MCP-86 Migrate to GitHub Actions

Author: eray-felek-sonarsource

.github/workflows/build.yml

@@ -0,0 +1,55 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - master
+      - branch-*
+      - dogfood-*
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+
+# Workflow-level concurrency
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+# Required permissions for Vault OIDC and repo operations
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  build:
+    runs-on: github-ubuntu-latest-s  # Public repository runner
+    name: Build
+    steps:
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4
+        with:
+          version: 2025.7.12
+      - uses: SonarSource/ci-github-actions/build-gradle@v1
+        with:
+          deploy-pull-request: true
+          # Public repo + Cirrus used private-reader & qa-deployer → override roles
+          artifactory-reader-role: private-reader
+          artifactory-deployer-role: qa-deployer
+          # Cirrus used SonarCloud EU → set platform accordingly
+          sonar-platform: sqc-eu
+          # Additional Gradle tasks seen in Cirrus
+          gradle-args: ":cyclonedxBom jacocoTestReport"
+
+  promote:
+    needs: [build]
+    runs-on: github-ubuntu-latest-s  # Public repository runner
+    name: Promote
+    steps:
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4
+        with:
+          cache_save: false
+          version: 2025.7.12
+      - uses: SonarSource/ci-github-actions/promote@v1
+        with:
+          promote-pull-request: true

.github/workflows/pr-cleanup.yml

@@ -0,0 +1,13 @@
+name: Cleanup PR Resources
+
+on:
+  pull_request:
+    types: [ closed ]
+
+jobs:
+  cleanup:
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      actions: write
+    steps:
+      - uses: SonarSource/ci-github-actions/pr_cleanup@v1

.github/workflows/shadow_scans.yml

@@ -0,0 +1,34 @@
+name: Shadow scans
+on:
+  schedule:
+    # Run the workflow every day at 04:00 UTC
+    - cron: '0 4 * * *'
+  workflow_dispatch:
+
+jobs:
+  scan:
+    runs-on: github-ubuntu-latest-s
+    name: Scan on shadow platforms
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4
+        with:
+          version: 2025.7.12
+      - uses: SonarSource/ci-github-actions/build-gradle@master # dogfood
+        with:
+          run-shadow-scans: true
+          artifactory-reader-role: private-reader
+          artifactory-deployer-role: qa-deployer
+          gradle-args: ":cyclonedxBom jacocoTestReport"
+      - name: Run IRIS Analysis
+        uses: SonarSource/unified-dogfooding-actions/run-iris@v1
+        with:
+          primary_project_key: "SonarSource_sonarqube-mcp-server"
+          primary_platform: "SQC-EU"
+          shadow1_project_key: "SonarSource_sonarqube-mcp-server"
+          shadow1_platform: "Next"
+          shadow2_project_key: "SonarSource_sonarqube-mcp-server"
+          shadow2_platform: "SQC-US"

mise.toml

@@ -0,0 +1,3 @@
+[tools]
+java = "21.0"
+gradle = "8.13"

src/main/java/org/sonarsource/sonarqube/mcp/tools/analysis/ANewClass.java

@@ -0,0 +1,24 @@
+/*
+ * SonarQube MCP Server
+ * Copyright (C) 2025 SonarSource
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonarsource.sonarqube.mcp.tools.analysis;
+
+class ANewClass {
+  public String returnAString() {
+    // TODO: This should be detected by SQC
+    return "Hello, World!";
+  }
+}

src/test/java/org/sonarsource/sonarqube/mcp/tools/analysis/ANewClassTests.java

@@ -0,0 +1,31 @@
+/*
+ * SonarQube MCP Server
+ * Copyright (C) 2025 SonarSource
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonarsource.sonarqube.mcp.tools.analysis;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class ANewClassTests {
+
+  @Test
+  public void testReturnAString() {
+    ANewClass aNewClass = new ANewClass();
+    assertEquals("Hello, World!", aNewClass.returnAString());
+  }
+
+}