Skip to content

SONAR-27255 Align GitHub Actions migration for branch 2025.4 #867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hatem-amairi-sonarsource wants to merge 2 commits into
base: release/2025.4
Choose a base branch
from
Open

SONAR-27255 Align GitHub Actions migration for branch 2025.4 #867

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
389cf20
SONAR-27255 Align GitHub Actions migration for branch 2025.4
hatem-amairi-sonarsource Mar 10, 2026
14e78cf
Remove schedules
carminevassallo Mar 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
212 changes: 0 additions & 212 deletions .cirrus/tasks.yml
View file
Open in desktop

This file was deleted.

3 changes: 0 additions & 3 deletions .github/github_env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@

versions:
current: "2025.4.4"
previous_lta: "9.9.9"
community_build: "25.9.0.112764"

images:
staging: "sonarsource/sonarqube"
Expand All @@ -17,4 +15,3 @@ registries:
products:
gcp_public_name: "official-sonarqube-data-center-edition"
gcp_staging_name: "sonarqube-dce-staging"

36 changes: 36 additions & 0 deletions .github/trivy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Trivy Configuration File
# Reference: https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/

# Scan settings
scan:
# Skip scanning of specific directories
skip-dirs:
- "node_modules"
- "vendor"
- ".git"

# Vulnerability settings
vulnerability:
# Types of vulnerabilities to detect
type:
- os # Only scan OS packages (excludes application libraries like JAR, npm, etc.)

# Report settings
report:
# Format of the output
format: table

# Severity levels to report
severity:
- CRITICAL
- HIGH
- MEDIUM
- LOW

# Database settings
db:
# Skip database update (useful for offline environments)
skip-update: false

# Timeout settings
timeout: 10m
10 changes: 5 additions & 5 deletions .github/workflows/PullRequestClosed.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ on:
types: [closed]

jobs:
PullRequestMerged_job:
name: Pull Request Merged
runs-on: ubuntu-latest-large
PullRequestClosed_job:
name: Pull Request Closed
runs-on: github-ubuntu-latest-s
permissions:
id-token: write
pull-requests: read
Expand All @@ -16,12 +16,12 @@ jobs:
github.event.pull_request.head.repo.full_name == github.repository
steps:
- id: secrets
uses: SonarSource/vault-action-wrapper@v3
uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # v3.2.0
with:
secrets: |
development/kv/data/jira user | JIRA_USER;
development/kv/data/jira token | JIRA_TOKEN;
- uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@v2
- uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@02f0a8d3280a05b9d2c5ee3b8407cec1b0158ce6 # v2
with:
github-token: ${{secrets.GITHUB_TOKEN}}
jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
Expand Down
30 changes: 0 additions & 30 deletions .github/workflows/PullRequestCreated.yml
View file
Open in desktop

This file was deleted.

6 changes: 3 additions & 3 deletions .github/workflows/RequestReview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,21 @@ on:
jobs:
RequestReview_job:
name: Request review
runs-on: ubuntu-latest-large
runs-on: github-ubuntu-latest-s
permissions:
id-token: write
# For external PR, ticket should be moved manually
if: |
github.event.pull_request.head.repo.full_name == github.repository
steps:
- id: secrets
uses: SonarSource/vault-action-wrapper@v3
uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # v3.2.0
with:
secrets: |
development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN;
development/kv/data/jira user | JIRA_USER;
development/kv/data/jira token | JIRA_TOKEN;
- uses: sonarsource/gh-action-lt-backlog/RequestReview@v2
- uses: sonarsource/gh-action-lt-backlog/RequestReview@02f0a8d3280a05b9d2c5ee3b8407cec1b0158ce6 # v2
with:
github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/SubmitReview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:
jobs:
SubmitReview_job:
name: Submit Review
runs-on: ubuntu-latest-large
runs-on: github-ubuntu-latest-s
permissions:
id-token: write
pull-requests: read
Expand All @@ -18,12 +18,12 @@ jobs:
|| github.event.review.state == 'approved')
steps:
- id: secrets
uses: SonarSource/vault-action-wrapper@v3
uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # v3.2.0
with:
secrets: |
development/kv/data/jira user | JIRA_USER;
development/kv/data/jira token | JIRA_TOKEN;
- uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2
- uses: sonarsource/gh-action-lt-backlog/SubmitReview@02f0a8d3280a05b9d2c5ee3b8407cec1b0158ce6 # v2
with:
github-token: ${{secrets.GITHUB_TOKEN}}
jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
Expand Down
Loading
Loading