chore: migrate Kotlin shared Sonar workflows to self-hosted SonarQube [NOJIRA]#292
Draft
tobias0106 wants to merge 2 commits into
Draft
chore: migrate Kotlin shared Sonar workflows to self-hosted SonarQube [NOJIRA]#292tobias0106 wants to merge 2 commits into
tobias0106 wants to merge 2 commits into
Conversation
… [NOJIRA] Repoint the reusable Kotlin Sonar workflows at the self-hosted SonarQube (https://sonarqube.vpn.internal.monta.app, behind the Monta VPN): - sonar-cloud.yml + pull-request-kotlin.yml: add a Tailscale step before the gradle `sonar` step so the self-hosted runner can reach the VPN-internal instance, and declare TAILSCALE_AUTHKEY as a required secret (matching the existing code-coverage-kotlin.yml convention). - Rename display strings SonarCloud -> SonarQube. The `sonar.host.url` and the SONARQUBE_TOKEN value are supplied per-service (build.gradle.kts + caller secrets mapping), so no host URL is hardcoded here. Part of the full SonarCloud -> self-hosted SonarQube migration (#project-migrate-to-sonarqube). Pattern follows monta-app/server#23360. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Make TAILSCALE_AUTHKEY an optional secret and guard the Tailscale step on its presence (env.TAILSCALE_AUTHKEY != ''). This lets Kotlin repos migrate to the self-hosted SonarQube independently: - repo not yet migrated (no TAILSCALE_AUTHKEY, build.gradle.kts still on sonarcloud.io) -> Tailscale step skipped, scan keeps hitting SonarCloud. - repo migrated (passes TAILSCALE_AUTHKEY + SONARQUBE_TOKEN, build.gradle.kts -> self-hosted) -> runner joins the tailnet and scans the self-hosted server. Avoids a flag day where merging this PR would break every caller pinned @main until each caller PR lands. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Migrate the two reusable Kotlin Sonar workflows to the self-hosted SonarQube at
https://sonarqube.vpn.internal.monta.app(full migration —#project-migrate-to-sonarqube).Changes
sonar-cloud.yml+pull-request-kotlin.yml: add a Tailscale step before the gradlesonarstep so self-hosted ARC runners can reach the VPN-internal SonarQube (same pattern asserver#23360).TAILSCALE_AUTHKEYis an optional secret, and the Tailscale step is guarded (if: env.TAILSCALE_AUTHKEY != '').SonarCloud→SonarQube.Backward compatible — no flag day
Because the workflows are pinned
@main, a required secret would break every caller the instant this merges. Instead this is opt-in per repo:TAILSCALE_AUTHKEY,build.gradle.ktsstill onsonarcloud.io) → Tailscale step skips, scan keeps hitting SonarCloud. ✅ unchangedTAILSCALE_AUTHKEY+ mapsSONAR_TOKEN: secrets.SONARQUBE_TOKEN,build.gradle.kts→ self-hosted) → runner joins the tailnet, scans self-hosted.So this PR is safe to merge first, and each Kotlin service then migrates independently in its own PR (build.gradle.kts host + caller secret mapping). No coordinated big-bang merge required.
Reference
Pattern:
monta-app/server#23360.🤖 Generated with Claude Code