SONARJAVA-5812 Use config-gradle action in QA (#67)

GabrielFleischer · web-flow · commit d2ee87852ab1 · 2025-11-11T11:49:37.000+01:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -23,25 +23,27 @@ jobs:
       id-token: write  # Required for Vault OIDC authentication
       contents: write  # Required for repository access and tagging
     outputs:
-      build-number: ${{ steps.build-gradle.outputs.BUILD_NUMBER }}
+      build-number: ${{ steps.build-step.outputs.BUILD_NUMBER }}
+      deployed: ${{ steps.build-step.outputs.deployed }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
         with:
           version: 2025.7.12
       - uses: SonarSource/ci-github-actions/build-gradle@v1
-        id: build-gradle
+        id: build-step
         with:
           deploy-pull-request: true
           artifactory-reader-role: private-reader    # Override for public repo using private access
           artifactory-deployer-role: qa-deployer     # Override for public repo using private access
 
   qa:
     needs: [build]
+    if: ${{ needs.build.outputs.deployed }}
     runs-on: github-ubuntu-latest-s  # Public repository runner
     permissions:
       id-token: write  # Required for Vault OIDC authentication
-      contents: write  # Required for repository access
+      contents: read  # Required for repository access
     strategy:
       fail-fast: false
       matrix:
@@ -51,61 +53,54 @@ jobs:
         item:
           - { suite: "plugin", sq_version: "DEV", submodules: false}
           - { suite: "plugin", sq_version: "LATEST_RELEASE", submodules: false}
-          - { suite: "ruling", sq_version: "LATEST_RELEASE", submodules: true}
+          - { suite: "ruling", sq_version: "LATEST_RELEASE" }
     name: "QA Tests [${{ matrix.item.suite }}] - SQ : ${{ matrix.item.sq_version }}"
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
-          submodules: ${{ matrix.item.submodules }}
+          submodules: ${{ matrix.item.suite == 'ruling' }}
       - name: Remove kotlin ITs as they are not relevant for ruling tests (and cause issues with wrapper validation)
-        if: ${{ matrix.item.submodules }}
+        if: ${{ matrix.item.suite == 'ruling' }}
         run: rm -r ./its/sources/kotlin
       - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
         with:
-          cache_save: false
           version: 2025.7.12
       - name: Get GitHub Token for QA Licenses
         id: secrets
         uses: SonarSource/vault-action-wrapper@v3
         with:
-          # TODO Remove artifactory token when build-gradle provides it
           secrets: |
             development/github/token/licenses-ro token | GITHUB_TOKEN;
             development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
       - name: Configure Gradle
-        uses: SonarSource/ci-github-actions/build-gradle@v1 # TODO When config-gradle is released, use it and remove the gradle-args below
+        uses: SonarSource/ci-github-actions/build-gradle@v1
         with:
           gradle-args: "-x build -x sonar -x artifactoryPublish"  # Skip everything to only configure Gradle and Artifactory access
-          artifactory-reader-role: private-reader    # Override for public repo using private access
-          artifactory-deployer-role: qa-deployer     # TODO Should not be needed for config-gradle
+          artifactory-reader-role: private-reader
+          artifactory-deployer-role: qa-deployer
       - name: Run QA Tests
         env:
           GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
           ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
           SUITE: ${{ matrix.item.suite }}
           SQ_VERSION: ${{ matrix.item.sq_version }}
-          BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
         run: |
           ./gradlew ":its:${SUITE}:test" --project-prop ${SUITE} \
             "-Dsonar.runtimeVersion=${SQ_VERSION}" \
             "-Dorchestrator.artifactory.accessToken=${ARTIFACTORY_ACCESS_TOKEN}" \
             "-DbuildNumber=${BUILD_NUMBER}" \
             --info --stacktrace --console plain --no-daemon --build-cache
   promote:
+    name: Promote
     needs:
       - build
       - qa
     runs-on: github-ubuntu-latest-s  # Public repository runner
-    name: Promote
+    if: ${{ needs.build.outputs.deployed }}
     permissions:
       id-token: write  # Required for Vault OIDC authentication
       contents: write  # Required for repository access and tagging
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
-        with:
-          cache_save: false
-          version: 2025.7.12
       - uses: SonarSource/ci-github-actions/promote@v1
         with:
           promote-pull-request: true  # Enable PR artifact promotion
diff --git a/build.gradle b/build.gradle
@@ -29,7 +29,7 @@ allprojects {
     ext {
         buildNumber = System.getProperty("buildNumber")
 
-        sonarLinksCi = 'https://cirrus-ci.com/github/SonarSource/sonar-scala'
+        sonarLinksCi = 'https://github.com/SonarSource/sonar-scala/actions/workflows/build.yml'
         sonarLinksScm = 'https://github.com/SonarSource/sonar-scala'
 
         artifactsToPublish = ''
