diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ac91e157..b566ecab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -66,10 +66,52 @@ jobs: artifactory-reader-role: private-reader artifactory-deployer-role: qa-deployer + plugin-qa: + runs-on: github-ubuntu-latest-s # Custom GitHub-hosted runner for public repos + name: Plugin QA (${{ matrix.sq_version }}) + needs: + - get-build-number + - build-linux + permissions: + id-token: write # Required for Vault OIDC authentication + contents: write # Required for repository access + strategy: + matrix: + sq_version: [LATEST_RELEASE, DEV] + env: + BUILD_NUMBER: ${{ needs.get-build-number.outputs.build-number }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 + with: + version: 2025.7.12 + - name: Vault + id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/github/token/licenses-ro token | GITHUB_TOKEN; + development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; + - name: Configure Maven + uses: SonarSource/ci-github-actions/config-maven@v1 + with: + artifactory-reader-role: private-reader + env: + GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} + ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} + - name: Plugin QA Tests + env: + GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} + ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} + run: | + cd its/plugin + mvn verify -Pit-plugin -Dsonar.runtimeVersion=${{ matrix.sq_version }} -Dmaven.test.redirectTestOutputToFile=false -B -e -V + promote: needs: - build-linux - build-windows + - plugin-qa runs-on: github-ubuntu-latest-s # Custom GitHub-hosted runner for public repos name: Promote permissions: