Skip to content

BUILD-8880: Yarn shadow scans#59

Merged
mikolaj-matuszny-ext-sonarsource merged 1 commit intomasterfrom
feat/mmatuszny/BUILD-8880-ud-yarn
Aug 25, 2025
Merged

BUILD-8880: Yarn shadow scans#59
mikolaj-matuszny-ext-sonarsource merged 1 commit intomasterfrom
feat/mmatuszny/BUILD-8880-ud-yarn

Conversation

@mikolaj-matuszny-ext-sonarsource
Copy link
Copy Markdown
Contributor

@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource commented Aug 20, 2025
edited
Loading

Adds support for Unified Dogfooding in yarn action

@mikolaj-matuszny-ext-sonarsource
Copy link
Copy Markdown
Contributor Author

mikolaj-matuszny-ext-sonarsource commented Aug 20, 2025

https://next.sonarqube.com/sonarqube/dashboard?id=SonarSource_sonar-dummy-yarn&pullRequest=21
https://sonarcloud.io/summary/new_code?id=SonarSource_sonar-dummy-yarn&pullRequest=21
https://sonarqube.us/summary/new_code?id=SonarSource_sonar-dummy-yarn&pullRequest=21

https://github.com/SonarSource/sonar-dummy-yarn/actions/runs/17094408646/job/48475684594

@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource force-pushed the feat/mmatuszny/BUILD-8880-ud-yarn branch 2 times, most recently from d777ce0 to eac1814 Compare August 20, 2025 10:13
@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource marked this pull request as ready for review August 20, 2025 10:13
@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource changed the title BUILD-8080: Yarn shadow scans BUILD-8880: Yarn shadow scans Aug 20, 2025
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Aug 22, 2025

🤖 Pull Request summary

Updates SonarQube integration to support multi-platform shadow scanning for unified platform dogfooding.

• Adds run-shadow-scans input to enable analysis across all 3 SonarQube platforms (next, sqc-eu, sqc-us)
• Refactors vault secrets to fetch credentials for all platforms instead of dynamic selection
• Implements orchestrator pattern with shared common functions for platform-specific scanner execution
• Automatically disables deployment during shadow scans to prevent duplicate artifacts
• Updates documentation to clarify vault permission requirements for all platforms

Focus areas for review:

  • The new orchestrator pattern in shared/common-functions.sh and its callback implementation
  • Vault permission changes requiring access to all 3 platform credentials
  • Deployment prevention logic when shadow scans are enabled

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource merged commit 9019435 into master Aug 25, 2025
8 checks passed
@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource deleted the feat/mmatuszny/BUILD-8880-ud-yarn branch August 25, 2025 08:01
matemoln pushed a commit that referenced this pull request Sep 3, 2025
@mikolaj-matuszny-ext-sonarsource @matemoln
BUILD-8080: Yarn shadow scans (#59)
dc5a913
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matemoln matemoln matemoln approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mikolaj-matuszny-ext-sonarsource @matemoln