Skip to content

SONARJAVA-6239 Automated release 8.22#5554

Open
leonardo-pilastri-sonarsource wants to merge 9 commits intobranch-8.22from
automated-release-8.22
Open

SONARJAVA-6239 Automated release 8.22#5554
leonardo-pilastri-sonarsource wants to merge 9 commits intobranch-8.22from
automated-release-8.22

Conversation

@leonardo-pilastri-sonarsource
Copy link
Copy Markdown
Contributor

@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource commented Apr 8, 2026

No description provided.

tomasz-tylenda-sonarsource and others added 9 commits April 8, 2026 14:29
@tomasz-tylenda-sonarsource @claude @leonardo-pilastri-sonarsource
SONARJAVA-6140 Add automated release workflow (#5474)
f75d037 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@tomasz-tylenda-sonarsource @leonardo-pilastri-sonarsource
SONARJAVA-6150 Automated Release: Add Jira issue categories (#5484)
3d437bd
@tomasz-tylenda-sonarsource @leonardo-pilastri-sonarsource
SONARJAVA-6188 Use plugin-artifacts to fix SQS and SQC integrations (#…
898beaf 
…5511)
@tomasz-tylenda-sonarsource @leonardo-pilastri-sonarsource
SONARJAVA-6190 Update automated release workflow (#5517)
e0c4d54
@tomasz-tylenda-sonarsource @leonardo-pilastri-sonarsource
SONARJAVA-6193 Bump version using automated release and Maven (#5523)
022b982
@tomasz-tylenda-sonarsource @claude @leonardo-pilastri-sonarsource
SONARJAVA-6185 Prepare Next Iteration: adjust for automated release (#…
bfe1aac 
…5506)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@tomasz-tylenda-sonarsource @leonardo-pilastri-sonarsource
SONARJAVA-6114 Provide GitHub token with RSpec access to rule-api.jar (
33090e5 
…#5470)
@tomasz-tylenda-sonarsource @leonardo-pilastri-sonarsource
SONARJAVA-6155 Use shared update rule metadata worflow (#5488)
2785395
@tomasz-tylenda-sonarsource @leonardo-pilastri-sonarsource
SONARJAVA-6213 Delete obsolete Slack notification workflow (#5535)
457abda
@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title Automated release 8.22 SONARJAVA-6239 Automated release 8.22 Apr 8, 2026
@hashicorp-vault-sonar-prod
Copy link
Copy Markdown
Contributor

hashicorp-vault-sonar-prod bot commented Apr 8, 2026
edited by atlassian bot
Loading

SONARJAVA-6239

@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha bot commented Apr 8, 2026
edited
Loading

Summary

This PR consolidates release and automation workflows to use centralized SonarSource reusable actions, replacing custom implementations with shared, maintained workflows.

Key changes:

  • PrepareNextIteration.yml refactored to use SonarSource/release-github-actions/create-pull-request action. Input renamed from nextVersion to version with automatic normalization (X.Y → X.Y.0-SNAPSHOT).
  • UpdateRuleMetadata.yml simplified to use SonarSource/release-github-actions/update-rule-metadata action, removing JFrog setup, Java configuration, and manual rule-api jar handling.
  • automated-release.yml added as new comprehensive release workflow (delegates to reusable action) supporting dry-run, multiple integrations (IDE/SQC/SQS), and automated version bumping.
  • release.yml enhanced with workflow_dispatch trigger, now supports both GitHub release events and manual triggering with explicit version/releaseId inputs.
  • slack_notify.yml deleted; Slack notifications now handled by centralized reusable actions.
  • Slack channel updated from squad-jvm-notifs to squad-jvm-releases.

What reviewers should know

Where to focus:

  1. Reusable action dependencies: This PR introduces critical dependencies on SonarSource/release-github-actions (v1). These handle complex release logic—verify this external action is properly reviewed and maintained, and check permissions granted to it.

  2. PrepareNextIteration.yml: Version normalization logic (lines 10-14) converts short version formats. Verify this matches expected behavior for your release process.

  3. Slack notifications: The slack_notify.yml workflow is fully removed. Confirm that notifications are now emitted by the reusable actions and routed to the correct channel.

  4. automated-release.yml: This is a new entrypoint for releases. It orchestrates IDE, SQC, and SQS integrations plus Jira interactions. Verify the inputs align with your release checklist and that the pm-email address is correct.

  5. release.yml fallback logic (lines 35-37): The new inputs || github.event.release.* pattern handles both release and dispatch triggers—check that fallback values make sense for release event scenarios.

Testing tip: The new automated-release.yml defaults to dry-run: true and uses Jira sandbox—confirm this is safe for local testing.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next bot commented Apr 8, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

Clean workflow modernization — no bugs found. The PR consistently delegates to SonarSource/release-github-actions reusable actions, removing duplicated git/gh/JFrog plumbing that was previously maintained locally.

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leonardo-pilastri-sonarsource @tomasz-tylenda-sonarsource