BUILD-10586 Fix inconsistencies between actions inputs, outputs and behaviors#231
Conversation
julien-carsique-sonarsource
force-pushed
the
fix/jcarsique/BUILD-10586-inconsistencies
branch
2 times, most recently
from
4c60750 to
79a8c88
Compare
Testing SonarSource/ci-github-actions#231 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Testing SonarSource/ci-github-actions#231 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Testing SonarSource/ci-github-actions#231 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Testing SonarSource/ci-github-actions#231 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Testing SonarSource/ci-github-actions#231 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Testing SonarSource/ci-github-actions#231 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR addresses BUILD-10586 by aligning the inputs/outputs and branch-dependent behavior across the repository’s GitHub composite actions and their underlying build scripts (npm/yarn/poetry/gradle/maven), plus documentation and shellspec coverage.
Changes:
- Add/align
deployanddisable-cachinginputs across actions, including updated deploy behavior onfeature/long/*for npm/yarn/poetry. - Make deploy-token retrieval conditional (deploy enabled and not shadow scanning) and standardize deployment-disabled warnings to GitHub Actions
::warningformat. - Add Gradle SonarQube branch filtering via a new
should_scan()gate and expand tests/docs to match the new behavior.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| spec/build-yarn_spec.sh | Updates/extends tests for deploy input, long-lived deploy, and warning format. |
| spec/build-poetry_spec.sh | Updates/extends tests for deploy input, long-lived deploy, and shadow-scan deployment warning. |
| spec/build-npm_spec.sh | Updates/extends tests for deploy input, long-lived deploy, and warning format. |
| spec/build-gradle_spec.sh | Adds tests for new should_scan() logic and a dogfood no-sonar path. |
| promote/promote.sh | Consolidates required env var assertions and minor variable handling tweaks. |
| pr_cleanup/cleanup.sh | Simplifies required env var assertions and updates header comment. |
| config-npm/npm_set_project_version.sh | Consolidates required env var assertions. |
| config-npm/action.yml | Adds disable-caching input, deprecates cache-npm, and adds idempotency guard (CONFIG_NPM_COMPLETED). |
| config-maven/set_maven_project_version.sh | Documents SKIP behavior and consolidates required env var assertions. |
| config-gradle/set_gradle_project_version.sh | Documents SKIP behavior and consolidates required env var assertions. |
| build-yarn/build.sh | Adds DEPLOY handling, enables deploy on long-lived branches, and standardizes deployment-disabled warnings. |
| build-yarn/action.yml | Adds deploy/disable-caching, deprecates cache-yarn, and conditions deploy token retrieval. |
| build-poetry/build.sh | Adds DEPLOY handling, enables deploy on long-lived branches, and standardizes deployment-disabled warnings. |
| build-poetry/action.yml | Adds deploy and conditions deploy token retrieval. |
| build-npm/build.sh | Adds DEPLOY handling, enables deploy on long-lived branches, and standardizes deployment-disabled warnings. |
| build-npm/action.yml | Adds deploy/disable-caching, deprecates cache-npm, and conditions deploy token retrieval. |
| build-maven/build.sh | Refactors env var assertions/exports and minor should_scan conditional style change. |
| build-gradle/build.sh | Adds should_scan() and uses it to gate sonar orchestration by branch type. |
| build-gradle/action.yml | Updates run-shadow-scans description text to match other actions. |
| README.md | Updates inputs tables and the deploy/scan behavior matrix for new inputs/behaviors. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
bwalsh434
left a comment
bwalsh434
left a comment
There was a problem hiding this comment.
This is huge! LGTM!
I've had great success with telling Claude to open PRs in all of the dummy repos to test the changes to the actions, so I highly rec you do that here as well if you haven't.
julien-carsique-sonarsource
force-pushed
the
fix/jcarsique/BUILD-10586-inconsistencies
branch
from
79a8c88 to
cf24075
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 22 out of 22 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
julien-carsique-sonarsource
force-pushed
the
fix/jcarsique/BUILD-10586-inconsistencies
branch
from
cf24075 to
ce03956
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 26 out of 26 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
julien-carsique-sonarsource
force-pushed
the
fix/jcarsique/BUILD-10586-inconsistencies
branch
from
ce03956 to
8a19c9a
Compare
…ehaviors - Add `deploy` input to build-npm, build-yarn, build-poetry (consistent with build-maven/build-gradle) - Enable deployment on long-lived feature branches (feature/long/*) for npm/yarn/poetry - Add `disable-caching` input to build-npm, build-yarn, config-npm; deprecate `cache-npm`/`cache-yarn` - Add `should_scan()` to build-gradle to filter SonarQube analysis by branch type - Add CONFIG_NPM_COMPLETED idempotency guard to config-npm (consistent with config-gradle/config-maven) - Condition Artifactory deploy token vault secret on deploy being enabled - Align shadow scan warning to GitHub Actions ::warning stderr format across all actions - Align run-shadow-scans description and sh header documentation across all build actions - Fix artifactory-deploy-repo description in build-npm (private-qa was incorrectly named public-qa) - Update README: deployment strategy table, input tables, remove resolved known bugs and TODOs - Code style: consolidate parameter validation, fix readonly declarations, align sh header labels Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
julien-carsique-sonarsource
force-pushed
the
fix/jcarsique/BUILD-10586-inconsistencies
branch
from
8a19c9a to
d3dc244
Compare
SonarQube reviewer guideSummary: Update CI/CD build actions to support shadow scans, enable deployment on long-lived branches, add Review Focus:
Start review at:
|
julien-carsique-sonarsource
deleted the
fix/jcarsique/BUILD-10586-inconsistencies
branch
Summary
Fixes BUILD-10586 — inconsistencies between
ci-github-actionsinputs, outputs, deploy and scan behaviors.Deploy input and long-lived branch deployment
deployinput tobuild-npm,build-yarn,build-poetry(was already present inbuild-gradle/build-maven)feature/long/*) for npm/yarn/poetry (aligns with maven/gradle behavior)inputs.deploy != 'false' && inputs.run-shadow-scans != 'true')Caching input naming
disable-cachinginput tobuild-npm,build-yarn, andconfig-npm; deprecatecache-npm/cache-yarn(aligns with poetry/gradle/maven naming convention)config-npmnow handles the caching logic internally;build-npmpasses both inputs through directlySonarQube branch filtering in build-gradle
should_scan()tobuild-gradleto filter SonarQube analysis by branch type — default, maintenance, PR, and long-lived branches only (was previously running on all branches whensonar-platform != none)Idempotency guard for config-npm
CONFIG_NPM_COMPLETEDdetection and skip toconfig-npm(consistent withconfig-gradle/config-maven): vault, npm auth, caching, version steps are skipped on second invocation within the same jobOther consistency fixes
::warningstderr format across all actionsartifactory-deploy-repodescription inbuild-npm(private repo default was incorrectly namedpublic-qa)run-shadow-scansanddeploy-pull-requestdescriptions across all build actionsSONAR_PLATFORMsh header description inbuild-yarn/build-poetry(was missingor noneoption)build-npm/build.shheaderTest plan
feature/long/*) for npm/yarn/poetryIntegration testing PRs