION}-bin.tar.gz" | |
| curl -sSL "${MAVEN_BINARY_URL}" | tar zx --strip-components 1 -C "${MAVEN_HOME_IT}" | |
| echo "maven_it_path=$MAVEN_HOME_IT" >> $GITHUB_OUTPUT | |
| - name: Configure Maven | |
| uses: SonarSource/ci-github-actions/config-maven@v1 | |
| with: | |
| artifactory-reader-role: private-reader | |
| - name: Run Invoker Integration Tests | |
| run: > | |
| mvn verify -DskipTests -Dinvoker.mavenHome="${{ steps.download_maven.outputs.maven_it_path }}" | |
| e2e-tests: | |
| needs: | |
| - quick-build-deploy | |
| if: ${{ needs.quick-build-deploy.outputs.deployed }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| item: | |
| - {sq_version: "DEV", maven_version: 4.0.0-rc-5} | |
| - {sq_version: "LATEST_RELEASE", maven_version: 3.9.11} | |
| - {sq_version: "LATEST_RELEASE[2025.1]", maven_version: 3.8.9} | |
| - {sq_version: "LATEST_RELEASE[9.9]", maven_version: 3.2.5} | |
| runs-on: github-ubuntu-latest-s | |
| name: E2E Tests | |
| permissions: *read_permissions | |
| env: | |
| BUILD_NUMBER: ${{ needs.quick-build-deploy.outputs.build-number }} | |
| steps: | |
| - *checkout | |
| - *mise | |
| - *download_maven_matrix | |
| - name: Configure Maven | |
| uses: SonarSource/ci-github-actions/config-maven@v1 | |
| with: | |
| artifactory-reader-role: private-reader | |
| - name: Run Orchestrator E2E Tests | |
| env: | |
| # FIXME | |
| SQ_VERSION: LATEST_RELEASE | |
| run: > | |
| mvn | |
| --projects '!sonar-maven-plugin' | |
| --activate-profiles e2e | |
| -Dsonar.runtimeVersion="${SQ_VERSION}" | |
| -Dmaven.home="${{ steps.download_maven.outputs.maven_it_path }}" | |
| verify | |
| promote: | |
| needs: | |
| - invoker-integration-tests | |
| - e2e-tests | |
| - scan | |
| if: ${{ needs.quick-build-deploy.outputs.deployed }} | |
| runs-on: github-ubuntu-latest-s # Public repo uses custom GitHub-hosted runners | |
| name: Promote | |
| permissions: *write_permissions | |
| env: | |
| BUILD_NUMBER: ${{ needs.quick-build-deploy.outputs.build-number }} | |
| steps: | |
| - *checkout | |
| - *mise | |
| - uses: SonarSource/ci-github-actions/promote@v1 | |
| with: | |
| promote-pull-request: true |