SLE Fix Signing #114
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - dogfood-on-* | |
| - branch-* | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| consistency_check: | |
| runs-on: github-ubuntu-latest-s | |
| name: SLCORE Consistency | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Setup Maven Toolchains | |
| shell: bash | |
| run: .github/scripts/check-slcore-consistency.sh | |
| build: | |
| outputs: | |
| project-version: ${{ steps.version.outputs.project-version }} | |
| runs-on: github-ubuntu-latest-m | |
| name: Build Project | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.9.12 | |
| - name: Setup Maven Toolchains | |
| shell: bash | |
| run: .github/scripts/setup-maven-toolchains.sh | |
| - uses: SonarSource/ci-github-actions/get-build-number@v1 | |
| - name: Setup DigiCert Client Tools | |
| uses: SonarSource/ci-github-actions/code-signing@v1 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| env: | |
| CURRENT_VERSION: skip | |
| PROJECT_VERSION: skip | |
| with: | |
| common-mvn-flags: -Declipse.p2.mirrors=false -Dmaven.test.skip=true -Dsonar.skip=true -Dcyclonedx.skip=false --batch-mode --no-transfer-progress --errors --fail-at-end | |
| artifactory-reader-role: private-reader | |
| - name: Set project version | |
| id: version | |
| run: .github/scripts/set_maven_build_version.sh | |
| - uses: SonarSource/ci-github-actions/build-maven@v1 | |
| with: | |
| maven-args: -Declipse.p2.mirrors=false -Dcyclonedx.skip=false -DskipTests -Djacoco.append=true -Dsonar.coverage.jacoco.xmlReportPaths=org.sonarlint.eclipse.core.tests/target/site/jacoco-aggregate/jacoco.xml | |
| artifactory-reader-role: private-reader | |
| artifactory-deployer-role: qa-deployer | |
| deploy-pull-request: true | |
| - name: Upload site artifacts | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: site-zip | |
| path: org.sonarlint.eclipse.site/target/org.sonarlint.eclipse.site-*.zip | |
| validate: | |
| needs: [ build ] | |
| runs-on: github-ubuntu-latest-m | |
| name: Validate | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.9.12 | |
| - name: Install Validate Dependencies | |
| shell: bash | |
| run: .github/scripts/install-dependencies.sh | |
| - name: Setup Maven Toolchains (JDK 11/17/21) | |
| shell: bash | |
| run: .github/scripts/setup-maven-toolchains.sh | |
| - name: Setup DigiCert Client Tools | |
| uses: SonarSource/ci-github-actions/code-signing@v1 | |
| - uses: SonarSource/ci-github-actions/get-build-number@v1 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| env: | |
| CURRENT_VERSION: skip | |
| PROJECT_VERSION: skip | |
| with: | |
| artifactory-reader-role: private-reader | |
| common-mvn-flags: -Declipse.p2.mirrors=false -Dmaven.install.skip=true -Dsonar.skip=true -Dcyclonedx.skip=false --batch-mode --no-transfer-progress --errors --fail-at-end | |
| - name: Run unit tests with Xvfb | |
| shell: bash | |
| env: | |
| DISPLAY: :10 | |
| run: | | |
| # Start X server and window manager | |
| Xvfb :10 -screen 0 1920x1080x24 > Xvfb.out 2>&1 & | |
| metacity --sm-disable --replace & | |
| sleep 10 | |
| # Execute tests with coverage | |
| mvn -B -e -V org.jacoco:jacoco-maven-plugin:prepare-agent verify \ | |
| -Pcoverage \ | |
| -Declipse.p2.mirrors=false \ | |
| -Djacoco.append=true \ | |
| -Djacoco.destFile=${GITHUB_WORKSPACE}/ut-coverage.exec | |
| - name: Upload UT coverage | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ut-coverage | |
| path: | | |
| ${{ github.workspace }}/ut-coverage*.exec | |
| - name: Upload Maven test logs | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mvn-test-logs | |
| path: 'org.sonarlint.eclipse.core.tests/target/work/configuration/*.log,org.sonarlint.eclipse.core.tests/target/work/data/.metadata/.log' | |
| - name: Upload Xvfb logs and JUnit XML on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: failure-logs | |
| path: 'Xvfb.out,**/target/surefire-reports/TEST-*.xml' | |
| - name: Generate QA test report on failure | |
| if: failure() | |
| uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1 | |
| with: | |
| name: QA Validate Test Report | |
| reporter: java-junit | |
| path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml' | |
| list-suites: failed | |
| list-tests: failed | |
| fail-on-empty: false | |
| qa_connectedModeSonarQube: | |
| needs: [build] | |
| runs-on: github-ubuntu-latest-m | |
| name: QA Connected Mode SonarQube | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - SQ_VERSION: 'LATEST_RELEASE[9.9]' | |
| QA_CATEGORY: 'LATEST_RELEASE_99' | |
| - SQ_VERSION: 'LATEST_RELEASE' | |
| QA_CATEGORY: 'LATEST_RELEASE' | |
| - SQ_VERSION: 'DEV' | |
| QA_CATEGORY: 'DEV' | |
| env: | |
| DISPLAY: :10 | |
| MAVEN_OPTS: -Xmx3072m | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.9.12 | |
| - name: Compute month key | |
| id: month | |
| shell: bash | |
| run: | | |
| THIS_MONTH="$(date +%Y-%m)" | |
| echo "month=${THIS_MONTH}" >> "$GITHUB_OUTPUT" | |
| ORCHESTRATOR_HOME="${GITHUB_WORKSPACE}/orchestrator/${THIS_MONTH}" | |
| echo "ORCHESTRATOR_HOME=${ORCHESTRATOR_HOME}" >> "$GITHUB_ENV" | |
| echo "Create dir ${ORCHESTRATOR_HOME} if needed" | |
| mkdir -p "${ORCHESTRATOR_HOME}" | |
| - uses: SonarSource/ci-github-actions/cache@v1 | |
| with: | |
| path: ${{ github.workspace }}/orchestrator/${{ steps.month.outputs.month }} | |
| key: cache-${{ runner.os }}-${{ steps.month.outputs.month }} | |
| restore-keys: | | |
| cache-${{ runner.os }} | |
| - name: Install UI deps (Xvfb, metacity, ffmpeg) | |
| shell: bash | |
| run: .github/scripts/install-dependencies.sh | |
| - name: Setup Maven Toolchains (JDK 11/17/21) | |
| shell: bash | |
| run: .github/scripts/setup-maven-toolchains.sh | |
| - uses: SonarSource/ci-github-actions/get-build-number@v1 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| env: | |
| CURRENT_VERSION: skip | |
| PROJECT_VERSION: skip | |
| with: | |
| artifactory-reader-role: private-reader | |
| common-mvn-flags: -Declipse.p2.mirrors=false -Dmaven.install.skip=true -Dsonar.skip=true --batch-mode --no-transfer-progress --errors --fail-at-end | |
| - name: Download site artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: site-zip | |
| path: site-artifact | |
| - name: Unpack site and detect P2 repo dir | |
| id: p2 | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| mkdir -p "$GITHUB_WORKSPACE/staged-repository" | |
| ZIP=$(ls -1 site-artifact/*.zip | head -n1) | |
| echo "Unzipping $ZIP" | |
| unzip -q "$ZIP" -d "$GITHUB_WORKSPACE/staged-repository" | |
| P2_DIR=$(find "$GITHUB_WORKSPACE/staged-repository" -type f \( -name 'artifacts.jar' -o -name 'artifacts.xml*' \) -printf '%h\n' | head -n1) | |
| if [ -z "$P2_DIR" ]; then | |
| echo "::error::Failed to locate P2 repository in unzipped site" | |
| exit 1 | |
| fi | |
| echo "P2_DIR=$P2_DIR" >> "$GITHUB_ENV" | |
| - name: Vault (GitHub token) | |
| id: secrets-gh | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Start Xvfb and recording | |
| shell: bash | |
| run: .github/scripts/start-xvfb-recording.sh "recording_${{ matrix.QA_CATEGORY }}" | |
| - name: Run ITs (Connected Mode with SonarQube) with Xvfb | |
| shell: bash | |
| working-directory: its | |
| env: | |
| SQ_VERSION: ${{ matrix.SQ_VERSION }} | |
| QA_CATEGORY: ${{ matrix.QA_CATEGORY }} | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets-gh.outputs.vault).GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| echo "Run ITs on Eclipse latest Java 17 target and Server ${SQ_VERSION}" | |
| mvn -B -e -V org.jacoco:jacoco-maven-plugin:prepare-agent verify \ | |
| -P coverage,\!standaloneMode,\!connectedModeSc,\!cdtIntegration \ | |
| -Declipse.p2.mirrors=false \ | |
| -Dtarget.platform=latest-java-17_e431 \ | |
| -Dtycho.localArtifacts=ignore \ | |
| -Dsonarlint-eclipse.p2.url="file://${P2_DIR}" \ | |
| -Dsonar.runtimeVersion=${SQ_VERSION} \ | |
| -Djacoco.append=true \ | |
| -Djacoco.destFile=${GITHUB_WORKSPACE}/it-coverage.exec | |
| mv ${GITHUB_WORKSPACE}/it-coverage.exec ${GITHUB_WORKSPACE}/it-coverage-${QA_CATEGORY}.exec | |
| - name: Stop recording and Xvfb | |
| if: always() | |
| shell: bash | |
| run: .github/scripts/stop-xvfb-recording.sh | |
| - name: Upload video | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: recording-${{ matrix.QA_CATEGORY }} | |
| path: ${{ github.workspace }}/recording_${{ matrix.QA_CATEGORY }}.mp4 | |
| - name: Upload IT coverage | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: jacoco-it-${{ matrix.QA_CATEGORY }}-coverage | |
| path: ${{ github.workspace }}/it-coverage-${{ matrix.QA_CATEGORY }}.exec | |
| - name: Upload IT logs | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mvn-it-logs-${{ matrix.QA_CATEGORY }} | |
| path: 'its/**/target/work/configuration/*.log,its/**/target/work/data/.metadata/.log' | |
| - name: Upload failure diagnostics | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: failure-${{ matrix.QA_CATEGORY }} | |
| path: 'Xvfb.out,**/test-results/**/*.xml,**/target/surefire-reports/TEST-*.xml' | |
| - name: Generate QA test report on failure | |
| if: failure() | |
| uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1 | |
| with: | |
| name: QA ${{ matrix.QA_CATEGORY }} Test Report | |
| reporter: java-junit | |
| path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml' | |
| list-suites: failed | |
| list-tests: failed | |
| fail-on-empty: false | |
| qa_connectedModeSonarCloud: | |
| needs: [ build ] | |
| runs-on: github-ubuntu-latest-m | |
| name: QA Connected Mode SonarCloud | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - SQC_REGION: 'EU' | |
| - SQC_REGION: 'US' | |
| env: | |
| DISPLAY: :10 | |
| MAVEN_OPTS: -Xmx3072m | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.9.12 | |
| - name: Install UI deps (Xvfb, metacity, ffmpeg) | |
| shell: bash | |
| run: .github/scripts/install-dependencies.sh | |
| - name: Setup Maven Toolchains (JDK 11/17/21) | |
| shell: bash | |
| run: .github/scripts/setup-maven-toolchains.sh | |
| - uses: SonarSource/ci-github-actions/get-build-number@v1 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| env: | |
| CURRENT_VERSION: skip | |
| PROJECT_VERSION: skip | |
| with: | |
| artifactory-reader-role: private-reader | |
| common-mvn-flags: -Declipse.p2.mirrors=false -Dmaven.install.skip=true -Dsonar.skip=true --batch-mode --no-transfer-progress --errors --fail-at-end | |
| - name: Download site artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: site-zip | |
| path: site-artifact | |
| - name: Unpack site and detect P2 repo dir | |
| id: p2 | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| mkdir -p "$GITHUB_WORKSPACE/staged-repository" | |
| ZIP=$(ls -1 site-artifact/*.zip | head -n1) | |
| echo "Unzipping $ZIP" | |
| unzip -q "$ZIP" -d "$GITHUB_WORKSPACE/staged-repository" | |
| P2_DIR=$(find "$GITHUB_WORKSPACE/staged-repository" -type f \( -name 'artifacts.jar' -o -name 'artifacts.xml*' \) -printf '%h\n' | head -n1) | |
| if [ -z "$P2_DIR" ]; then | |
| echo "::error::Failed to locate P2 repository in unzipped site" | |
| exit 1 | |
| fi | |
| echo "P2_DIR=$P2_DIR" | tee -a "$GITHUB_ENV" | |
| - name: Vault (SonarCloud and GitHub tokens) | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| development/team/sonarlint/kv/data/sonarcloud-it token | SONARCLOUD_IT_TOKEN; | |
| development/team/sonarlint/kv/data/sonarcloud-it-US token | SONARCLOUD_IT_TOKEN_US; | |
| - name: Start Xvfb and recording | |
| shell: bash | |
| run: .github/scripts/start-xvfb-recording.sh "recording_${{ matrix.SQC_REGION }}" | |
| - name: Run ITs (Connected Mode with SonarCloud) | |
| shell: bash | |
| working-directory: its | |
| env: | |
| SQC_REGION: ${{ matrix.SQC_REGION }} | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| SONARCLOUD_IT_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONARCLOUD_IT_TOKEN }} | |
| SONARCLOUD_IT_TOKEN_US: ${{ fromJSON(steps.secrets.outputs.vault).SONARCLOUD_IT_TOKEN_US }} | |
| run: | | |
| set -euo pipefail | |
| echo "Run ITs on Eclipse latest Java 21 target with SonarCloud ${SQC_REGION}" | |
| mvn -B -e -V org.jacoco:jacoco-maven-plugin:prepare-agent verify \ | |
| -P coverage,\!standaloneMode,\!connectedModeSq,\!cdtIntegration \ | |
| -Declipse.p2.mirrors=false \ | |
| -Dtarget.platform=latest-java-21 \ | |
| -Dtycho.localArtifacts=ignore \ | |
| -Dsonarlint-eclipse.p2.url="file://${P2_DIR}" \ | |
| -Dsonar.region=${SQC_REGION} \ | |
| -Djacoco.append=true \ | |
| -Djacoco.destFile=${GITHUB_WORKSPACE}/it-coverage.exec | |
| mv ${GITHUB_WORKSPACE}/it-coverage.exec ${GITHUB_WORKSPACE}/it-coverage-sc-${SQC_REGION}.exec | |
| - name: Stop recording and Xvfb | |
| if: always() | |
| shell: bash | |
| run: .github/scripts/stop-xvfb-recording.sh | |
| - name: Upload video | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: recording-${{ matrix.SQC_REGION }} | |
| path: ${{ github.workspace }}/recording_${{ matrix.SQC_REGION }}.mp4 | |
| - name: Upload IT coverage | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: jacoco-it-sc-${{ matrix.SQC_REGION }}-coverage | |
| path: ${{ github.workspace }}/it-coverage-sc-${{ matrix.SQC_REGION }}.exec | |
| - name: Upload IT logs | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mvn-it-logs-sc-${{ matrix.SQC_REGION }} | |
| path: 'its/**/target/work/configuration/*.log,its/**/target/work/data/.metadata/.log' | |
| - name: Upload failure diagnostics | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: failure-sc-${{ matrix.SQC_REGION }} | |
| path: 'Xvfb.out,**/test-results/**/*.xml,**/target/surefire-reports/TEST-*.xml' | |
| - name: Generate QA test report on failure | |
| if: failure() | |
| uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1 | |
| with: | |
| name: QA SC ${{ matrix.SQC_REGION }} Test Report | |
| reporter: java-junit | |
| path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml' | |
| list-suites: failed | |
| list-tests: failed | |
| fail-on-empty: false | |
| qa_standaloneMode: | |
| needs: [ build ] | |
| runs-on: github-ubuntu-latest-m | |
| name: QA Standalone Mode | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - TARGET_PLATFORM: 'oldest-java-11_e417' | |
| - TARGET_PLATFORM: 'latest-java-21' | |
| env: | |
| DISPLAY: :10 | |
| MAVEN_OPTS: -Xmx3072m | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.9.12 | |
| - name: Install UI deps (Xvfb, metacity, ffmpeg) | |
| shell: bash | |
| run: .github/scripts/install-dependencies.sh | |
| - name: Setup Maven Toolchains (JDK 11/17/21) | |
| shell: bash | |
| run: .github/scripts/setup-maven-toolchains.sh | |
| - uses: SonarSource/ci-github-actions/get-build-number@v1 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| env: | |
| CURRENT_VERSION: skip | |
| PROJECT_VERSION: skip | |
| with: | |
| artifactory-reader-role: private-reader | |
| common-mvn-flags: -Declipse.p2.mirrors=false -Dmaven.install.skip=true -Dsonar.skip=true --batch-mode --no-transfer-progress --errors --fail-at-end | |
| - name: Download site artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: site-zip | |
| path: site-artifact | |
| - name: Unpack site and detect P2 repo dir | |
| id: p2 | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| mkdir -p "$GITHUB_WORKSPACE/staged-repository" | |
| ZIP=$(ls -1 site-artifact/*.zip | head -n1) | |
| echo "Unzipping $ZIP" | |
| unzip -q "$ZIP" -d "$GITHUB_WORKSPACE/staged-repository" | |
| P2_DIR=$(find "$GITHUB_WORKSPACE/staged-repository" -type f \( -name 'artifacts.jar' -o -name 'artifacts.xml*' \) -printf '%h\n' | head -n1) | |
| if [ -z "$P2_DIR" ]; then | |
| echo "::error::Failed to locate P2 repository in unzipped site" | |
| exit 1 | |
| fi | |
| echo "P2_DIR=$P2_DIR" | tee -a "$GITHUB_ENV" | |
| - name: Vault (GitHub token) | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Start Xvfb and recording | |
| shell: bash | |
| run: .github/scripts/start-xvfb-recording.sh "recording_${{ matrix.TARGET_PLATFORM }}" | |
| - name: Run ITs (Standalone Mode) | |
| shell: bash | |
| working-directory: its | |
| env: | |
| TARGET_PLATFORM: ${{ matrix.TARGET_PLATFORM }} | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| echo "Run ITs for Standalone Mode on Eclipse ${TARGET_PLATFORM}" | |
| mvn -B -e -V org.jacoco:jacoco-maven-plugin:prepare-agent verify \ | |
| -P coverage,\!connectedModeSq,\!connectedModeSc,\!cdtIntegration \ | |
| -Declipse.p2.mirrors=false \ | |
| -Dtarget.platform=${TARGET_PLATFORM} \ | |
| -Dtycho.localArtifacts=ignore \ | |
| -Dsonarlint-eclipse.p2.url="file://${P2_DIR}" \ | |
| -Djacoco.append=true \ | |
| -Djacoco.destFile=${GITHUB_WORKSPACE}/it-coverage.exec | |
| mv ${GITHUB_WORKSPACE}/it-coverage.exec ${GITHUB_WORKSPACE}/it-coverage-${TARGET_PLATFORM}.exec | |
| - name: Stop recording and Xvfb | |
| if: always() | |
| shell: bash | |
| run: .github/scripts/stop-xvfb-recording.sh | |
| - name: Upload video | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: recording-${{ matrix.TARGET_PLATFORM }} | |
| path: ${{ github.workspace }}/recording_${{ matrix.TARGET_PLATFORM }}.mp4 | |
| - name: Upload IT coverage | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: jacoco-it-${{ matrix.TARGET_PLATFORM }}-coverage | |
| path: ${{ github.workspace }}/it-coverage-${{ matrix.TARGET_PLATFORM }}.exec | |
| - name: Upload IT logs | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mvn-it-logs-${{ matrix.TARGET_PLATFORM }} | |
| path: 'its/**/target/work/configuration/*.log,its/**/target/work/data/.metadata/.log' | |
| - name: Upload failure diagnostics | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: failure-${{ matrix.TARGET_PLATFORM }} | |
| path: 'Xvfb.out,**/test-results/**/*.xml,**/target/surefire-reports/TEST-*.xml' | |
| - name: Generate QA test report on failure | |
| if: failure() | |
| uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1 | |
| with: | |
| name: QA Standalone ${{ matrix.TARGET_PLATFORM }} Test Report | |
| reporter: java-junit | |
| path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml' | |
| list-suites: failed | |
| list-tests: failed | |
| fail-on-empty: false | |
| qa_cdtIntegration: | |
| needs: [ build ] | |
| runs-on: github-ubuntu-latest-m | |
| name: QA CDT Integration | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - TARGET_PLATFORM: 'oldest-java-11_e417' | |
| - TARGET_PLATFORM: 'latest-java-17_e431' | |
| - TARGET_PLATFORM: 'latest-java-21' | |
| env: | |
| DISPLAY: :10 | |
| MAVEN_OPTS: -Xmx3072m | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.9.12 | |
| - name: Install UI deps (Xvfb, metacity, ffmpeg) | |
| shell: bash | |
| run: .github/scripts/install-dependencies.sh | |
| - name: Setup Maven Toolchains (JDK 11/17/21) | |
| shell: bash | |
| run: .github/scripts/setup-maven-toolchains.sh | |
| - uses: SonarSource/ci-github-actions/get-build-number@v1 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| env: | |
| CURRENT_VERSION: skip | |
| PROJECT_VERSION: skip | |
| with: | |
| artifactory-reader-role: private-reader | |
| common-mvn-flags: -Declipse.p2.mirrors=false -Dmaven.install.skip=true -Dsonar.skip=true --batch-mode --no-transfer-progress --errors --fail-at-end | |
| - name: Download site artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: site-zip | |
| path: site-artifact | |
| - name: Unpack site and detect P2 repo dir | |
| id: p2 | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| mkdir -p "$GITHUB_WORKSPACE/staged-repository" | |
| ZIP=$(ls -1 site-artifact/*.zip | head -n1) | |
| echo "Unzipping $ZIP" | |
| unzip -q "$ZIP" -d "$GITHUB_WORKSPACE/staged-repository" | |
| P2_DIR=$(find "$GITHUB_WORKSPACE/staged-repository" -type f \( -name 'artifacts.jar' -o -name 'artifacts.xml*' \) -printf '%h\n' | head -n1) | |
| if [ -z "$P2_DIR" ]; then | |
| echo "::error::Failed to locate P2 repository in unzipped site" | |
| exit 1 | |
| fi | |
| echo "P2_DIR=$P2_DIR" >> "$GITHUB_ENV" | |
| - name: Vault (GitHub token) | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Start Xvfb and recording | |
| shell: bash | |
| run: .github/scripts/start-xvfb-recording.sh "recording_cdt_${{ matrix.TARGET_PLATFORM }}" | |
| - name: Run ITs (CDT Integration) | |
| shell: bash | |
| working-directory: its | |
| env: | |
| TARGET_PLATFORM: ${{ matrix.TARGET_PLATFORM }} | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| echo "Run ITs for CDT Integration on Eclipse ${TARGET_PLATFORM}" | |
| mvn -B -e -V org.jacoco:jacoco-maven-plugin:prepare-agent verify \ | |
| -P coverage,\!standaloneMode,\!connectedModeSq,\!connectedModeSc \ | |
| -Declipse.p2.mirrors=false \ | |
| -Dtarget.platform=${TARGET_PLATFORM} \ | |
| -Dtycho.localArtifacts=ignore \ | |
| -Dsonarlint-eclipse.p2.url="file://${P2_DIR}" \ | |
| -Djacoco.append=true \ | |
| -Djacoco.destFile=${GITHUB_WORKSPACE}/it-coverage.exec | |
| mv ${GITHUB_WORKSPACE}/it-coverage.exec ${GITHUB_WORKSPACE}/it-coverage-cdt-${TARGET_PLATFORM}.exec | |
| - name: Stop recording and Xvfb | |
| if: always() | |
| shell: bash | |
| run: .github/scripts/stop-xvfb-recording.sh | |
| - name: Upload video | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: recording-cdt-${{ matrix.TARGET_PLATFORM }} | |
| path: ${{ github.workspace }}/recording_cdt_${{ matrix.TARGET_PLATFORM }}.mp4 | |
| - name: Upload IT coverage | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: jacoco-it-cdt-${{ matrix.TARGET_PLATFORM }}-coverage | |
| path: ${{ github.workspace }}/it-coverage-cdt-${{ matrix.TARGET_PLATFORM }}.exec | |
| - name: Upload IT logs | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mvn-it-logs-cdt-${{ matrix.TARGET_PLATFORM }} | |
| path: 'its/**/target/work/configuration/*.log,its/**/target/work/data/.metadata/.log' | |
| - name: Upload failure diagnostics | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: failure-cdt-${{ matrix.TARGET_PLATFORM }} | |
| path: 'Xvfb.out,**/test-results/**/*.xml,**/target/surefire-reports/TEST-*.xml' | |
| - name: Generate QA test report on failure | |
| if: failure() | |
| uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1 | |
| with: | |
| name: QA CDT ${{ matrix.TARGET_PLATFORM }} Test Report | |
| reporter: java-junit | |
| path: '**/target/surefire-reports/TEST-*.xml,**/target/failsafe-reports/*.xml' | |
| list-suites: failed | |
| list-tests: failed | |
| fail-on-empty: false | |
| sonarqube: | |
| needs: [validate, qa_connectedModeSonarCloud, qa_connectedModeSonarQube, qa_standaloneMode, qa_cdtIntegration] | |
| runs-on: github-ubuntu-latest-m | |
| name: SonarQube Analysis | |
| env: | |
| DEPLOY_PULL_REQUEST: false | |
| DISPLAY: :10 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 | |
| with: | |
| version: 2025.9.12 | |
| - name: Setup Maven Toolchains (JDK 11/17/21) | |
| shell: bash | |
| run: .github/scripts/setup-maven-toolchains.sh | |
| - name: Setup DigiCert Client Tools | |
| uses: SonarSource/ci-github-actions/code-signing@v1 | |
| - uses: SonarSource/ci-github-actions/get-build-number@v1 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| env: | |
| CURRENT_VERSION: skip | |
| PROJECT_VERSION: skip | |
| with: | |
| artifactory-reader-role: private-reader | |
| common-mvn-flags: -Declipse.p2.mirrors=false -Dmaven.install.skip=true --batch-mode --no-transfer-progress --errors --fail-at-end | |
| - name: Download IT coverage artifacts | |
| uses: actions/[email protected] | |
| with: | |
| pattern: jacoco-it-* | |
| path: coverage-artifacts | |
| merge-multiple: true | |
| - name: Download UT coverage | |
| uses: actions/[email protected] | |
| with: | |
| name: ut-coverage | |
| path: coverage-artifacts | |
| - name: Prepare coverage files | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| mkdir -p org.sonarlint.eclipse.core.tests/target/ | |
| find coverage-artifacts -type f -name '*.exec' -exec cp {} org.sonarlint.eclipse.core.tests/target/ \; | |
| echo "Prepared coverage exec files in org.sonarlint.eclipse.core.tests/target/" | |
| ls -la org.sonarlint.eclipse.core.tests/target/*.exec || true | |
| - name: Vault (GitHub token) | |
| id: secrets-gh | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Set project version | |
| run: .github/scripts/set_maven_build_version.sh | |
| - uses: SonarSource/ci-github-actions/build-maven@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets-gh.outputs.vault).GITHUB_TOKEN }} | |
| with: | |
| maven-args: | | |
| -P-deploy-sonarsource,-release,-sign | |
| -Declipse.p2.mirrors=false | |
| -Dmaven.install.skip=true | |
| -DskipTests | |
| -Dmaven.deploy.skip=true | |
| -Pcoverage | |
| -Djacoco.append=true | |
| -Dsonar.coverage.jacoco.xmlReportPaths=${{ github.workspace }}/org.sonarlint.eclipse.core.tests/target/site/jacoco-aggregate/jacoco.xml | |
| artifactory-reader-role: private-reader | |
| artifactory-deployer-role: qa-deployer | |
| inspect-orchestrator-cache: | |
| needs: [ qa_connectedModeSonarQube ] | |
| runs-on: github-ubuntu-latest-s | |
| name: Inspect Orchestrator Cache | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Compute month key | |
| id: month | |
| shell: bash | |
| run: | | |
| THIS_MONTH="$(date +%Y-%m)" | |
| echo "month=${THIS_MONTH}" >> "$GITHUB_OUTPUT" | |
| ORCHESTRATOR_HOME="${GITHUB_WORKSPACE}/orchestrator/${THIS_MONTH}" | |
| echo "ORCHESTRATOR_HOME=${ORCHESTRATOR_HOME}" >> "$GITHUB_ENV" | |
| echo "Create dir ${ORCHESTRATOR_HOME} if needed" | |
| mkdir -p "${ORCHESTRATOR_HOME}" | |
| - uses: SonarSource/ci-github-actions/cache@v1 | |
| with: | |
| path: ${{ github.workspace }}/orchestrator/${{ steps.month.outputs.month }} | |
| key: cache-${{ runner.os }}-${{ steps.month.outputs.month }} | |
| restore-keys: | | |
| cache-${{ runner.os }} | |
| - name: Inspect cache directory | |
| shell: bash | |
| run: | | |
| echo "Inspecting cache ${ORCHESTRATOR_HOME}..." | |
| cd "${ORCHESTRATOR_HOME}" | |
| ls -l | |
| find . | |
| echo "Inspecting cache done." | |
| promote: | |
| needs: | |
| - validate | |
| - sonarqube | |
| if: github.event_name == 'pull_request' || github.ref_name == 'master' || startsWith(github.ref_name, 'branch-') | |
| runs-on: github-ubuntu-latest-s | |
| name: Promote | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: SonarSource/ci-github-actions/promote@v1 | |
| with: | |
| promote-pull-request: true | |
| dogfood: | |
| needs: | |
| - build | |
| - promote | |
| if: github.event_name != 'pull_request' || github.ref_name == 'master' || startsWith(github.ref_name, 'branch-') | |
| runs-on: github-ubuntu-latest-s | |
| name: Publish Dogfood Site | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Download site artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: site-zip | |
| path: site-artifact | |
| - name: Debug - List downloaded artifacts | |
| shell: bash | |
| run: | | |
| echo "=== Tree view of GITHUB_WORKSPACE ===" | |
| tree -a "$GITHUB_WORKSPACE" || find "$GITHUB_WORKSPACE" -print | sed -e 's;[^/]*/;|____;g;s;____|; |;g' | |
| - name: Vault (AWS and Artifactory credentials) | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/aws/sts/downloads access_key | AWS_ACCESS_KEY_ID; | |
| development/aws/sts/downloads secret_key | AWS_SECRET_ACCESS_KEY; | |
| development/aws/sts/downloads security_token | AWS_SESSION_TOKEN; | |
| development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; | |
| development/kv/data/repox url | ARTIFACTORY_URL; | |
| - name: Publish dogfood site to S3 | |
| shell: bash | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ fromJSON(steps.secrets.outputs.vault).AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ fromJSON(steps.secrets.outputs.vault).AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).AWS_SESSION_TOKEN }} | |
| AWS_DEFAULT_REGION: eu-central-1 | |
| ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} | |
| ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }} | |
| GITHUB_RUN_ID: ${{ github.run_id }} | |
| PROJECT_VERSION: ${{ needs.build.outputs.project-version }} | |
| run: | | |
| chmod +x .github/scripts/publish-dogfood-site.sh | |
| .github/scripts/publish-dogfood-site.sh | |
| notify: | |
| runs-on: github-ubuntu-latest-s # Public GH runner is required, runners starting with sonar-* do not support this action | |
| needs: [ build, sonarqube, qa_connectedModeSonarQube, qa_cdtIntegration, qa_standaloneMode, qa_connectedModeSonarCloud, validate, promote ] | |
| if: ${{ always() && contains(join(needs.*.result, ','), 'failure') }} | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Vault Secrets | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/kv/data/slack token | SLACK_BOT_TOKEN; | |
| - name: Slack Notification rtCamp | |
| uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 | |
| env: | |
| SLACK_TOKEN: >- | |
| ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }} | |
| SLACK_CHANNEL: squad-ide-eclipse-bots | |
| SLACK_TITLE: Build Failed | |
| SLACK_MESSAGE: | | |
| Workflow failed in ${{ github.repository }} 🚨 | |
| ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| Branch: ${{ github.head_ref || github.ref_name }} | |
| Author: ${{ github.event.pull_request.user.login }} | |
| SLACK_USERNAME: BuildBot | |
| SLACK_COLOR: danger |