SONARPY-3418 Migrate the public CI to GH action (#554)

Seppli11 · sonartech · commit 38b5e8ca2772 · 2025-10-06T09:29:20.000Z
GitOrigin-RevId: 73705dcdfb9465f5d8fc39efbf57bb0ca215ce36
diff --git a/.cirrus-public.yml b/.cirrus-public.yml
diff --git a/.cirrus.star b/.cirrus.star
@@ -31,6 +31,6 @@ def is_public_repo():
 
 def main(ctx):
     if is_public_repo():
-        return public_conf(ctx)
+        return {} 
     else:
-        return private_conf(ctx)
+        return private_conf(ctx)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,83 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+      - branch-*
+      - dogfood-*
+  workflow_dispatch:
+  schedule:
+    # Nightly build at 2 AM UTC for shadow analysis
+    - cron: '0 2 * * *' 
+
+env:
+  PYTHON_VERSION: 3.9.5
+  IS_COMMUNITY: true
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  analyze:
+    runs-on: github-ubuntu-latest-s
+    name: Build
+    permissions:
+      id-token: write
+      contents: write
+    strategy:
+      matrix:
+        include:
+          - name: "Analysis on SonarQube NEXT"
+            sonar_token_path: "development/kv/data/next"
+            sonar_host_url: "https://next.sonarqube.com/sonarqube"
+            sonar_project_key: "org.sonarsource.python:python"
+            run_condition: "always"
+          - name: "Analysis on Sonarcloud.io"
+            sonar_token_path: "development/kv/data/sonarcloud"
+            sonar_host_url: "https://sonarcloud.io"
+            sonar_project_key: "SonarSource_sonar-python"
+            run_condition: "nightly"
+          - name: "Analysis on SonarQube.us"
+            sonar_token_path: "development/kv/data/sonarqube-us"
+            sonar_host_url: "https://sonarqube.us"
+            sonar_project_key: "SonarSource_sonar-python"
+            run_condition: "nightly"
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup submodules
+        run: |
+          git submodule update --init --jobs 4
+          cd python-frontend/typeshed_serializer/resources/python-type-stubs
+          git sparse-checkout set stubs/sklearn
+          git checkout
+
+      - name: Get sonar token
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            ${{ matrix.sonar_token_path }} token | SONAR_TOKEN;
+
+      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
+        with:
+          version: 2025.7.12
+
+      - name: Install tox
+        run: |
+          uv python install ${{ env.PYTHON_VERSION }} --default --preview
+          uv venv
+          uv pip install tox
+          source .venv/bin/activate
+          echo "$(pwd)/.venv/bin" >> $GITHUB_PATH
+
+      - name: Remove private directory
+        run: rm -rf private
+
+      - name: Analyze
+        run: bash ./.cirrus/analyze.sh
+        env:
+          SONAR_TOKEN: ${{ fromJson(steps.secrets.outputs.vault).SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ matrix.sonar_host_url }}
+          SONAR_PROJECT_KEY: ${{ matrix.sonar_project_key }}
diff --git a/mise.toml b/mise.toml
@@ -0,0 +1,5 @@
+[tools]
+java = "17.0"
+maven = "3.9"
+python = "3.13"
+uv = "latest"
