SonarSource · julien-carsique-sonarsource · Mar 4, 2026 · Mar 3, 2026 · Mar 3, 2026
@@ -64,6 +64,9 @@ inputs:
   disable-caching:
     description: Whether to disable Gradle caching entirely
     default: 'false'
+  generate-summary:
+    description: Whether to generate a workflow summary after the build.
+    default: 'true'
 
 outputs:
   project-version:
@@ -192,11 +195,11 @@ runs:
         show-summary: true
 
     - name: Generate workflow summary
-      if: always()
+      if: always() && inputs.generate-summary != 'false'
       shell: bash
       run: |
         build_name="${GITHUB_REPOSITORY#*/}"
-        echo "## 🏗️ Gradle Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "## 🏗️ Gradle Build Summary (\`${GITHUB_JOB}\`)" >> $GITHUB_STEP_SUMMARY
         if [[ "${{ steps.build.conclusion }}" == "success" ]]; then
           echo "✅ **Build SUCCESS**" >> $GITHUB_STEP_SUMMARY
         else

@@ -223,6 +223,10 @@ gradle_build() {
     echo "::endgroup::"
   else
     # Build with sonar analysis via orchestrator
+    # TODO BUILD-10586: sonar analysis is not filtered by branch type here — it runs on all branches
+    # (including dogfood and other branches) when sonar-platform != none. This differs from
+    # build-maven/build-npm/build-yarn/build-poetry which skip sonar on dogfood/other branches.
+    # Should add a should_scan() guard consistent with the other build scripts.
     # shellcheck disable=SC2119
     orchestrate_sonar_platforms
   fi

@@ -237,7 +237,7 @@ runs:
       shell: bash
       run: |
         build_name="${GITHUB_REPOSITORY#*/}"
-        echo "## 🏗️ Maven Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "## 🏗️ Maven Build Summary (\`${GITHUB_JOB}\`)" >> $GITHUB_STEP_SUMMARY
         if [[ "${{ steps.build.conclusion }}" == "success" ]]; then
           echo "✅ **Build SUCCESS**" >> $GITHUB_STEP_SUMMARY
         else

@@ -50,6 +50,9 @@ inputs:
       Relative paths of the artifacts for which to generate a provenance attestation (glob pattern).
       Default is collected from '.attestation-artifacts/' directory
     default: ''
+  generate-summary:
+    description: Whether to generate a workflow summary after the build.
+    default: 'true'
 
 outputs:
   BUILD_NUMBER:
@@ -177,14 +180,14 @@ runs:
         show-summary: true
 
     - name: Generate workflow summary
-      if: always()
+      if: always() && inputs.generate-summary != 'false'
       shell: bash
       env:
         ARTIFACTORY_URL: ${{ inputs.repox-artifactory-url != '' && inputs.repox-artifactory-url ||
           format('{0}/artifactory', inputs.repox-url) }}
       run: |
         build_name="${GITHUB_REPOSITORY#*/}"
-        echo "## 📦 NPM Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "## 📦 NPM Build Summary (\`${GITHUB_JOB}\`)" >> $GITHUB_STEP_SUMMARY
         if [[ "${{ steps.build.conclusion }}" == "success" ]]; then
           echo "✅ **Build SUCCESS**" >> $GITHUB_STEP_SUMMARY
         else
@@ -197,7 +200,7 @@ runs:
         echo "- **Branch**: \`${GITHUB_REF}\`" >> $GITHUB_STEP_SUMMARY
         echo "- **Commit**: \`$GITHUB_SHA\`" >> $GITHUB_STEP_SUMMARY
 
-        if [[ "${{ steps.build.outputs.should-deploy }}" == true ]]; then
+        if [[ "${{ steps.build.outputs.deployed }}" == true ]]; then
           echo "### 🚀 Deployment" >> $GITHUB_STEP_SUMMARY
           ARTIFACTORY_BROWSE_URL="${ARTIFACTORY_URL%/*}/ui/builds/$build_name/$BUILD_NUMBER"
           echo "🔗 **[Browse artifacts in Artifactory](${ARTIFACTORY_BROWSE_URL})**" >> $GITHUB_STEP_SUMMARY

@@ -123,6 +123,9 @@ jfrog_npm_publish() {
 }
 
 # Determine build configuration based on branch type
+# TODO BUILD-10586: this function does not support a DEPLOY env var to override deployment (unlike build-maven and build-gradle).
+# Should add a DEPLOY=${DEPLOY:=true} check consistent with those build scripts.
+# Note: unlike build-maven and build-gradle, long-lived feature branches (feature/long/*) do not deploy here.
 get_build_config() {
   local enable_sonar enable_deploy
   local sonar_args=()

@@ -54,6 +54,9 @@ inputs:
   disable-caching:
     description: Whether to disable Poetry caching entirely
     default: 'false'
+  generate-summary:
+    description: Whether to generate a workflow summary after the build.
+    default: 'true'
 
 outputs:
   project-version:
@@ -174,14 +177,14 @@ runs:
         show-summary: true
 
     - name: Generate workflow summary
-      if: always()
+      if: always() && inputs.generate-summary != 'false'
       shell: bash
       env:
         ARTIFACTORY_URL: ${{ inputs.repox-artifactory-url != '' && inputs.repox-artifactory-url ||
           format('{0}/artifactory', inputs.repox-url) }}
       run: |
         build_name="${GITHUB_REPOSITORY#*/}"
-        echo "## 📦 Poetry Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "## 📦 Poetry Build Summary (\`${GITHUB_JOB}\`)" >> $GITHUB_STEP_SUMMARY
         if [[ "${{ steps.build.conclusion }}" == "success" ]]; then
           echo "✅ **Build SUCCESS**" >> $GITHUB_STEP_SUMMARY
         else
@@ -194,7 +197,7 @@ runs:
         echo "- **Branch**: \`${GITHUB_REF}\`" >> $GITHUB_STEP_SUMMARY
         echo "- **Commit**: \`$GITHUB_SHA\`" >> $GITHUB_STEP_SUMMARY
 
-        if [[ "${{ steps.build.outputs.should-deploy }}" == true ]]; then
+        if [[ "${{ steps.build.outputs.deployed }}" == true ]]; then
           echo "### 🚀 Deployment" >> $GITHUB_STEP_SUMMARY
           ARTIFACTORY_BROWSE_URL="${ARTIFACTORY_URL%/*}/ui/builds/$build_name/$BUILD_NUMBER"
           echo "🔗 **[Browse artifacts in Artifactory](${ARTIFACTORY_BROWSE_URL})**" >> $GITHUB_STEP_SUMMARY

@@ -193,6 +193,9 @@ set_project_version() {
 }
 
 # Determine build configuration based on branch type
+# TODO BUILD-10586: this function does not support a DEPLOY env var to override deployment (unlike build-maven and build-gradle).
+# Should add a DEPLOY=${DEPLOY:=true} check consistent with those build scripts.
+# Note: unlike build-maven and build-gradle, long-lived feature branches (feature/long/*) do not deploy here.
 get_build_config() {
   local enable_sonar enable_deploy
   local sonar_args=()

@@ -50,6 +50,10 @@ inputs:
       Relative paths of the artifacts for which to generate a provenance attestation (glob pattern).
       Default is collected from '.attestation-artifacts/' directory
     default: ''
+  generate-summary:
+    description: Whether to generate a workflow summary after the build.
+    default: 'true'
+
 outputs:
   project-version:
     description: The project version from package.json
@@ -173,15 +177,16 @@ runs:
         subject-path: >-
           ${{ inputs.provenance-artifact-paths != '' && inputs.provenance-artifact-paths || steps.build.outputs.artifact-paths }}
         show-summary: true
+
     - name: Generate workflow summary
-      if: always()
+      if: always() && inputs.generate-summary != 'false'
       shell: bash
       env:
         ARTIFACTORY_URL: ${{ inputs.repox-artifactory-url != '' && inputs.repox-artifactory-url ||
           format('{0}/artifactory', inputs.repox-url) }}
       run: |
         build_name="${GITHUB_REPOSITORY#*/}"
-        echo "## 📦 Yarn Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "## 📦 Yarn Build Summary (\`${GITHUB_JOB}\`)" >> $GITHUB_STEP_SUMMARY
         if [[ "${{ steps.build.conclusion }}" == "success" ]]; then
           echo "✅ **Build SUCCESS**" >> $GITHUB_STEP_SUMMARY
         else
@@ -194,7 +199,7 @@ runs:
         echo "- **Branch**: \`${GITHUB_REF}\`" >> $GITHUB_STEP_SUMMARY
         echo "- **Commit**: \`$GITHUB_SHA\`" >> $GITHUB_STEP_SUMMARY
 
-        if [[ "${{ steps.build.outputs.should-deploy }}" == true ]]; then
+        if [[ "${{ steps.build.outputs.deployed }}" == true ]]; then
           echo "### 🚀 Deployment" >> $GITHUB_STEP_SUMMARY
           ARTIFACTORY_BROWSE_URL="${ARTIFACTORY_URL%/*}/ui/builds/$build_name/$BUILD_NUMBER"
           echo "🔗 **[Browse artifacts in Artifactory](${ARTIFACTORY_BROWSE_URL})**" >> $GITHUB_STEP_SUMMARY

@@ -193,6 +193,9 @@ jfrog_yarn_publish() {
 }
 
 # Determine build configuration based on branch type
+# TODO BUILD-10586: this function does not support a DEPLOY env var to override deployment (unlike build-maven and build-gradle).
+# Should add a DEPLOY=${DEPLOY:=true} check consistent with those build scripts.
+# Note: unlike build-maven and build-gradle, long-lived feature branches (feature/long/*) do not deploy here.
 get_build_config() {
   local enable_sonar enable_deploy
   local sonar_args=()

@@ -5,12 +5,15 @@
 # - ARTIFACTORY_PROMOTE_ACCESS_TOKEN: Access token to promote builds
 # - BUILD_NUMBER: Build number (e.g. 42)
 # - BUILD_NAME: Name of the JFrog Artifactory build (e.g. sonar-dummy)
+# - GITHUB_TOKEN: GitHub token with repo access to update commit status
 #
 # GitHub Actions auto-provided:
 # - GITHUB_REF_NAME: Short ref name of the branch or tag (e.g. main, branch-123, dogfood-on-123)
 # - GITHUB_REPOSITORY: Repository name (e.g. sonarsource/sonar-dummy)
 # - GITHUB_EVENT_NAME: Event name (e.g. push, pull_request)
 # - GITHUB_EVENT_PATH: Path to the event webhook payload file. For example, /github/workflow/event.json.
+# - GITHUB_SHA: Git commit SHA that triggered the workflow
+# - GITHUB_JOB: The job_id of the current job, used for generating workflow summary
 #
 # Optional user customization:
 # - ARTIFACTORY_URL: Repox URL.
@@ -34,7 +37,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../shared/common-functions.sh"
 : "${ARTIFACTORY_URL:="https://repox.jfrog.io/artifactory"}"
 : "${ARTIFACTORY_PROMOTE_ACCESS_TOKEN:?}"
 : "${GITHUB_REF_NAME:?}" "${BUILD_NUMBER:?}" "${GITHUB_REPOSITORY:?}" "${GITHUB_EVENT_NAME:?}" "${GITHUB_EVENT_PATH:?}" "${GITHUB_TOKEN:?}"
-: "${GITHUB_SHA:?}"
+: "${GITHUB_SHA:?}" "${GITHUB_JOB:?}"
 GH_API_VERSION_HEADER="X-GitHub-Api-Version: 2022-11-28"
 BUILD_INFO_FILE=$(mktemp)
 rm -f "$BUILD_INFO_FILE"
@@ -186,7 +189,7 @@ generate_workflow_summary() {
 
 
   cat >> "$GITHUB_STEP_SUMMARY" <<EOF
-## 🚀 Promotion Summary
+## 🚀 Promotion Summary (\`${GITHUB_JOB}\`)
 
 ✅ **Promotion SUCCESS**
 

@@ -47,6 +47,7 @@ export BUILD_NAME="dummy-project"
 export BUILD_NUMBER="42"
 export DEFAULT_BRANCH="main"
 export GITHUB_EVENT_NAME="push"
+export GITHUB_JOB="dummy-job"
 export GITHUB_REF="refs/heads/dummy-branch"
 export GITHUB_REF_NAME="dummy-branch"
 export GITHUB_REPOSITORY="SonarSource/dummy-project"