Skip to content

SONARJAVA-5720 Unify Platform Dogfooding of sonar-java #5299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SONARJAVA-5720 Unify Platform Dogfooding of sonar-java #5299

wants to merge 1 commit into from
+100 −0

Conversation

alban-auzeill
Copy link
Member

@alban-auzeill alban-auzeill commented Sep 22, 2025
edited
Loading

@alban-auzeill alban-auzeill force-pushed the alban/SONARJAVA-5720 branch 2 times, most recently from 2a1a2a9 to e0fab2c Compare September 22, 2025 17:06
@sonarqubecloud SonarQubeCloud
Copy link

🤖 Pull Request summary

This PR adds a shadow SonarQube scanning and issue replication pipeline to CI.

• Adds new CI task sonar_shadow_scan_and_issue_replication_task that runs matrix builds for sonarcloud.io and sonarqube.us
• Creates shell script to build/analyze project against shadow SonarQube instances and replicate issues using IRIS tool
• Updates promote task to depend on the new shadow scan task

Review focus: Verify vault token permissions and ensure the commented-out cron trigger condition is intentional before merge.

💬 Please send your feedback

Quality Gate Failed Quality Gate failed

Failed conditions
449 New issues
2 Security Hotspots

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@sonarqube-cloud-us SonarQube Cloud US
Copy link

🤖 Pull Request summary

Adds shadow scanning with issue replication to CI pipeline.

New CI task: Adds sonar_shadow_scan_and_issue_replication_task that runs after build and targets both SonarCloud and SonarQube US instances
Shell script: Implements shadow-scan-and-issue-replication.sh with build analysis and IRIS tool integration for issue state replication
Pipeline dependency: Updates promote task to depend on the new shadow scan task

Focus areas for review:

  • Credential management and vault token usage across multiple SonarQube instances
  • IRIS jar download and execution logic with dry-run validation
  • Commented TODO for cron job restriction may need addressing

💬 Please send your feedback

Quality Gate Failed Quality Gate failed

Failed conditions
430 New issues
2 Security Hotspots

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource Awaiting requested review from tomasz-tylenda-sonarsource

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alban-auzeill