PREQ-4918: Support unique artifact names for matrix jobs

[bwalsh434]

What Changed?

Adds a job-identifier input to build-gradle and build-npm to avoid artifact name collisions in matrix jobs (example 409 error).

build-gradle

• New optional input job-identifier: appended to the problems-report-<job-identifier> artifact name
• When omitted, a $RANDOM-based value is generated per job to guarantee uniqueness

build-npm

• Same job-identifier input added for the npm-logs-<job-identifier> artifact

When to use job-identifier

The default $RANDOM fallback is sufficient for most cases. Set job-identifier explicitly when you want human-readable artifact names — e.g. when calling from a reusable workflow invoked in a matrix:

- uses: SonarSource/ci-github-actions/build-gradle@v1
  with:
    job-identifier: ${{ matrix.module }}

This produces problems-report-my-module instead of problems-report-<random>.

Background

The original hardcoded github.job + strategy.job-index naming collides when the action is called from a reusable workflow that is itself invoked in a matrix — github.job is always the reusable workflow's fixed job ID there, causing 409 conflicts.

[hashicorp-vault-sonar-prod]

PREQ-4918

[sonar-review-alpha]

Summary

Adds optional job-identifier input to both build-gradle and build-npm actions to allow customizable artifact naming in matrix workflows. When provided (e.g., matrix.module), it replaces the artifact name suffix; when omitted, a random value is generated automatically using $RANDOM to ensure uniqueness. This solves the 409 Conflict error that occurs when multiple matrix jobs upload artifacts with identical names.

What reviewers should know

Start with the action definitions: Review build-gradle/action.yml and build-npm/action.yml to see the new job-identifier input. The key implementation is the conditional in the artifact upload step: inputs.job-identifier != '' && inputs.job-identifier || steps.uid.outputs.value — it uses the provided identifier if set, otherwise falls back to a randomly generated value from the new 'Generate unique job ID' step.

Note on fallback strategy: The PR uses $RANDOM$RANDOM for automatic ID generation when no identifier is provided. This gives ~1 million possible combinations, which should be sufficient for artifact uniqueness in most workflows. The double $RANDOM is intentional (single $RANDOM only goes to 32767).

README changes: Verify the documentation updates show clear before/after examples and explain when to use job-identifier vs relying on auto-generation.

Testing coverage: The PR was tested in a Gradle project with matrix builds (verify the linked workflow run). Consider whether npm matrix scenarios were similarly validated.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[julien-carsique-sonarsource]

Please update the README.
This should be fixed across all the actions, not only here: it's a repeated pattern.
Also, isn't it possible to use a dynamic unique ID, without asking for a parameter.

[Copilot]

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

[mikolaj-matuszny-ext-sonarsource]

Tested in https://github.com/SonarSource/sonar-dummy-gradle-oss/actions/runs/23741857194

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonar-review-alpha]

LGTM! ✅

The previously flagged uniqueness bug has been addressed — the $RANDOM$RANDOM fallback is solid and the implementation is clean.

🗣️ Give feedback