1+ name : Build
2+ on :
3+ push :
4+ branches :
5+ - master
6+ - branch-*
7+ - dogfood-*
8+ pull_request :
9+ workflow_dispatch :
10+ schedule :
11+ - cron : " 30 1 * * *" # Run daily at 1:30 AM UTC
12+
13+ concurrency :
14+ group : ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
15+ cancel-in-progress : true
16+
17+ jobs :
18+ build :
19+ name : Build
20+ runs-on : github-ubuntu-latest-s
21+ permissions :
22+ id-token : write
23+ contents : write
24+ outputs :
25+ build-number : ${{ steps.build-maven.outputs.BUILD_NUMBER }}
26+ steps :
27+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
28+ - uses : jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0
29+ with :
30+ version : 2025.7.12
31+ - uses : SonarSource/ci-github-actions/build-maven@v1
32+ id : build-maven
33+ with :
34+ deploy-pull-request : true
35+ artifactory-reader-role : private-reader # Override default public-reader
36+ artifactory-deployer-role : qa-deployer # Override default public-deployer
37+
38+ qa :
39+ needs : [build]
40+ runs-on : github-ubuntu-latest-l
41+ if : github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')
42+ permissions :
43+ id-token : write
44+ strategy :
45+ fail-fast : false
46+ matrix :
47+ item :
48+ - { name: "with Lastest SonarJava Plugin", profile: "without-sonarqube-project", java_plugin_version: "LATEST_MASTER" }
49+ - { name: "for SonarQube Project Only", profile: "only-sonarqube-project", java_plugin_version: "LATEST_MASTER" }
50+ - { name: "with Prod SonarJava Plugin", profile: "without-sonarqube-project", java_plugin_version: "POM_PROPERTY" }
51+ name : " QA Tests ${{ matrix.item.name }}"
52+ steps :
53+ - name : Checkout repository
54+ uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
55+ with :
56+ submodules : recursive
57+ - uses : jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0
58+ with :
59+ working-directory : its/ruling
60+ version : 2025.7.12
61+ - name : Get GitHub Token for QA Licenses
62+ id : secrets
63+ uses : SonarSource/vault-action-wrapper@v3
64+ with :
65+ secrets : |
66+ development/github/token/licenses-ro token | GITHUB_TOKEN;
67+ name : Configure Maven
68+ id : configure-maven
69+ uses : SonarSource/ci-github-actions/config-maven@v1
70+ with :
71+ artifactory-reader-role : private-reader # Override default public-reader
72+ - name : Get Sonar Java plugin version
73+ id : resolve-sonar-java-plugin-version
74+ run : |
75+ VERSION=$(.github/scripts/resolve-sonar-java-plugin-version.sh "${{ matrix.item.java_plugin_version }}")
76+ echo "version=${VERSION}" >> $GITHUB_OUTPUT
77+ name : Run QA Tests
78+ working-directory : its/ruling
79+ env :
80+ GITHUB_TOKEN : ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
81+ BUILD_NUMBER : ${{ needs.build.outputs.build-number }}
82+ MAVEN_OPTS : " -Xmx3g"
83+ SONAR_JAVA_VERSION : ${{ steps.resolve-sonar-java-plugin-version.outputs.version }}
84+ run : |
85+ mvn package --batch-mode \
86+ "-Pit-ruling,${{ matrix.item.profile }}" \
87+ "-Dsonar.java.version=${SONAR_JAVA_VERSION}" \
88+ "-Dorchestrator.artifactory.accessToken=${ARTIFACTORY_ACCESS_TOKEN}" \
89+ "-Dsonar.runtimeVersion=LATEST_RELEASE" \
90+ "-Dmaven.test.redirectTestOutputToFile=false" \
91+ "-DbuildNumber=${BUILD_NUMBER}" \
92+ -B -e -V \
93+ "-Dparallel=methods" \
94+ "-DuseUnlimitedThreads=true"
95+ name : Upload ruling artifacts on failure
96+ if : failure()
97+ uses : actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.5.0
98+ with :
99+ name : ruling-actual-${{ matrix.item.profile }}-${{ matrix.item.java_plugin_version }}
100+ path : its/ruling/target/actual/**/*
101+
102+ promote :
103+ name : Promote
104+ needs : [build, qa]
105+ runs-on : github-ubuntu-latest-s
106+ if : github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')
107+ permissions :
108+ id-token : write
109+ steps :
110+ - name : Checkout repository
111+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
112+ - uses : jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd # v3.2.0
113+ with :
114+ cache_save : false
115+ version : 2025.7.12
116+ - name : Promote artifacts
117+ uses : SonarSource/ci-github-actions/promote@v1
0 commit comments