Update all non-major dependencies #182
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - branch-* | |
| - dogfood-* | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "30 1 * * *" # Run daily at 01:30 AM UTC | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: github-ubuntu-latest-s | |
| name: Build | |
| permissions: | |
| id-token: write # Required for Vault OIDC authentication | |
| contents: write # Required for repository access and tagging | |
| outputs: | |
| build-number: ${{ steps.build-step.outputs.BUILD_NUMBER }} | |
| deployed: ${{ steps.build-step.outputs.deployed }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/ci-github-actions/build-gradle@v1 | |
| id: build-step | |
| with: | |
| deploy-pull-request: true | |
| artifactory-reader-role: private-reader | |
| artifactory-deployer-role: qa-deployer | |
| qa: | |
| needs: [build] | |
| if: ${{ needs.build.outputs.deployed }} | |
| runs-on: github-ubuntu-latest-m | |
| permissions: | |
| id-token: write | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| item: | |
| - { sq-version: "LATEST_RELEASE[2025.1]" } | |
| - { sq-version: "LATEST_RELEASE[2025.4]" } | |
| - { sq-version: "DEV" } | |
| name: "QA Tests - SQ : ${{ matrix.item.sq-version }}" | |
| env: | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - name: Get GitHub Token for Artifactory access | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 | |
| with: | |
| secrets: | | |
| development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; | |
| - name: Configure Gradle | |
| uses: SonarSource/ci-github-actions/build-gradle@v1 | |
| with: | |
| gradle-args: "-x build -x sonar -x artifactoryPublish" # Skip everything to only configure Gradle and Artifactory access | |
| artifactory-reader-role: private-reader | |
| artifactory-deployer-role: qa-deployer | |
| - name: Run QA Tests | |
| shell: bash | |
| env: | |
| ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} | |
| SQ_VERSION: ${{ matrix.item.sq-version }} | |
| run: >- | |
| ./gradlew -DbuildNumber=$BUILD_NUMBER | |
| -PintegrationTests=true | |
| -Dsonar.runtimeVersion=$SQ_VERSION | |
| -Dorchestrator.artifactory.accessToken=$ARTIFACTORY_ACCESS_TOKEN | |
| --console plain --no-daemon --info | |
| build test | |
| promote: | |
| needs: [build, qa] | |
| if: ${{ needs.build.outputs.deployed }} | |
| runs-on: github-ubuntu-latest-s | |
| name: Promote | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| steps: | |
| - uses: SonarSource/ci-github-actions/promote@v1 | |
| with: | |
| promote-pull-request: true |