From b215d0b69065f0d09a0b3ca1a9cc54202f5e3f65 Mon Sep 17 00:00:00 2001 From: David Kunzmann Date: Mon, 20 Oct 2025 14:44:22 +0200 Subject: [PATCH 1/6] SCANPY-217: Migrate from Cirrus CI to GitHub Action --- .cirrus.yml | 196 +------------------ .github/actions/config-poetry-win/action.yml | 68 +++++++ .github/actions/config-poetry/action.yml | 68 +++++++ .github/scripts/config-poetry.sh | 28 +++ .github/scripts/run_its.sh | 19 ++ .github/workflows/build.yml | 192 ++++++++++++++++++ 6 files changed, 376 insertions(+), 195 deletions(-) create mode 100644 .github/actions/config-poetry-win/action.yml create mode 100644 .github/actions/config-poetry/action.yml create mode 100755 .github/scripts/config-poetry.sh create mode 100755 .github/scripts/run_its.sh create mode 100644 .github/workflows/build.yml diff --git a/.cirrus.yml b/.cirrus.yml index cca6191a..9aaba700 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -16,6 +16,7 @@ env: CRON_NIGHTLY_JOB_NAME: "nightly" only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == 'master' || $CIRRUS_BRANCH =~ "branch-.*") + linux_container_definition: &LINUX_CONTAINER_DEFINITION eks_container: dockerfile: .cirrus/poetry.Dockerfile @@ -31,57 +32,12 @@ linux_container_definition: &LINUX_CONTAINER_DEFINITION cpu: 3 memory: 8G -win_vm_definition: &WINDOWS_VM_DEFINITION - env: - JF_ALIAS: "jf" - ec2_instance: - experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051 - image: base-windows-jdk17-v* - platform: windows - region: eu-central-1 - type: c6id.4xlarge - preemptible: false - use_ssd: true - -win_ssd_and_clone: - &WIN_SSD_AND_CLONE # copy&paste from https://github.com/SonarSource/sonar-cpp/blob/a8c6f1e45a12393508682a013ac7ee35eb92bece/.cirrus.yml#L45 - prepare_disk_script: - - ps: | - Get-Disk -Number 2 | Initialize-Disk -PassThru | New-Partition -UseMaximumSize -DriveLetter Z - Format-Volume -DriveLetter Z -FileSystem NTFS -Confirm:$false - - echo "CIRRUS_WORKING_DIR=Z:/cirrus-ci-build" >> $CIRRUS_ENV - # we don't clone submodules because they are not needed for the tests - clone_script: | - git config --system core.longpaths true - if [ -z "$CIRRUS_PR" ]; then - git clone --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR - git reset --hard $CIRRUS_CHANGE_IN_REPO - else - git clone https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR - git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR - git reset --hard $CIRRUS_CHANGE_IN_REPO - fi - .jfrog_config_template: &JFROG_CONFIG_TEMPLATE jfrog_config_script: - $JF_ALIAS config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_ACCESS_TOKEN" - $JF_ALIAS poetry-config --server-id-resolve repox --repo-resolve sonarsource-pypi - $JF_ALIAS poetry install --build-name="$CIRRUS_REPO_NAME" --build-number="$CI_BUILD_NUMBER" -poetry_win_install: &POETRY_WIN_INSTALL - <<: *WINDOWS_VM_DEFINITION - <<: *WIN_SSD_AND_CLONE - env: - PYTHON_VERSION: 3.12.1 - POETRY_VERSION: 2.0.1 - jfrog_win_install_script: - - powershell "Start-Process -Wait -Verb RunAs powershell '-NoProfile iwr https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/[RELEASE]/jfrog-cli-windows-amd64/jf.exe -OutFile $env:SYSTEMROOT\system32\jf.exe'" - - jf intro - poetry_win_install_script: - - source cirrus-env QA - - pip install poetry=="$POETRY_VERSION" - <<: *JFROG_CONFIG_TEMPLATE - poetry_cache_template: &POETRY_CACHE poetry_cache: folder: ~/.cache/poetry/ @@ -93,11 +49,6 @@ poetry_cache_template: &POETRY_CACHE poetry_install_script: - poetry install -.poetry_set_version_template: &POETRY_SET_VERSION - poetry_set_version_script: - - source set_poetry_build_version "$CI_BUILD_NUMBER" - - echo "PROJECT_VERSION=$PROJECT_VERSION" >> $CIRRUS_ENV - .poetry_macos_template: &POETRY_MACOS_TEMPLATE <<: *POETRY_CACHE jfrog_install_script: @@ -120,104 +71,6 @@ macos_worker_template: &MACOS_WORKER_DEFINITION labels: envname: prod -formatting_task: - alias: formatting - name: "Formatting" - <<: *LINUX_CONTAINER_DEFINITION - <<: *POETRY_INSTALL - formatting_script: - - poetry run black src/ tests/ --check - - poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/ - - poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d tests/ - - git diff --name-only --exit-code ./src ./tests - -documentation_task: - alias: documentation - name: "CLI Documentation" - <<: *LINUX_CONTAINER_DEFINITION - <<: *POETRY_INSTALL - cli_docs_script: - - poetry run python tools/generate_cli_documentation.py - - git diff --exit-code CLI_ARGS.md - -analysis_base_linux_template: &ANALYSIS_BASE_LINUX_TEMPLATE - <<: *LINUX_CONTAINER_DEFINITION - <<: *POETRY_INSTALL - # For analysis we don't need to set the build versions, but we still need to access jfrog to recover the dependencies - analysis_script: - - poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests - - poetry run mypy src/ > mypy-report.txt || true # mypy exits with 1 if there are errors - - uv venv - - source .venv/bin/activate - - uv pip install pysonar - - . .cirrus/analysis.sh - always: - pytest_artifacts: - path: "coverage.xml" - format: junit - type: text/xml - -analysis_next_task: - <<: *ANALYSIS_BASE_LINUX_TEMPLATE - alias: sonar_analysis_next - name: "NEXT Analysis" - env: - SONAR_TOKEN: VAULT[development/kv/data/next data.token] - SONAR_HOST_URL: https://next.sonarqube.com/sonarqube - -analysis_SQC_EU_shadow_task: - <<: *ANALYSIS_BASE_LINUX_TEMPLATE - # only executed in CRON job AND on master branch - only_if: $CIRRUS_CRON == $CRON_NIGHTLY_JOB_NAME && $CIRRUS_BRANCH == "master" - alias: sonar_analysis_shadow_sqc_eu - name: "SQC-EU Shadow Analysis" - env: - SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token] - SONAR_HOST_URL: https://sonarcloud.io - -analysis_SQC_US_shadow_task: - <<: *ANALYSIS_BASE_LINUX_TEMPLATE - # only executed in CRON job AND on master branch - only_if: $CIRRUS_CRON == $CRON_NIGHTLY_JOB_NAME && $CIRRUS_BRANCH == "master" - alias: sonar_analysis_shadow_sqc_us - name: "SQC-US Shadow Analysis" - env: - SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token] - SONAR_HOST_URL: https://sonarqube.us - -qa_task: - alias: qa - matrix: - - name: "Test Python 3.9.18" - eks_container: - docker_arguments: - PYTHON_VERSION: 3.9.18 - - name: "Test Python 3.9.6" - eks_container: - docker_arguments: - PYTHON_VERSION: 3.9.6 - - name: "Test Python 3.10" - eks_container: - docker_arguments: - PYTHON_VERSION: 3.10.13 - - name: "Test Python 3.11" - eks_container: - docker_arguments: - PYTHON_VERSION: 3.11.7 - - name: "Test Python 3.12" - eks_container: - docker_arguments: - PYTHON_VERSION: 3.12.1 - - name: "Test Python 3.13" - eks_container: - docker_arguments: - PYTHON_VERSION: 3.13.2 - <<: *LINUX_CONTAINER_DEFINITION - <<: *POETRY_INSTALL - <<: *POETRY_SET_VERSION - qa_script: - - poetry run pytest tests/ - qa_macos_task: alias: qa_macos only_if: $CIRRUS_CRON == "macos-its-cron" @@ -238,35 +91,6 @@ qa_macos_task: test_313_script: - .cirrus/run_macos_tests.sh "3.13.2" -qa_windows_task: - name: "Test Windows" - <<: *POETRY_WIN_INSTALL - <<: *POETRY_SET_VERSION - alias: qa_windows - qa_script: - - poetry run pytest tests/ - - exit $LASTEXITCODE - -build_task: - <<: *LINUX_CONTAINER_DEFINITION - <<: *POETRY_INSTALL - <<: *POETRY_SET_VERSION - alias: build - name: "Build" - build_script: regular_poetry_build_publish - -its_task: - name: "Integration Tests" - alias: its - sonarqube_cache: - folder: sonarqube_cache/ - populate_script: mkdir -p sonarqube_cache && wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONARQUBE_VERSION.zip -O sonarqube_cache/sonarqube.zip - fingerprint_script: echo "sonarqube-$SONARQUBE_VERSION" - <<: *LINUX_CONTAINER_DEFINITION - <<: *POETRY_INSTALL - its_script: - - .cirrus/run_its.sh - its_macos_task: name: "[macOS] Integration Tests" alias: its_macos @@ -280,25 +104,7 @@ its_macos_task: its_script: - .cirrus/run_its.sh -promote_task: - depends_on: - - formatting - - sonar_analysis_next - - qa - - qa_windows - - build - - its - env: - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token] - GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token] - <<: *LINUX_CONTAINER_DEFINITION - <<: *POETRY_INSTALL - <<: *POETRY_SET_VERSION - promote_script: cirrus_promote - run_iris_task: - depends_on: - - promote <<: *LINUX_CONTAINER_DEFINITION # only executed in CRON job AND on master branch only_if: $CIRRUS_CRON == $CRON_NIGHTLY_JOB_NAME && $CIRRUS_BRANCH == "master" diff --git a/.github/actions/config-poetry-win/action.yml b/.github/actions/config-poetry-win/action.yml new file mode 100644 index 00000000..cbe4b354 --- /dev/null +++ b/.github/actions/config-poetry-win/action.yml @@ -0,0 +1,68 @@ +--- +name: Configure Poetry for Windows +description: GitHub Action to configure a poetry project for windows runner + +inputs: + poetry-version: + description: The version of poetry to install + default: 2.2.1 + poetry-virtualenvs-path: + description: Path to the Poetry virtual environments, relative to GitHub workspace. The folder is cached only if it is a subdirectory of + `poetry-cache-dir`. + default: .cache/pypoetry/virtualenvs + poetry-cache-dir: + description: Path to the Poetry cache directory, relative to GitHub workspace. + default: .cache/pypoetry +outputs: + BUILD_NUMBER: + description: The build number, incremented or reused if already cached + value: ${{ steps.get_build_number.outputs.BUILD_NUMBER }} + +runs: + using: composite + steps: + - name: Set build parameters + shell: bash + env: + ARTIFACTORY_READER_ROLE: private-reader + run: | + echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" + - uses: SonarSource/ci-github-actions/get-build-number@v1 + id: get_build_number + - name: Cache local Poetry cache + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ${{ inputs.poetry-cache-dir }} + key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} + restore-keys: poetry-${{ runner.os }}- + - name: Vault + id: secrets + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + with: + secrets: | + development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; + - name: Install JFrog + id: install_jfrog + shell: pwsh + run: | + Start-Process -Wait -Verb RunAs powershell '-NoProfile iwr https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/[RELEASE]/jfrog-cli-windows-amd64/jf.exe -OutFile $env:SYSTEMROOT\system32\jf.exe' + jf intro + - name: Install Poetry + id: install_poetry + shell: bash + run: | + pip install poetry==${{ inputs.poetry-version }} + - name: Config Poetry + id: config + shell: bash + env: + ARTIFACTORY_URL: https://repox.jfrog.io/artifactory + ARTIFACTORY_PYPI_REPO: sonarsource-pypi + ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} + POETRY_VIRTUALENVS_PATH: ${{ github.workspace }}/${{ inputs.poetry-virtualenvs-path }} + POETRY_CACHE_DIR: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }} + run: | + echo "POETRY_VIRTUALENVS_PATH=${POETRY_VIRTUALENVS_PATH}" >> "$GITHUB_ENV" + echo "POETRY_CACHE_DIR=${POETRY_CACHE_DIR}" >> "$GITHUB_ENV" + ${GITHUB_ACTION_PATH}/../../scripts/config-poetry.sh + diff --git a/.github/actions/config-poetry/action.yml b/.github/actions/config-poetry/action.yml new file mode 100644 index 00000000..f66042aa --- /dev/null +++ b/.github/actions/config-poetry/action.yml @@ -0,0 +1,68 @@ +--- +name: Configure Poetry +description: GitHub Action to configure a poetry project + +inputs: + poetry-version: + description: The version of poetry to install + default: 2.2.1 + jfrog-version: + description: The version of jFrog to install + default: 2.77.0 + poetry-virtualenvs-path: + description: Path to the Poetry virtual environments, relative to GitHub workspace. The folder is cached only if it is a subdirectory of + `poetry-cache-dir`. + default: .cache/pypoetry/virtualenvs + poetry-cache-dir: + description: Path to the Poetry cache directory, relative to GitHub workspace. + default: .cache/pypoetry +outputs: + BUILD_NUMBER: + description: The build number, incremented or reused if already cached + value: ${{ steps.get_build_number.outputs.BUILD_NUMBER }} + +runs: + using: composite + steps: + - name: Set build parameters + shell: bash + env: + ARTIFACTORY_READER_ROLE: private-reader + run: | + echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" + - uses: SonarSource/ci-github-actions/get-build-number@v1 + id: get_build_number + - name: Cache local Poetry cache + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ${{ inputs.poetry-cache-dir }} + key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} + restore-keys: poetry-${{ runner.os }}- + - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 + with: + version: 2025.7.12 + install_args: "jfrog-cli@${{ inputs.jfrog-version }} poetry@${{ inputs.poetry-version }}" + - name: Vault + # yamllint disable rule:line-length + id: secrets + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + with: + secrets: | + development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; + # yamllint enable rule:line-length + - name: Config Poetry + id: config + shell: bash + env: + ARTIFACTORY_URL: https://repox.jfrog.io/artifactory + ARTIFACTORY_PYPI_REPO: sonarsource-pypi + ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} + POETRY_VIRTUALENVS_PATH: ${{ github.workspace }}/${{ inputs.poetry-virtualenvs-path }} + POETRY_CACHE_DIR: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }} + run: | + mise use -g poetry@${{ inputs.poetry-version }} + mise use -g jfrog-cli@${{ inputs.jfrog-version }} + echo "POETRY_VIRTUALENVS_PATH=${POETRY_VIRTUALENVS_PATH}" >> "$GITHUB_ENV" + echo "POETRY_CACHE_DIR=${POETRY_CACHE_DIR}" >> "$GITHUB_ENV" + ${GITHUB_ACTION_PATH}/../../scripts/config-poetry.sh + diff --git a/.github/scripts/config-poetry.sh b/.github/scripts/config-poetry.sh new file mode 100755 index 00000000..98aa7628 --- /dev/null +++ b/.github/scripts/config-poetry.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Config script for SonarSource Poetry projects. + +set -euo pipefail + +: "${ARTIFACTORY_URL:?}" +: "${ARTIFACTORY_PYPI_REPO:?}" "${ARTIFACTORY_ACCESS_TOKEN:?}" +: "${BUILD_NUMBER:?}" "${GITHUB_REPOSITORY:?}" + +set_build_env() { + export PROJECT=${GITHUB_REPOSITORY#*/} + echo "PROJECT: $PROJECT" +} + +config_poetry() { + jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN" + jf poetry-config --server-id-resolve repox --repo-resolve "$ARTIFACTORY_PYPI_REPO" + jf poetry install --build-name="$PROJECT" --build-number="$BUILD_NUMBER" +} + +main() { + set_build_env + config_poetry +} + +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + main "$@" +fi diff --git a/.github/scripts/run_its.sh b/.github/scripts/run_its.sh new file mode 100755 index 00000000..857466a3 --- /dev/null +++ b/.github/scripts/run_its.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +set -euo pipefail + +unzip -q sonarqube_cache/sonarqube.zip -d sonarqube + +PLATFORM="linux-x86-64" +if [[ "$(uname)" == "Darwin" ]]; then + PLATFORM="macosx-universal-64" +fi + +cd $(ls -d sonarqube/*/) +./bin/${PLATFORM}/sonar.sh start +cd - + +unset SONAR_TOKEN +unset SONAR_HOST_URL + +poetry install +poetry run pytest --its tests/its diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..8d449ede --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,192 @@ +name: Build +on: + push: + branches: [master, branch-*, dogfood-*] + pull_request: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build: + name: "Build" + runs-on: github-ubuntu-latest-s + outputs: + build-number: ${{ steps.build-poetry.outputs.BUILD_NUMBER }} + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 + with: + install_args: "poetry@2.2.1" + - run: mise use -g poetry@2.2.1 + - uses: SonarSource/ci-github-actions/build-poetry@v1 + id: build-poetry + with: + sonar-platform: none + artifactory-reader-role: private-reader + artifactory-deployer-role: qa-deployer + deploy-pull-request: true + + install_deps: + name: "Install Dependencies" + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: ./.github/actions/config-poetry + - run: | + poetry install + + formatting: + name: "Formatting and Licenses headers" + needs: [install_deps] + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: ./.github/actions/config-poetry + - run: | + poetry run black src/ tests/ --check + poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/ + poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d tests/ + git diff --name-only --exit-code ./src ./tests + + documentation: + name: "CLI Documentation" + runs-on: github-ubuntu-latest-s + needs: [install_deps] + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 + with: + install_args: "poetry@2.2.1" + - run: mise use -g poetry@2.2.1 + - run: | + poetry run python tools/generate_cli_documentation.py + git diff --exit-code CLI_ARGS.md + + coverage: + name: "Coverage report generation" + runs-on: github-ubuntu-latest-s + needs: [install_deps] + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: ./.github/actions/config-poetry + - run: | + poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests + poetry run mypy src/ > mypy-report.txt || true + - name: Upload coverage artifacts + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: coverage-reports + path: | + coverage.xml + mypy-report.txt + + analysis: + name: "NEXT Analysis" + runs-on: github-ubuntu-latest-s + needs: [coverage] + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Download coverage artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: coverage-reports + - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 + with: + install_args: "poetry@2.2.1" + - run: mise use -g poetry@2.2.1 + - uses: SonarSource/ci-github-actions/build-poetry@v1 + with: + sonar-platform: next + artifactory-reader-role: private-reader + artifactory-deployer-role: qa-deployer + + qa: + name: "Test Python ${{ matrix.python-version }}" + runs-on: github-ubuntu-latest-s + needs: [install_deps] + permissions: + id-token: write + contents: write + strategy: + matrix: + python-version: ["3.9.18", "3.9.6", "3.10.13", "3.11.7", "3.12.1", "3.13.2"] + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: ./.github/actions/config-poetry + - run: | + poetry run pytest tests/ + + qa-windows: + name: "Test Windows" + runs-on: github-windows-latest-s + needs: [install_deps] + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: ./.github/actions/config-poetry-win + - run: | + poetry run pytest tests/ + + + its: + name: "Integration Tests" + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Cache SonarQube + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: sonarqube_cache/ + key: sonarqube-25.3.0.104237 + - name: Download SonarQube + run: | + mkdir -p sonarqube_cache + if [ ! -f sonarqube_cache/sonarqube.zip ]; then + wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.3.0.104237.zip -O sonarqube_cache/sonarqube.zip + fi + env: + SONARQUBE_VERSION: 25.3.0.104237 + - uses: ./.github/actions/config-poetry + - run: ./.github/scripts/run_its.sh + + promote: + name: "Promote" + needs: [build, formatting, documentation, coverage, analysis, qa, qa-windows, its] + runs-on: github-ubuntu-latest-s + permissions: + id-token: write + contents: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: SonarSource/ci-github-actions/promote@v1 + with: + promote-pull-request: true + build-name: sonar-scanner-python + env: + BUILD_NUMBER: ${{ needs.build.outputs.build-number }} From 68a2b49d0d9a44d2c0d48eb13dd45b820cd3d649 Mon Sep 17 00:00:00 2001 From: David Kunzmann Date: Fri, 24 Oct 2025 09:52:54 +0200 Subject: [PATCH 2/6] Fix after review --- .github/actions/config-poetry-win/action.yml | 2 +- .github/actions/config-poetry/action.yml | 6 +- .github/workflows/build.yml | 93 ++++++++++++-------- mise.toml | 3 + 4 files changed, 62 insertions(+), 42 deletions(-) create mode 100644 mise.toml diff --git a/.github/actions/config-poetry-win/action.yml b/.github/actions/config-poetry-win/action.yml index cbe4b354..23366b01 100644 --- a/.github/actions/config-poetry-win/action.yml +++ b/.github/actions/config-poetry-win/action.yml @@ -30,7 +30,7 @@ runs: - uses: SonarSource/ci-github-actions/get-build-number@v1 id: get_build_number - name: Cache local Poetry cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: SonarSource/ci-github-actions/cache@v1 with: path: ${{ inputs.poetry-cache-dir }} key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} diff --git a/.github/actions/config-poetry/action.yml b/.github/actions/config-poetry/action.yml index f66042aa..e4030058 100644 --- a/.github/actions/config-poetry/action.yml +++ b/.github/actions/config-poetry/action.yml @@ -33,15 +33,15 @@ runs: - uses: SonarSource/ci-github-actions/get-build-number@v1 id: get_build_number - name: Cache local Poetry cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: SonarSource/ci-github-actions/cache@v1 with: path: ${{ inputs.poetry-cache-dir }} key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} restore-keys: poetry-${{ runner.os }}- - - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 + - name: Install mise and tools + uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 with: version: 2025.7.12 - install_args: "jfrog-cli@${{ inputs.jfrog-version }} poetry@${{ inputs.poetry-version }}" - name: Vault # yamllint disable rule:line-length id: secrets diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d449ede..5d5355ac 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,12 +19,12 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 - with: - install_args: "poetry@2.2.1" - - run: mise use -g poetry@2.2.1 - - uses: SonarSource/ci-github-actions/build-poetry@v1 + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Install mise and tools + uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 + - name: Build the scanner + uses: SonarSource/ci-github-actions/build-poetry@v1 id: build-poetry with: sonar-platform: none @@ -33,14 +33,16 @@ jobs: deploy-pull-request: true install_deps: - name: "Install Dependencies" + name: "Install and Cache Poetry Dependencies" runs-on: github-ubuntu-latest-s permissions: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: ./.github/actions/config-poetry + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Configure poetry for Windows + uses: ./.github/actions/config-poetry # We use this job to cache the poetry depend - run: | poetry install @@ -52,8 +54,10 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: ./.github/actions/config-poetry + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Configure poetry for Windows + uses: ./.github/actions/config-poetry - run: | poetry run black src/ tests/ --check poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/ @@ -68,12 +72,12 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 - with: - install_args: "poetry@2.2.1" - - run: mise use -g poetry@2.2.1 - - run: | + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Install mise and tools + uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 + - name: Check for incorrect documentation + run: | poetry run python tools/generate_cli_documentation.py git diff --exit-code CLI_ARGS.md @@ -85,8 +89,10 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: ./.github/actions/config-poetry + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Configure poetry + uses: ./.github/actions/config-poetry - run: | poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests poetry run mypy src/ > mypy-report.txt || true @@ -106,16 +112,16 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download coverage artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: coverage-reports - - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 - with: - install_args: "poetry@2.2.1" - - run: mise use -g poetry@2.2.1 - - uses: SonarSource/ci-github-actions/build-poetry@v1 + - name: Install mise and tools + uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1 + - name: Analysis the project on next + uses: SonarSource/ci-github-actions/build-poetry@v1 with: sonar-platform: next artifactory-reader-role: private-reader @@ -132,9 +138,12 @@ jobs: matrix: python-version: ["3.9.18", "3.9.6", "3.10.13", "3.11.7", "3.12.1", "3.13.2"] steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: ./.github/actions/config-poetry - - run: | + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Configure poetry + uses: ./.github/actions/config-poetry + - name: Execute the test suite + run: | poetry run pytest tests/ qa-windows: @@ -145,12 +154,14 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: ./.github/actions/config-poetry-win - - run: | + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Configure poetry for Windows + uses: ./.github/actions/config-poetry-win + - name: Execute the test suite + run: | poetry run pytest tests/ - its: name: "Integration Tests" runs-on: github-ubuntu-latest-s @@ -158,13 +169,17 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - name: Checkout repository + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Cache SonarQube - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: SonarSource/ci-github-actions/cache@v1 + id: sonarqube-cache with: path: sonarqube_cache/ key: sonarqube-25.3.0.104237 + restore-keys: cache-${{ runner.os }}- - name: Download SonarQube + if: ${{ !steps.sonarqube-cache.outputs.cache-hit }} run: | mkdir -p sonarqube_cache if [ ! -f sonarqube_cache/sonarqube.zip ]; then @@ -172,8 +187,10 @@ jobs: fi env: SONARQUBE_VERSION: 25.3.0.104237 - - uses: ./.github/actions/config-poetry - - run: ./.github/scripts/run_its.sh + - name: Configure poetry + uses: ./.github/actions/config-poetry + - name: Execute the integration tests + run: ./.github/scripts/run_its.sh promote: name: "Promote" @@ -183,8 +200,8 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: SonarSource/ci-github-actions/promote@v1 + - name: Promote + uses: SonarSource/ci-github-actions/promote@v1 with: promote-pull-request: true build-name: sonar-scanner-python diff --git a/mise.toml b/mise.toml new file mode 100644 index 00000000..f55a5dc1 --- /dev/null +++ b/mise.toml @@ -0,0 +1,3 @@ +[tools] +jfrog-cli = "2.77.0" +poetry = "2.2.1" From ef8707aea1e43ee5384b61dee52ee51082be6f63 Mon Sep 17 00:00:00 2001 From: David Kunzmann Date: Fri, 24 Oct 2025 10:41:22 +0200 Subject: [PATCH 3/6] Test with proper Python version --- .github/actions/config-poetry/action.yml | 10 ++++++++-- .github/workflows/build.yml | 6 ++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/actions/config-poetry/action.yml b/.github/actions/config-poetry/action.yml index e4030058..159a7b35 100644 --- a/.github/actions/config-poetry/action.yml +++ b/.github/actions/config-poetry/action.yml @@ -3,6 +3,9 @@ name: Configure Poetry description: GitHub Action to configure a poetry project inputs: + python-version: + description: The version of python to use + default: 3.12.12 poetry-version: description: The version of poetry to install default: 2.2.1 @@ -42,6 +45,11 @@ runs: uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 with: version: 2025.7.12 + - name: Install Python $${{ inputs.python-version }} + shell: bash + run: | + mise install python@${{ inputs.python-version }} + mise use -g python@${{ inputs.python-version }} - name: Vault # yamllint disable rule:line-length id: secrets @@ -60,8 +68,6 @@ runs: POETRY_VIRTUALENVS_PATH: ${{ github.workspace }}/${{ inputs.poetry-virtualenvs-path }} POETRY_CACHE_DIR: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }} run: | - mise use -g poetry@${{ inputs.poetry-version }} - mise use -g jfrog-cli@${{ inputs.jfrog-version }} echo "POETRY_VIRTUALENVS_PATH=${POETRY_VIRTUALENVS_PATH}" >> "$GITHUB_ENV" echo "POETRY_CACHE_DIR=${POETRY_CACHE_DIR}" >> "$GITHUB_ENV" ${GITHUB_ACTION_PATH}/../../scripts/config-poetry.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d5355ac..164300dc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - name: Configure poetry for Windows + - name: Configure poetry uses: ./.github/actions/config-poetry # We use this job to cache the poetry depend - run: | poetry install @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - name: Configure poetry for Windows + - name: Configure poetry uses: ./.github/actions/config-poetry - run: | poetry run black src/ tests/ --check @@ -142,6 +142,8 @@ jobs: uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Configure poetry uses: ./.github/actions/config-poetry + with: + python-version: ${{ matrix.python-version }} - name: Execute the test suite run: | poetry run pytest tests/ From e1d9948ac6bbb3d68dce7c6df72a9a1d7c8349de Mon Sep 17 00:00:00 2001 From: David Kunzmann Date: Fri, 24 Oct 2025 11:13:42 +0200 Subject: [PATCH 4/6] Test with pipx backend --- .github/actions/config-poetry/action.yml | 14 +++++++++----- .github/workflows/build.yml | 2 +- mise.toml | 4 ++-- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/actions/config-poetry/action.yml b/.github/actions/config-poetry/action.yml index 159a7b35..790cfda7 100644 --- a/.github/actions/config-poetry/action.yml +++ b/.github/actions/config-poetry/action.yml @@ -5,7 +5,7 @@ description: GitHub Action to configure a poetry project inputs: python-version: description: The version of python to use - default: 3.12.12 + default: 3.12.1 poetry-version: description: The version of poetry to install default: 2.2.1 @@ -41,15 +41,19 @@ runs: path: ${{ inputs.poetry-cache-dir }} key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} restore-keys: poetry-${{ runner.os }}- - - name: Install mise and tools + - name: Install mise and Python uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 with: version: 2025.7.12 - - name: Install Python $${{ inputs.python-version }} + install_args: "python@${{ inputs.python-version }}" + - name: Install Pipx backend for mise shell: bash run: | - mise install python@${{ inputs.python-version }} - mise use -g python@${{ inputs.python-version }} + pip install --user pipx + - name: Install tools through mise + uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 + with: + version: 2025.7.12 - name: Vault # yamllint disable rule:line-length id: secrets diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 164300dc..beec9bec 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -159,7 +159,7 @@ jobs: - name: Checkout repository uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Configure poetry for Windows - uses: ./.github/actions/config-poetry-win + uses: ./.github/actions/config-poetry - name: Execute the test suite run: | poetry run pytest tests/ diff --git a/mise.toml b/mise.toml index f55a5dc1..bd3ac8fc 100644 --- a/mise.toml +++ b/mise.toml @@ -1,3 +1,3 @@ [tools] -jfrog-cli = "2.77.0" -poetry = "2.2.1" +"pipx:jfrog-cli" = "2.77.0" +"pipx:poetry" = "2.2.1" From 488eec607fd817e4c0c22cbb8c011229d6f02c71 Mon Sep 17 00:00:00 2001 From: David Kunzmann Date: Fri, 24 Oct 2025 11:52:20 +0200 Subject: [PATCH 5/6] Getting rid of the pipx backend --- .github/actions/config-poetry-win/action.yml | 68 ------------------- .github/actions/config-poetry/action.yml | 11 ++- .../config-poetry}/config-poetry.sh | 0 mise.toml | 12 +++- 4 files changed, 15 insertions(+), 76 deletions(-) delete mode 100644 .github/actions/config-poetry-win/action.yml rename .github/{scripts => actions/config-poetry}/config-poetry.sh (100%) diff --git a/.github/actions/config-poetry-win/action.yml b/.github/actions/config-poetry-win/action.yml deleted file mode 100644 index 23366b01..00000000 --- a/.github/actions/config-poetry-win/action.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -name: Configure Poetry for Windows -description: GitHub Action to configure a poetry project for windows runner - -inputs: - poetry-version: - description: The version of poetry to install - default: 2.2.1 - poetry-virtualenvs-path: - description: Path to the Poetry virtual environments, relative to GitHub workspace. The folder is cached only if it is a subdirectory of - `poetry-cache-dir`. - default: .cache/pypoetry/virtualenvs - poetry-cache-dir: - description: Path to the Poetry cache directory, relative to GitHub workspace. - default: .cache/pypoetry -outputs: - BUILD_NUMBER: - description: The build number, incremented or reused if already cached - value: ${{ steps.get_build_number.outputs.BUILD_NUMBER }} - -runs: - using: composite - steps: - - name: Set build parameters - shell: bash - env: - ARTIFACTORY_READER_ROLE: private-reader - run: | - echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/ci-github-actions/get-build-number@v1 - id: get_build_number - - name: Cache local Poetry cache - uses: SonarSource/ci-github-actions/cache@v1 - with: - path: ${{ inputs.poetry-cache-dir }} - key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} - restore-keys: poetry-${{ runner.os }}- - - name: Vault - id: secrets - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 - with: - secrets: | - development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; - - name: Install JFrog - id: install_jfrog - shell: pwsh - run: | - Start-Process -Wait -Verb RunAs powershell '-NoProfile iwr https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/[RELEASE]/jfrog-cli-windows-amd64/jf.exe -OutFile $env:SYSTEMROOT\system32\jf.exe' - jf intro - - name: Install Poetry - id: install_poetry - shell: bash - run: | - pip install poetry==${{ inputs.poetry-version }} - - name: Config Poetry - id: config - shell: bash - env: - ARTIFACTORY_URL: https://repox.jfrog.io/artifactory - ARTIFACTORY_PYPI_REPO: sonarsource-pypi - ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} - POETRY_VIRTUALENVS_PATH: ${{ github.workspace }}/${{ inputs.poetry-virtualenvs-path }} - POETRY_CACHE_DIR: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }} - run: | - echo "POETRY_VIRTUALENVS_PATH=${POETRY_VIRTUALENVS_PATH}" >> "$GITHUB_ENV" - echo "POETRY_CACHE_DIR=${POETRY_CACHE_DIR}" >> "$GITHUB_ENV" - ${GITHUB_ACTION_PATH}/../../scripts/config-poetry.sh - diff --git a/.github/actions/config-poetry/action.yml b/.github/actions/config-poetry/action.yml index 790cfda7..c2cc8811 100644 --- a/.github/actions/config-poetry/action.yml +++ b/.github/actions/config-poetry/action.yml @@ -45,15 +45,12 @@ runs: uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 with: version: 2025.7.12 - install_args: "python@${{ inputs.python-version }}" - - name: Install Pipx backend for mise - shell: bash - run: | - pip install --user pipx - - name: Install tools through mise + install_args: "python@${{ inputs.python-version }}" + - name: Install jfrog and poetry through mise uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 with: version: 2025.7.12 + experimental: true # needed to use the http backend for installation of jfrog on windows - name: Vault # yamllint disable rule:line-length id: secrets @@ -74,5 +71,5 @@ runs: run: | echo "POETRY_VIRTUALENVS_PATH=${POETRY_VIRTUALENVS_PATH}" >> "$GITHUB_ENV" echo "POETRY_CACHE_DIR=${POETRY_CACHE_DIR}" >> "$GITHUB_ENV" - ${GITHUB_ACTION_PATH}/../../scripts/config-poetry.sh + ${GITHUB_ACTION_PATH}/config-poetry.sh diff --git a/.github/scripts/config-poetry.sh b/.github/actions/config-poetry/config-poetry.sh similarity index 100% rename from .github/scripts/config-poetry.sh rename to .github/actions/config-poetry/config-poetry.sh diff --git a/mise.toml b/mise.toml index bd3ac8fc..80ef1bc0 100644 --- a/mise.toml +++ b/mise.toml @@ -1,3 +1,13 @@ [tools] -"pipx:jfrog-cli" = "2.77.0" "pipx:poetry" = "2.2.1" + +[tools."asdf:jfrog-cli"] +version = "2.77.0" +os = ["linux", "macos"] + +[tools."http:jfrog-cli"] +version = "2.77.0" +os = ["windows"] + +[tools."http:jfrog-cli".platforms] +windows-x64 = { url = "https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/2.77.0/jfrog-cli-windows-amd64/jf.exe", install = "cp ${MISE_DOWNLOAD_PATH} ${MISE_INSTALL_PATH}/bin/jf.exe" } From 0bb15a55867d5fd8d9543db8d0474dac129bd992 Mon Sep 17 00:00:00 2001 From: David Kunzmann Date: Mon, 27 Oct 2025 08:57:01 +0100 Subject: [PATCH 6/6] Used provided sonar version --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index beec9bec..87497753 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -170,6 +170,8 @@ jobs: permissions: id-token: write contents: write + env: + SONARQUBE_VERSION: 25.3.0.104237 steps: - name: Checkout repository uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 @@ -185,10 +187,8 @@ jobs: run: | mkdir -p sonarqube_cache if [ ! -f sonarqube_cache/sonarqube.zip ]; then - wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.3.0.104237.zip -O sonarqube_cache/sonarqube.zip + wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONARQUBE_VERSION.zip -O sonarqube_cache/sonarqube.zip fi - env: - SONARQUBE_VERSION: 25.3.0.104237 - name: Configure poetry uses: ./.github/actions/config-poetry - name: Execute the integration tests