Skip to content

BUILD-9716 Optimize workflow #894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SonarTech wants to merge 3 commits into
base: master
Choose a base branch
from
Open

BUILD-9716 Optimize workflow #894

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d36eccc
BUILD-9716 Optimize workflow
mikolaj-matuszny-ext-sonarsource Dec 24, 2025
e20f7b7
BUILD-9716 Cache node_modules
vnaskos-sonar Jan 9, 2026
e643656
BUILD-9716 Upload only the universal vsix for qa to Github Actions
vnaskos-sonar Jan 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 69 additions & 22 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,12 +82,24 @@ jobs:
echo "| **Branch** | \`${{ needs.prepare.outputs.BRANCH_NAME }}\` |" >> $GITHUB_STEP_SUMMARY

- name: Cache NPM dependencies
uses: SonarSource/ci-github-actions/cache@v1
uses: SonarSource/gh-action_cache@v1
with:
path: ~/.npm
path: |
~/.npm
node_modules/
key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: npm-${{ runner.os }}

- name: Cache JAR dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: |
server/
analyzers/
eslint-bridge/
key: jars-${{ runner.os }}-${{ hashFiles('package.json') }}
restore-keys: jars-${{ runner.os }}

- name: Prepare build
env:
ARTIFACTORY_PRIVATE_READER_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USER }}
Expand Down Expand Up @@ -133,6 +145,13 @@ jobs:
GITHUB_BRANCH: ${{ github.head_ref || github.ref_name }}
run: npm run deploy-all-marketplaces

- name: Upload VSIX artifact for QA tests
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: universal-vsix-qa-artifact
path: sonarlint-vscode-${{ steps.project_version.outputs.PACKAGE_VERSION }}.vsix
retention-days: 1

test-linux:
runs-on: github-ubuntu-latest-m
name: Run tests on Linux
Expand All @@ -157,12 +176,24 @@ jobs:
- uses: SonarSource/ci-github-actions/get-build-number@v1

- name: Cache NPM dependencies
uses: SonarSource/ci-github-actions/cache@v1
uses: SonarSource/gh-action_cache@v1
with:
path: ~/.npm
path: |
~/.npm
node_modules/
key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: npm-${{ runner.os }}

- name: Cache JAR dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: |
server/
analyzers/
eslint-bridge/
key: jars-${{ runner.os }}-${{ hashFiles('package.json') }}
restore-keys: jars-${{ runner.os }}

- name: Prepare xvfb and ffmpeg
run: mise run install-system-deps

Expand All @@ -186,7 +217,7 @@ jobs:

- name: Upload tests recording
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: linux-test-recording
path: vscode_test-linux_${{ github.run_id }}.mp4
Expand Down Expand Up @@ -221,12 +252,24 @@ jobs:
development/kv/data/next token | SONAR_TOKEN;

- name: Cache NPM dependencies
uses: SonarSource/ci-github-actions/cache@v1
uses: SonarSource/gh-action_cache@v1
with:
path: ~/.npm
path: |
~/.npm
node_modules/
key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: npm-${{ runner.os }}

- name: Cache JAR dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: |
server/
analyzers/
eslint-bridge/
key: jars-${{ runner.os }}-${{ hashFiles('package.json') }}
restore-keys: jars-${{ runner.os }}

- name: Run tests with coverage
env:
ARTIFACTORY_PRIVATE_READER_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USER }}
Expand Down Expand Up @@ -274,27 +317,31 @@ jobs:
development/kv/data/slack token | SLACK_BOT_TOKEN;

- name: Cache NPM dependencies
uses: SonarSource/ci-github-actions/cache@v1
uses: SonarSource/gh-action_cache@v1
with:
path: ~/.npm
path: |
~/.npm
node_modules/
key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: npm-${{ runner.os }}

- name: Cache JAR dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: |
server/
analyzers/
eslint-bridge/
key: jars-${{ runner.os }}-${{ hashFiles('package.json') }}
restore-keys: jars-${{ runner.os }}

- name: Prepare xvfb and ffmpeg
run: mise run install-system-deps

- name: Download VSIX from Artifactory
env:
ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }}
ARTIFACTORY_PRIVATE_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USER }}
ARTIFACTORY_PRIVATE_PASSWORD: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
PACKAGE_VERSION: ${{ needs.build.outputs.PACKAGE_VERSION }}
PROJECT_VERSION: ${{ needs.build.outputs.PROJECT_VERSION }}
run: |
echo "Downloading staged VSIX for ${PROJECT_VERSION}"
curl -u "${ARTIFACTORY_PRIVATE_USERNAME}:${ARTIFACTORY_PRIVATE_PASSWORD}" \
-o "sonarlint-vscode-${PACKAGE_VERSION}.vsix" \
"${ARTIFACTORY_URL}/sonarsource-public-qa/org/sonarsource/sonarlint/vscode/sonarlint-vscode/${PROJECT_VERSION}/sonarlint-vscode-${PACKAGE_VERSION}.vsix"
- name: Download VSIX artifact
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: universal-vsix-qa-artifact

- name: Prepare integration tests
env:
Expand All @@ -321,7 +368,7 @@ jobs:

- name: Upload test recording
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: its-test-recording-${{ matrix.qa_category }}
path: its/vscode_qa-tests-${{ matrix.qa_category }}_${{ github.run_id }}.mp4
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/credcheck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,15 @@ jobs:
development/kv/data/visualstudio VSCE_TOKEN | VISUALSTUDIO_PAT;
development/team/sonarlint/kv/data/openvsx token | OPENVSX_TOKEN;

- name: Cache NPM dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: |
~/.npm
node_modules/
key: npm-${{ runner.os }}-credcheck-${{ hashFiles('.github/actions/vsce-publish/package-lock.json', '.github/actions/ovsx-publish/package-lock.json') }}
restore-keys: npm-${{ runner.os }}-credcheck-

- name: Check marketplace publisher personal access token
if: ${{ !cancelled() }}
env:
Expand Down
18 changes: 16 additions & 2 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,17 @@ jobs:
secrets: |
development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
development/kv/data/visualstudio VSCE_TOKEN | VISUALSTUDIO_PAT;
- name: Cache NPM dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: ~/.npm
key: npm-${{ runner.os }}-vsce-publish-${{ hashFiles('.github/actions/vsce-publish/package-lock.json') }}
restore-keys: npm-${{ runner.os }}-vsce-publish-
- name: Install dependencies for vsce-publish
run: |
cp ${GITHUB_WORKSPACE}/.github/scripts/.npmrc ./.npmrc
export ARTIFACTORY_ACCESS_TOKEN=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
npm install
npm ci
working-directory: ./.github/actions/vsce-publish
- name: Extract version, file name and download URL
id: extract_version
Expand Down Expand Up @@ -131,11 +137,19 @@ jobs:
secrets: |
development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
development/team/sonarlint/kv/data/openvsx token | OPENVSX_TOKEN;
- name: Cache NPM dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: |
~/.npm
node_modules/
key: npm-${{ runner.os }}-ovsx-publish-${{ hashFiles('.github/actions/ovsx-publish/package-lock.json') }}
restore-keys: npm-${{ runner.os }}-ovsx-publish-
- name: Install dependencies for ovsx-publish
run: |
cp ${GITHUB_WORKSPACE}/.github/scripts/.npmrc ./.npmrc
export ARTIFACTORY_ACCESS_TOKEN=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
npm install
npm ci
working-directory: ./.github/actions/ovsx-publish
- name: Extract version, file name and download URL
id: extract_version
Expand Down
16 changes: 14 additions & 2 deletions .github/workflows/shadow-scans.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,24 @@ jobs:
- uses: SonarSource/ci-github-actions/get-build-number@v1

- name: Cache NPM dependencies
uses: SonarSource/ci-github-actions/cache@v1
uses: SonarSource/gh-action_cache@v1
with:
path: ~/.npm
path: |
~/.npm
node_modules/
key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: npm-${{ runner.os }}

- name: Cache JAR dependencies
uses: SonarSource/gh-action_cache@v1
with:
path: |
server/
analyzers/
eslint-bridge/
key: jars-${{ runner.os }}-${{ hashFiles('package.json') }}
restore-keys: jars-${{ runner.os }}

- name: Prepare project
env:
ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }}
Expand Down