Skip to content

SONARJAVA-6342 Update GitHub Action to use version 7 for release workflow#5595

Open
rombirli wants to merge 1 commit intomasterfrom
rombirli/gh-action-release-v7
Open

SONARJAVA-6342 Update GitHub Action to use version 7 for release workflow#5595
rombirli wants to merge 1 commit intomasterfrom
rombirli/gh-action-release-v7

Conversation

@rombirli
Copy link
Copy Markdown
Contributor

@rombirli rombirli commented May 5, 2026

No description provided.

@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod Bot changed the title Update GitHub Action to use version 7 for release workflow SONARJAVA-6342 Update GitHub Action to use version 7 for release workflow May 5, 2026
@hashicorp-vault-sonar-prod
Copy link
Copy Markdown
Contributor

hashicorp-vault-sonar-prod Bot commented May 5, 2026
edited by atlassian Bot
Loading

SONARJAVA-6342

@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented May 5, 2026
edited
Loading

Summary

This PR updates the release workflow to use version 7 of the SonarSource/gh-action_release reusable workflow action, replacing the previous v6 pin in .github/workflows/release.yml. The change affects the release orchestration pipeline.

What reviewers should know

What to review:

  • This is a single-line version pin update in the release workflow
  • Reviewers should check what changed between v6 and v7 of the upstream SonarSource/gh-action_release action to understand the impact
  • Verify that the updated action is compatible with the Maven Central sync and binary publishing configurations passed in the with: block
  • Consider whether v7 introduces any new requirements, breaking changes, or behavioral shifts in the release process

Context:

  • The release workflow uses a reusable workflow pattern (.github/workflows/main.yaml) from an external repository
  • The specific parameters (publishToBinaries, mavenCentralSync) remain unchanged
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented May 5, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

Clean, minimal change. gh-action_release is referenced in exactly one place in the repository, so there are no version consistency issues across workflows. Pinning to a mutable tag (@v7) is consistent with the pattern used throughout this codebase (automated-release.yml uses @v1, releasability.yaml uses @v3).

The one thing worth confirming before merge: verify that all with: parameters passed to the action (publishToBinaries, mavenCentralSync, slackChannel, version, releaseId, dryRun) are still valid in v7. If v7 renamed or removed any of these inputs, the workflow will silently skip or fail those steps. Since gh-action_release is an internal SonarSource action, the team maintaining it should be able to confirm compatibility quickly.

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rombirli