BUILD-8317 Create a new GitHub action to support building MAVEN workloads by SamirM-BE · Pull Request #9 · SonarSource/ci-github-actions

SamirM-BE · 2025-07-08T09:54:55Z

BUILD-8317
This PR migrates our Maven-related CI scripts from the ci-common-scripts repository into a new, self-contained GitHub Action.

The primary goal is to improve maintainability and simplify our workflows by centralizing the build and analysis logic within a versioned Action.

Tested with:

https://github.com/SonarSource/sonar-dummy/pull/463
https://github.com/SonarSource/sonar-dummy/actions/runs/16524805308/job/46735258021?pr=463

Use ARTIFACTORY_ACCESS_TOKEN, not ARTIFACTORY_PRIVATE_PASSWORD
Options for MAVEN_OPTS and SONAR_SCANNER_JAVA_OPTS
Develocity is optional
Cleanup M2 repo before cache

Remove development/github/token/licenses-ro which is optional

Rework build.sh:

align with other actions
simplify and shorten
validate all required environment variables at the beginning
maintenance branches are built the same as main branch (no more separated analysis)
improved unshallow

mise: no need for jfrog CLI

set deploy-pull-request to false by default

Format: Shell functions documentation should be ahead, not after the function name
Shell function names with underscore separator, not dash

Use temp file in promote build info (was local .build-info)
Check for gh in promote

README: build-maven

no optional with parameter in the snippet
Configuration Options (with Parameters), Required GitHub permissions, Required Vault permissions are described after

Improved test coverage to 100% (except build-gradle and build-npm)

build-maven/action.yml

build-maven/build.sh

build-maven/mise.local.toml

jayadeep-km-sonarsource

Apart some minor comments, the PR looks good to me. Great job!

hedinasr · 2025-07-25T10:22:24Z

I still face issues when using this action:

…oads Use ARTIFACTORY_ACCESS_TOKEN, not ARTIFACTORY_PRIVATE_PASSWORD Options for MAVEN_OPTS and SONAR_SCANNER_JAVA_OPTS Develocity is optional Cleanup M2 repo before cache Remove development/github/token/licenses-ro which is optional Rework build.sh: - align with other actions - simplify and shorten - validate all required environment variables at the beginning - maintenance branches are built the same as main branch (no more separated analysis) - improved unshallow mise: no need for jfrog CLI set deploy-pull-request to false by default Format: Shell functions documentation should be ahead, not after the function name Shell function names with underscore separator, not dash Use temp file in promote build info (was local .build-info) Check for gh in promote README: build-maven - no optional with parameter in the snippet - Configuration Options (`with` Parameters), Required GitHub permissions, Required Vault permissions are described after Improved test coverage to 100% (except build-gradle and build-npm) Reviewed-By: julien-carsique-sonarsource Reviewed-By: jayadeep-km-sonarsource

sonarqubecloud · 2025-07-25T15:37:33Z

🤖 Pull Request summary

Add build-maven action for Maven project builds and deployments.

New Maven build action: Adds complete build-maven action with build/deploy/analyze capabilities for Maven projects
Maven settings: Includes XML configuration files for private and public repository authentication
Build script: Implements Maven-specific build logic with branch-based deployment strategies and SonarQube integration
Coverage update: Adds build-maven to test coverage patterns in .shellspec and sonar-project.properties
Documentation: Adds comprehensive README section with usage examples and configuration options
Default change: Updates build-poetry action default for deploy-pull-request from true to false

💬 Please send your feedback

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

SamirM-BE force-pushed the feat/smarini/BUILD-8317-createBuildMavenGhAction branch 28 times, most recently from 2cdd0b7 to 5fa660a Compare July 9, 2025 18:43

SamirM-BE marked this pull request as ready for review July 10, 2025 07:02

SamirM-BE requested a review from a team as a code owner July 10, 2025 07:02

julien-carsique-sonarsource force-pushed the feat/smarini/BUILD-8317-createBuildMavenGhAction branch 4 times, most recently from 809111c to 15932a2 Compare July 24, 2025 10:44

jayadeep-km-sonarsource mentioned this pull request Jul 24, 2025

BUILD-8475: Cirrus to github migration SonarSource/parent-oss#272

Merged

julien-carsique-sonarsource force-pushed the feat/smarini/BUILD-8317-createBuildMavenGhAction branch 2 times, most recently from 39feca1 to cc6db05 Compare July 24, 2025 17:42

julien-carsique-sonarsource self-requested a review July 24, 2025 17:42

julien-carsique-sonarsource approved these changes Jul 24, 2025

View reviewed changes