SCANPY-219 Migrate shadow scan and iris tasks to github actions

Author: joke1196

.cirrus/run_iris.sh

@@ -0,0 +1,74 @@
+name: Iris sync
+on:
+  schedule:
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  coverage:
+    name: "Coverage report generation"
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - name: Configure poetry
+        uses: ./.github/actions/config-poetry
+      - run: |
+          poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
+          poetry run mypy src/ > mypy-report.txt || true
+      - name: Upload coverage artifacts
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: coverage-reports
+          path: |
+            coverage.xml
+            mypy-report.txt
+
+  shadow-scans:
+    name: Shadow Scans
+    needs: coverage
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Download coverage artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: coverage-reports
+
+      - name: Build and run shadow scan
+        uses: SonarSource/ci-github-actions/build-poetry@v1
+        with:
+          sonar-platform: next
+          run-shadow-scans: true
+          artifactory-reader-role: private-reader
+          artifactory-deployer-role: qa-deployer
+
+  iris:
+    name: IRIS Sync
+    needs: shadow-scans
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Run IRIS Analysis
+        uses: SonarSource/unified-dogfooding-actions/run-iris@v1
+        with:
+          primary_project_key: "SonarSource_sonar-scanner-python"
+          primary_platform: "Next"
+          shadow1_project_key: "SonarSource_sonar-scanner-python"
+          shadow1_platform: "SQC-EU"
+          shadow2_project_key: "SonarSource_sonar-scanner-python"
+          shadow2_platform: "SQC-US"