ci: replace SonarCloud quality-gate single-shot poll with bounded retry

[Qbandev]

Description

The sonar-cloud-quality-gate-status job in ci.yml polled SonarCloud with a fixed sleep 30 then a single curl to qualitygates/project_status. On cherry-pick branches SonarCloud frequently has not finished ingesting the analysis by the 30 s mark, so the API returns NONE/empty status and the job exits 1 — turning the required Check all jobs pass gate red for a timing reason entirely unrelated to code quality.

Root cause verified from INFRA-3671 analysis: PR 30969 (SHA e86a4f4) shows run 26844267240 quality-gate = failure with analysis green, and same-SHA run 26844272597 = success on re-run. This pattern appeared across ~20 of 48 gate-fail PRs in a 100-PR Runway cherry-pick sample (2026-03-04 → 2026-06-03), making SonarCloud the single largest driver of blocked auto-merges.

Fix: replace the single shot with a bounded retry loop — up to 12 attempts × 15 s = ≤3 min total. OK/ERROR exit immediately; any other status (ingestion still in progress) retries. After all attempts exhausted, the job fails (we do not pass-with-warning on Sonar unavailability).

Changelog

CHANGELOG entry: null

Related issues

Fixes: INFRA-3671 (WI-1 — SonarCloud quality-gate poll race)

Manual testing steps

Feature: SonarCloud quality gate on cherry-pick PRs

  Scenario: Runway cherry-pick PR reaches all-green without manual re-run
    Given a Runway cherry-pick PR targeting a release/* branch
    When the CI run completes
    Then sonar-cloud-quality-gate-status succeeds on first attempt
      (no need to manually re-trigger the job)
    And Check all jobs pass turns green without intervention

CI verification: observe the next Runway cherry-pick PR — the sonar-cloud-quality-gate-status job log should show attempt 1/12 (or similar) and succeed without a second run.

Screenshots/Recordings

Before

sonar-cloud-quality-gate-status exits 1 on first run ("Could not determine Quality Gate status"), requires manual re-run to turn green.

After

Job polls up to 12 × 15 s, succeeds as soon as SonarCloud ingestion completes.

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable — N/A (CI workflow shell change; verified with actionlint and a YAML parse + structure assertion test)
• I've documented my code using JSDoc format if applicable — N/A
• I've applied the right labels on the PR (see labeling guidelines).

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[Copilot]

Pull request overview

Updates the SonarCloud quality gate status check in the CI workflow to avoid flaky failures caused by SonarCloud ingestion lag (especially on cherry-pick branches), by polling for a bounded amount of time instead of using a fixed sleep plus single request.

Changes:

• Removes the fixed sleep 30 and replaces the single SonarCloud API call with a bounded retry loop (up to 12 attempts with 15s intervals).
• Exits immediately on OK (pass) or ERROR (fail), and fails the job if no settled status is observed by the retry limit.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 98%

click to see 🤖 AI reasoning details

E2E Test Selection:
The change to .github/workflows/ci.yml is purely a CI infrastructure improvement to the SonarCloud Quality Gate check. It replaces a single hardcoded sleep 30 + one-shot API call with a polling loop (up to 12 retries, 15s apart) that gracefully handles the case where SonarCloud hasn't finished ingesting the analysis yet (NONE/empty status). This change:

1. Does NOT touch any application source code
2. Does NOT touch any test files, page objects, or test fixtures
3. Does NOT affect any controllers, Engine, or core modules
4. Does NOT affect any UI components or user flows
5. Only modifies the SonarCloud quality gate polling logic in the CI pipeline

No E2E tests need to run to validate this change. The change is self-contained within CI infrastructure and its correctness is validated by the CI pipeline itself running successfully.

Performance Test Selection:
This is a pure CI workflow change affecting only the SonarCloud Quality Gate polling logic. There is no application code change that could impact performance metrics, rendering, data loading, or any user-facing flows. No performance tests are needed.

View GitHub Actions results