From 2099534d825c6a1525edb4f1d50e89974c4e33f5 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Thu, 4 Jun 2026 10:52:00 +0200 Subject: [PATCH 01/11] BUILD-11521: Test build-poetry with repox.dev.sonar.build on dev runner --- .github/workflows/build.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 655b697..e736d50 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,8 @@ jobs: concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} - runs-on: github-ubuntu-latest-s + runs-on: + group: sonar-dev name: Build permissions: id-token: write @@ -24,8 +25,9 @@ jobs: with: egress-policy: audit - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: SonarSource/ci-github-actions/build-poetry@master # dogfood + - uses: SonarSource/ci-github-actions/build-poetry@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood with: + repox-url: https://repox.dev.sonar.build sonar-platform: sqc-eu deploy-pull-request: true provenance: 'true' @@ -45,6 +47,6 @@ jobs: - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - - uses: SonarSource/ci-github-actions/promote@master # dogfood + - uses: SonarSource/ci-github-actions/promote@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood with: promote-pull-request: true From 33d10e2b24caf3e057d150acd22b73391d0aacd7 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Thu, 4 Jun 2026 17:18:57 +0200 Subject: [PATCH 02/11] BUILD-11521: Fix runs-on to preserve runner label --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e736d50..9531f8c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,6 +15,7 @@ jobs: cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} runs-on: group: sonar-dev + labels: github-ubuntu-latest-s name: Build permissions: id-token: write From 68b945fa2a46c22235dddbe76b737999bb0b627f Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Thu, 4 Jun 2026 19:18:07 +0200 Subject: [PATCH 03/11] BUILD-11521: Add repox-url to promote step --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9531f8c..bde3978 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -51,3 +51,5 @@ jobs: - uses: SonarSource/ci-github-actions/promote@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood with: promote-pull-request: true + with: + repox-url: https://repox.dev.sonar.build From 3be04abb5aacdd24649c7eafd3bf26757c1b3f93 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 09:31:15 +0200 Subject: [PATCH 04/11] BUILD-11521: Add repox-url to promote step --- .github/workflows/build.yml | 55 ------------------------------------- 1 file changed, 55 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bde3978..e69de29 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,55 +0,0 @@ -name: Build -on: - push: - branches: - - master - - branch-* - pull_request: - merge_group: - workflow_dispatch: - -jobs: - build: - concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} - runs-on: - group: sonar-dev - labels: github-ubuntu-latest-s - name: Build - permissions: - id-token: write - contents: write - attestations: write - steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 - with: - egress-policy: audit - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: SonarSource/ci-github-actions/build-poetry@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood - with: - repox-url: https://repox.dev.sonar.build - sonar-platform: sqc-eu - deploy-pull-request: true - provenance: 'true' - - promote: - needs: - - build - concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} - runs-on: github-ubuntu-latest-s - name: Promote - permissions: - id-token: write - contents: write - steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 - with: - egress-policy: audit - - uses: SonarSource/ci-github-actions/promote@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood - with: - promote-pull-request: true - with: - repox-url: https://repox.dev.sonar.build From 4a8e161c688f7dc89d142615b5c386bb6f60bf3d Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 09:46:08 +0200 Subject: [PATCH 05/11] BUILD-11521: Restore workflow and add repox-url to promote --- .github/workflows/build.yml | 54 +++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e69de29..ab1724f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -0,0 +1,54 @@ +name: Build +on: + push: + branches: + - master + - branch-* + pull_request: + merge_group: + workflow_dispatch: + +jobs: + build: + concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} + runs-on: + group: sonar-dev + labels: github-ubuntu-latest-s + name: Build + permissions: + id-token: write + contents: write + attestations: write + steps: + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + with: + egress-policy: audit + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: SonarSource/ci-github-actions/build-poetry@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood + with: + repox-url: https://repox.dev.sonar.build + sonar-platform: sqc-eu + deploy-pull-request: true + provenance: 'true' + + promote: + needs: + - build + concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} + runs-on: github-ubuntu-latest-s + name: Promote + permissions: + id-token: write + contents: write + steps: + - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + with: + egress-policy: audit + - uses: SonarSource/ci-github-actions/promote@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood + with: + repox-url: https://repox.dev.sonar.build + promote-pull-request: true \ No newline at end of file From 0813d1a1c0e2396883b9da6bfffbc82c1c3fa8c8 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 10:14:36 +0200 Subject: [PATCH 06/11] BUILD-11521: Fix missing trailing newline in workflow --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ab1724f..c0d1fbf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -51,4 +51,4 @@ jobs: - uses: SonarSource/ci-github-actions/promote@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood with: repox-url: https://repox.dev.sonar.build - promote-pull-request: true \ No newline at end of file + promote-pull-request: true From 7928661ef5d142b84b9f905b1845341f840e4db2 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 11:50:39 +0200 Subject: [PATCH 07/11] BUILD-11521: Run Promote on sonar-dev runner to reach dev Repox --- .github/workflows/build.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c0d1fbf..22280f4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,8 +39,9 @@ jobs: concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} - runs-on: github-ubuntu-latest-s - name: Promote + runs-on: + group: sonar-dev + labels: github-ubuntu-latest-s name: Promote permissions: id-token: write contents: write @@ -51,4 +52,4 @@ jobs: - uses: SonarSource/ci-github-actions/promote@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood with: repox-url: https://repox.dev.sonar.build - promote-pull-request: true + promote-pull-request: true \ No newline at end of file From 0a2d3eba07dde6489e9d79ff09edde30eeaf435d Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 11:52:07 +0200 Subject: [PATCH 08/11] BUILD-11521: Run Promote on sonar-dev runner to reach dev Repox --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 22280f4..000fed0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,7 +41,8 @@ jobs: cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} runs-on: group: sonar-dev - labels: github-ubuntu-latest-s name: Promote + labels: github-ubuntu-latest-s + name: Promote permissions: id-token: write contents: write From 1315f8aa3da695b2f8bf6d3a3ee27a0fd2396a72 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 12:04:41 +0200 Subject: [PATCH 09/11] BUILD-11521: Fix missing trailing newline --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 000fed0..f1913ee 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,4 +53,4 @@ jobs: - uses: SonarSource/ci-github-actions/promote@feat/jcarsique/BUILD-11521-selfHostedRepox # dogfood with: repox-url: https://repox.dev.sonar.build - promote-pull-request: true \ No newline at end of file + promote-pull-request: true From d91883fb8a0cc70fec37757facf0bafe857ea639 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 12:05:10 +0200 Subject: [PATCH 10/11] BUILD-11521: Fix runner labels for sonar-dev group --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f1913ee..9476e7b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} runs-on: group: sonar-dev - labels: github-ubuntu-latest-s + labels: sonar-xs name: Build permissions: id-token: write @@ -41,7 +41,7 @@ jobs: cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }} runs-on: group: sonar-dev - labels: github-ubuntu-latest-s + labels: sonar-xs name: Promote permissions: id-token: write From 7230cbe956af24b5b57c129bfe990be10f614403 Mon Sep 17 00:00:00 2001 From: Julien Carsique Date: Fri, 5 Jun 2026 14:06:49 +0200 Subject: [PATCH 11/11] BUILD-11521: Add sonar-xs to actionlint known labels --- .github/actionlint.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml index 98b4f5d..1e8ad73 100644 --- a/.github/actionlint.yaml +++ b/.github/actionlint.yaml @@ -2,3 +2,4 @@ self-hosted-runner: labels: - github-ubuntu-latest-s + - sonar-xs