Skip to content

PACKMP-30 Migrates CI from Cirrus CI to GitHub Actions#76

Merged
alexandre-odoux-sonarsource merged 7 commits intomasterfrom
PACKMP-30/migrations-ci-to-github-actions/ao
Nov 18, 2025
Merged

PACKMP-30 Migrates CI from Cirrus CI to GitHub Actions#76
alexandre-odoux-sonarsource merged 7 commits intomasterfrom
PACKMP-30/migrations-ci-to-github-actions/ao

Conversation

@alexandre-odoux-sonarsource
Copy link
Copy Markdown
Contributor

@alexandre-odoux-sonarsource alexandre-odoux-sonarsource commented Nov 14, 2025
edited by atlassian bot
Loading

PACKMP-30

Summary

  • Migrates CI pipeline from Cirrus CI to GitHub Actions
  • Creates .github/workflows/build.yml with Maven build and promote jobs
  • Removes .cirrus.yml and .cirrus.star configuration files
  • Updates README badge from Travis CI to GitHub Actions

Configuration Details

  • Uses build-maven@v1 action with Maven-specific configuration
  • Correct runner: github-ubuntu-latest-s (for public repository)
  • Artifactory roles: private-reader and qa-deployer
  • Pull request deployment enabled
  • All third-party actions pinned to commit SHAs as per migration guidelines

Test Plan

  • Verify GitHub Actions workflow runs successfully on this PR
  • Verify build job completes without errors
  • Verify promote job executes (if applicable for PR)
  • Check that artifacts are properly deployed to Artifactory

🤖 Generated with Claude Code

@alexandre-odoux-sonarsource @claude
PACKMP-30 Migrates CI from Cirrus CI to GitHub Actions
be73143 
Creates GitHub Actions workflow with Maven build and promote jobs following
SonarSource migration guidelines. Removes Cirrus CI configuration files and
updates README badge from Travis CI to GitHub Actions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@alexandre-odoux-sonarsource
Relaxes GHA versions checks (temporary)
2fa9222
@alexandre-odoux-sonarsource alexandre-odoux-sonarsource force-pushed the PACKMP-30/migrations-ci-to-github-actions/ao branch from 3f90a5c to 2fa9222 Compare November 14, 2025 09:19
@alexandre-odoux-sonarsource alexandre-odoux-sonarsource marked this pull request as ready for review November 14, 2025 09:44
@henryju
Copy link
Copy Markdown
Member

henryju commented Nov 17, 2025

The tidelift CLI is creating a lot of noise in the logs, because it is trying to analyze integration tests projects:
https://github.com/SonarSource/sonar-packaging-maven-plugin/actions/runs/19362139090/job/55396405254?pr=76#step:4:2090
Would it be possible to configure an exclusion? Maybe with sonar.sca.exclusions=src/it/**

henryju
henryju requested changes Nov 17, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@henryju henryju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think IT projects should be excluded from the SCA analysis.

@alexandre-odoux-sonarsource alexandre-odoux-sonarsource force-pushed the PACKMP-30/migrations-ci-to-github-actions/ao branch from 678cb6e to 98f75f1 Compare November 18, 2025 09:39
@sonarqube-next
Copy link
Copy Markdown

sonarqube-next bot commented Nov 18, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@alexandre-odoux-sonarsource alexandre-odoux-sonarsource merged commit c7bc201 into master Nov 18, 2025
7 checks passed
@alexandre-odoux-sonarsource alexandre-odoux-sonarsource deleted the PACKMP-30/migrations-ci-to-github-actions/ao branch November 18, 2025 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@henryju henryju henryju approved these changes

Assignees

@alexandre-odoux-sonarsource alexandre-odoux-sonarsource

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexandre-odoux-sonarsource @henryju