Skip to content

BUILD-10457 Include BUILD_NAME in promote check context for unique checks per build#217

Merged
tomverin merged 1 commit intomasterfrom
feat/promote-unique-check-context-per-build
Mar 12, 2026
Merged

BUILD-10457 Include BUILD_NAME in promote check context for unique checks per build#217
tomverin merged 1 commit intomasterfrom
feat/promote-unique-check-context-per-build

Conversation

@tomverin
Copy link
Contributor

@tomverin tomverin commented Feb 17, 2026
edited
Loading

Problem

When multiple promote jobs run in parallel (e.g. in a monorepo with consolidated matrix builds), they all write to the same GitHub commit status check. The check context was repox-${GITHUB_REF_NAME}, which is identical for all promote jobs in the same workflow run.

Consequences:

  • Only one promote result is visible — the last job to finish overwrites all others
  • The check description shows empty or wrong build info (e.g. "Latest promoted build of '' from branch 'refs/pull/64/merge'")
  • Downstream scripts that read promote checks (e.g. release workflows) cannot distinguish promoted artifacts per project
  • Developers cannot see which capabilities were promoted and their versions

Example: In sonarqube-unification, a consolidated workflow builds 6 capabilities in parallel (entitlements, organizations, template, unified-core, users, integration-bindings). Each runs the promote action with its own BUILD_NAME (e.g. sonarqube-unification-template, sonarqube-unification-entitlements). All 6 write to repox-64/merge and only one survives.

Solution

Make check_context a parameter of github_notify_promotion() and call it twice from promote():

  1. repox-${BUILD_NAME}-${GITHUB_REF_NAME} — unique context per build (e.g. repox-sonarqube-unification-template-64/merge)
  2. repox-${GITHUB_REF_NAME} — legacy context for backward compatibility (deprecated)

This way each parallel promote job creates its own distinct check, while the old check context is also written so that existing downstream scripts continue to work during a migration period.

Backward compatibility

  • Single-build repos: Both checks are written. Scripts matching repox or promote (e.g. sonarqube-unification's resolve.py) continue to work unchanged.
  • Multi-build monorepos: Each build gets its own unique check; no more overwrites. The legacy check still gets overwritten (expected — it's deprecated), but the unique checks are preserved.

Testing

  • All 31 shellspec tests pass
  • Shellcheck passes

Copilot AI review requested due to automatic review settings February 17, 2026 16:02
@tomverin tomverin requested a review from a team as a code owner February 17, 2026 16:02
@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title Include BUILD_NAME in promote check context for unique checks per build BUILD-10457 Include BUILD_NAME in promote check context for unique checks per build Feb 17, 2026
@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Feb 17, 2026
edited by atlassian bot
Loading

BUILD-10457

Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub commit status “context” used by promote.sh so parallel promote jobs don’t overwrite each other’s status check.

Changes:

  • Adds a computed checkContext variable that includes BUILD_NAME
  • Uses checkContext when posting the GitHub commit status
  • Documents the reason for the new context format in-code

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@tomverin tomverin force-pushed the feat/promote-unique-check-context-per-build branch 3 times, most recently from c001ee2 to 2d65a24 Compare February 17, 2026 16:05
julien-carsique-sonarsource
julien-carsique-sonarsource reviewed Feb 17, 2026
View reviewed changes
julien-carsique-sonarsource
julien-carsique-sonarsource requested changes Feb 17, 2026
View reviewed changes
@tomverin tomverin marked this pull request as draft March 2, 2026 07:58
@tomverin tomverin force-pushed the feat/promote-unique-check-context-per-build branch from a53ac3c to 5e3fc45 Compare March 12, 2026 10:20
@tomverin
BUILD-10457 Parameterize check context in github_notify_promotion
c8d5d80 
Make check_context a function parameter and call github_notify_promotion
twice: once with the new BUILD_NAME-scoped context for unique parallel
checks, and once with the legacy repox-${GITHUB_REF_NAME} context for
backward compatibility.
@tomverin tomverin force-pushed the feat/promote-unique-check-context-per-build branch from 5e3fc45 to c8d5d80 Compare March 12, 2026 10:24
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 12, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@tomverin tomverin marked this pull request as ready for review March 12, 2026 10:34
@tomverin tomverin merged commit c15f373 into master Mar 12, 2026
13 checks passed
@tomverin tomverin deleted the feat/promote-unique-check-context-per-build branch March 12, 2026 10:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@julien-carsique-sonarsource julien-carsique-sonarsource julien-carsique-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tomverin @julien-carsique-sonarsource