SONAR-27255 Align GitHub Actions migration for branch 2025.4#867
SONAR-27255 Align GitHub Actions migration for branch 2025.4#867hatem-amairi-sonarsource wants to merge 2 commits intorelease/2025.4from
Conversation
hatem-amairi-sonarsource
force-pushed
the
ha/SONAR-27255-backport-github-actions-2025.4
branch
from
874afd9 to
25c8679
Compare
hatem-amairi-sonarsource
changed the title
hatem-amairi-sonarsource
changed the title
hatem-amairi-sonarsource
force-pushed
the
ha/SONAR-27255-backport-github-actions-2025.4
branch
from
25c8679 to
389cf20
Compare
|
carminevassallo
left a comment
carminevassallo
left a comment
There was a problem hiding this comment.
This looks good to me!! There is just one thing to edit on this PR. We have a few scheduled workflows that will never run on a scheduled branch (I realized we did a similar mistake on release/2025). Let's remove them to avoid confusion and maybe open a new separate PR on master for triggering a nightly job on the maintenance branches.
|
![sonar-review-alpha[bot]](https://avatars.githubusercontent.com/in/3025063?s=60&v=4){kind=small}
There was a problem hiding this comment.
Conclusion
Solid migration overall — actions pinned to SHAs, runner labels updated, scripts moved to the right location — but there are two functional bugs that need fixing before merge: dead schedule conditions that silently prevent Cloud EU/US scans and IRIS analysis from ever running automatically, and a wrong version comment that suggests a copy-paste from an older workflow.
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).sq_next_token }} | ||
| SONAR_HOST_URL: https://next.sonarqube.com/sonarqube/ | ||
| - name: SonarQube Cloud EU Scan | ||
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' |
There was a problem hiding this comment.
The schedule branch of this condition is dead code — sonarqube-scan.yml has no schedule: trigger (the commit that introduced this file removed schedules). As written, the Cloud EU Scan, Cloud US Scan, and IRIS Analysis steps will never run automatically; they can only be triggered via workflow_dispatch. If nightly scans are required, add a schedule: trigger back. If they're intentionally manual-only, remove github.event_name == 'schedule' || from all three step conditions to avoid confusion.
- Mark as noise
| gcp-build-production-app: | ||
| needs: load-config | ||
| if: | | ||
| github.event_name == 'schedule' || |
There was a problem hiding this comment.
Same dead-code issue: github.event_name == 'schedule' appears in both production GCP job conditions but release.yml has no schedule: trigger. The jobs still fire correctly on release and workflow_dispatch, so this is harmless at runtime, but it's misleading and should be removed.
- Mark as noise
| pull-requests: read | ||
| contents: read | ||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 |
There was a problem hiding this comment.
The version comment here says # v4.3.1 but every other workflow in this PR pins the same SHA (34e114876b0b11c390a56381ad16ebd13914f8d5) with the comment # v6.0.2. One of the two is wrong. Fix the comment to match the other files (i.e. # v6.0.2).
- Mark as noise
2 participants
Align the GitHub Actions migration for branch
release/2025.4to the migration done on branchrelease/2025.1.Based on 28b3f2c