From d36ecccba70120436cd318e0cedc57ef1d1d21bd Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Wed, 24 Dec 2025 10:09:43 +0100 Subject: [PATCH 1/3] BUILD-9716 Optimize workflow --- .github/workflows/build.yml | 75 +++++++++++++++++++++++------- .github/workflows/credcheck.yml | 7 +++ .github/workflows/release.yml | 14 +++++- .github/workflows/shadow-scans.yml | 12 ++++- 4 files changed, 88 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8f3f95f53..3d4563915 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -82,12 +82,22 @@ jobs: echo "| **Branch** | \`${{ needs.prepare.outputs.BRANCH_NAME }}\` |" >> $GITHUB_STEP_SUMMARY - name: Cache NPM dependencies - uses: SonarSource/ci-github-actions/cache@v1 + uses: SonarSource/gh-action_cache@v1 with: path: ~/.npm key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} + - name: Cache JAR dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: | + server/ + analyzers/ + eslint-bridge/ + key: jars-${{ runner.os }}-${{ hashFiles('package.json') }} + restore-keys: jars-${{ runner.os }} + - name: Prepare build env: ARTIFACTORY_PRIVATE_READER_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USER }} @@ -133,6 +143,13 @@ jobs: GITHUB_BRANCH: ${{ github.head_ref || github.ref_name }} run: npm run deploy-all-marketplaces + - name: Upload VSIX artifact for QA tests + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: vsix-universal + path: sonarlint-vscode-*.vsix + retention-days: 1 + test-linux: runs-on: github-ubuntu-latest-m name: Run tests on Linux @@ -157,12 +174,22 @@ jobs: - uses: SonarSource/ci-github-actions/get-build-number@v1 - name: Cache NPM dependencies - uses: SonarSource/ci-github-actions/cache@v1 + uses: SonarSource/gh-action_cache@v1 with: path: ~/.npm key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} + - name: Cache JAR dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: | + server/ + analyzers/ + eslint-bridge/ + key: jars-${{ runner.os }}-${{ hashFiles('package.json') }} + restore-keys: jars-${{ runner.os }} + - name: Prepare xvfb and ffmpeg run: mise run install-system-deps @@ -186,7 +213,7 @@ jobs: - name: Upload tests recording if: ${{ !cancelled() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: linux-test-recording path: vscode_test-linux_${{ github.run_id }}.mp4 @@ -221,12 +248,22 @@ jobs: development/kv/data/next token | SONAR_TOKEN; - name: Cache NPM dependencies - uses: SonarSource/ci-github-actions/cache@v1 + uses: SonarSource/gh-action_cache@v1 with: path: ~/.npm key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} + - name: Cache JAR dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: | + server/ + analyzers/ + eslint-bridge/ + key: jars-${{ runner.os }}-${{ hashFiles('package.json') }} + restore-keys: jars-${{ runner.os }} + - name: Run tests with coverage env: ARTIFACTORY_PRIVATE_READER_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USER }} @@ -274,27 +311,29 @@ jobs: development/kv/data/slack token | SLACK_BOT_TOKEN; - name: Cache NPM dependencies - uses: SonarSource/ci-github-actions/cache@v1 + uses: SonarSource/gh-action_cache@v1 with: path: ~/.npm key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} + - name: Cache JAR dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: | + server/ + analyzers/ + eslint-bridge/ + key: jars-${{ runner.os }}-${{ hashFiles('package.json') }} + restore-keys: jars-${{ runner.os }} + - name: Prepare xvfb and ffmpeg run: mise run install-system-deps - - name: Download VSIX from Artifactory - env: - ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }} - ARTIFACTORY_PRIVATE_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USER }} - ARTIFACTORY_PRIVATE_PASSWORD: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} - PACKAGE_VERSION: ${{ needs.build.outputs.PACKAGE_VERSION }} - PROJECT_VERSION: ${{ needs.build.outputs.PROJECT_VERSION }} - run: | - echo "Downloading staged VSIX for ${PROJECT_VERSION}" - curl -u "${ARTIFACTORY_PRIVATE_USERNAME}:${ARTIFACTORY_PRIVATE_PASSWORD}" \ - -o "sonarlint-vscode-${PACKAGE_VERSION}.vsix" \ - "${ARTIFACTORY_URL}/sonarsource-public-qa/org/sonarsource/sonarlint/vscode/sonarlint-vscode/${PROJECT_VERSION}/sonarlint-vscode-${PACKAGE_VERSION}.vsix" + - name: Download VSIX artifact + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + with: + name: vsix-universal - name: Prepare integration tests env: @@ -321,7 +360,7 @@ jobs: - name: Upload test recording if: ${{ !cancelled() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: its-test-recording-${{ matrix.qa_category }} path: its/vscode_qa-tests-${{ matrix.qa_category }}_${{ github.run_id }}.mp4 diff --git a/.github/workflows/credcheck.yml b/.github/workflows/credcheck.yml index a284f8b2d..bb61560fa 100644 --- a/.github/workflows/credcheck.yml +++ b/.github/workflows/credcheck.yml @@ -30,6 +30,13 @@ jobs: development/kv/data/visualstudio VSCE_TOKEN | VISUALSTUDIO_PAT; development/team/sonarlint/kv/data/openvsx token | OPENVSX_TOKEN; + - name: Cache NPM dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: ~/.npm + key: npm-${{ runner.os }}-credcheck-${{ hashFiles('.github/actions/vsce-publish/package-lock.json', '.github/actions/ovsx-publish/package-lock.json') }} + restore-keys: npm-${{ runner.os }}-credcheck- + - name: Check marketplace publisher personal access token if: ${{ !cancelled() }} env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 311944cc0..d31352f84 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -49,6 +49,12 @@ jobs: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; development/kv/data/visualstudio VSCE_TOKEN | VISUALSTUDIO_PAT; + - name: Cache NPM dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: ~/.npm + key: npm-${{ runner.os }}-vsce-publish-${{ hashFiles('.github/actions/vsce-publish/package-lock.json') }} + restore-keys: npm-${{ runner.os }}-vsce-publish- - name: Install dependencies for vsce-publish run: | cp ${GITHUB_WORKSPACE}/.github/scripts/.npmrc ./.npmrc @@ -131,11 +137,17 @@ jobs: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; development/team/sonarlint/kv/data/openvsx token | OPENVSX_TOKEN; + - name: Cache NPM dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: ~/.npm + key: npm-${{ runner.os }}-ovsx-publish-${{ hashFiles('.github/actions/ovsx-publish/package-lock.json') }} + restore-keys: npm-${{ runner.os }}-ovsx-publish- - name: Install dependencies for ovsx-publish run: | cp ${GITHUB_WORKSPACE}/.github/scripts/.npmrc ./.npmrc export ARTIFACTORY_ACCESS_TOKEN=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} - npm install + npm ci working-directory: ./.github/actions/ovsx-publish - name: Extract version, file name and download URL id: extract_version diff --git a/.github/workflows/shadow-scans.yml b/.github/workflows/shadow-scans.yml index ee706c7dd..b0ff0eb6c 100644 --- a/.github/workflows/shadow-scans.yml +++ b/.github/workflows/shadow-scans.yml @@ -38,12 +38,22 @@ jobs: - uses: SonarSource/ci-github-actions/get-build-number@v1 - name: Cache NPM dependencies - uses: SonarSource/ci-github-actions/cache@v1 + uses: SonarSource/gh-action_cache@v1 with: path: ~/.npm key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} + - name: Cache JAR dependencies + uses: SonarSource/gh-action_cache@v1 + with: + path: | + server/ + analyzers/ + eslint-bridge/ + key: jars-${{ runner.os }}-${{ hashFiles('package.json') }} + restore-keys: jars-${{ runner.os }} + - name: Prepare project env: ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }} From e20f7b78082634b4bc5c633870eda77ad63dac91 Mon Sep 17 00:00:00 2001 From: Vasileios Naskos Date: Fri, 9 Jan 2026 14:06:08 +0100 Subject: [PATCH 2/3] BUILD-9716 Cache node_modules --- .github/workflows/build.yml | 16 ++++++++++++---- .github/workflows/credcheck.yml | 4 +++- .github/workflows/release.yml | 6 ++++-- .github/workflows/shadow-scans.yml | 4 +++- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d4563915..92c1aab55 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -84,7 +84,9 @@ jobs: - name: Cache NPM dependencies uses: SonarSource/gh-action_cache@v1 with: - path: ~/.npm + path: | + ~/.npm + node_modules/ key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} @@ -176,7 +178,9 @@ jobs: - name: Cache NPM dependencies uses: SonarSource/gh-action_cache@v1 with: - path: ~/.npm + path: | + ~/.npm + node_modules/ key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} @@ -250,7 +254,9 @@ jobs: - name: Cache NPM dependencies uses: SonarSource/gh-action_cache@v1 with: - path: ~/.npm + path: | + ~/.npm + node_modules/ key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} @@ -313,7 +319,9 @@ jobs: - name: Cache NPM dependencies uses: SonarSource/gh-action_cache@v1 with: - path: ~/.npm + path: | + ~/.npm + node_modules/ key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} diff --git a/.github/workflows/credcheck.yml b/.github/workflows/credcheck.yml index bb61560fa..8cbc1f885 100644 --- a/.github/workflows/credcheck.yml +++ b/.github/workflows/credcheck.yml @@ -33,7 +33,9 @@ jobs: - name: Cache NPM dependencies uses: SonarSource/gh-action_cache@v1 with: - path: ~/.npm + path: | + ~/.npm + node_modules/ key: npm-${{ runner.os }}-credcheck-${{ hashFiles('.github/actions/vsce-publish/package-lock.json', '.github/actions/ovsx-publish/package-lock.json') }} restore-keys: npm-${{ runner.os }}-credcheck- diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d31352f84..518e7b2c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -59,7 +59,7 @@ jobs: run: | cp ${GITHUB_WORKSPACE}/.github/scripts/.npmrc ./.npmrc export ARTIFACTORY_ACCESS_TOKEN=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} - npm install + npm ci working-directory: ./.github/actions/vsce-publish - name: Extract version, file name and download URL id: extract_version @@ -140,7 +140,9 @@ jobs: - name: Cache NPM dependencies uses: SonarSource/gh-action_cache@v1 with: - path: ~/.npm + path: | + ~/.npm + node_modules/ key: npm-${{ runner.os }}-ovsx-publish-${{ hashFiles('.github/actions/ovsx-publish/package-lock.json') }} restore-keys: npm-${{ runner.os }}-ovsx-publish- - name: Install dependencies for ovsx-publish diff --git a/.github/workflows/shadow-scans.yml b/.github/workflows/shadow-scans.yml index b0ff0eb6c..00250f662 100644 --- a/.github/workflows/shadow-scans.yml +++ b/.github/workflows/shadow-scans.yml @@ -40,7 +40,9 @@ jobs: - name: Cache NPM dependencies uses: SonarSource/gh-action_cache@v1 with: - path: ~/.npm + path: | + ~/.npm + node_modules/ key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }} From e643656737c1cba961afa67369df89eb253e1a17 Mon Sep 17 00:00:00 2001 From: Vasileios Naskos Date: Fri, 9 Jan 2026 14:09:51 +0100 Subject: [PATCH 3/3] BUILD-9716 Upload only the universal vsix for qa to Github Actions --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 92c1aab55..7118a666b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -148,8 +148,8 @@ jobs: - name: Upload VSIX artifact for QA tests uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: vsix-universal - path: sonarlint-vscode-*.vsix + name: universal-vsix-qa-artifact + path: sonarlint-vscode-${{ steps.project_version.outputs.PACKAGE_VERSION }}.vsix retention-days: 1 test-linux: @@ -341,7 +341,7 @@ jobs: - name: Download VSIX artifact uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: - name: vsix-universal + name: universal-vsix-qa-artifact - name: Prepare integration tests env: