BUILD-909 updated release workflow for sonar-scanner-api

Author: tobias-trabelsi-sonarsource

.cirrus.yml

@@ -35,7 +35,7 @@ env:
 # RE-USABLE CONFIGS
 #
 container_definition: &CONTAINER_DEFINITION
-  image: us.gcr.io/sonarqube-team/base:mvn-jdk-11
+  image: us.gcr.io/sonarqube-team/base:j11-m3-latest
   cluster_name: cirrus-ci-cluster
   zone: us-central1-a
   namespace: default
@@ -54,6 +54,8 @@ build_task:
   env:
     SONAR_TOKEN: ENCRYPTED[!5ba7cbb5bf9d168de69bcd444d9e884c9cf664be1115640cc64e49df6d241c309a87fc527cab533c08f289b167187017!]
     SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
+    SIGN_KEY: ENCRYPTED[!54147bd7fb86bbe802fd432fab7d53bee19e71fe642d7b57703ec985b10f1976602adc743a906ea9851e5dd793be540c!]
+    PGP_PASSPHRASE: ENCRYPTED[!15c41fa6fdc13ace4a011693a002664593e038f91a2597fad40f4295f0de9858a587c504f5b9f1f97250f19fd5f4a655!]
   maven_cache:
     folder: ${CIRRUS_WORKING_DIR}/.m2/repository
   script:

.github/workflows/release.yml

@@ -16,23 +16,17 @@ jobs:
     steps:
       - name: Run release action
         id: run_release
-        uses: SonarSource/gh-action_LT_release@v2
+        uses: SonarSource/gh-action_release/main@v3
         with:
-          distribute: true
           publish_to_binaries: true
           attach_artifacts_to_github_release: false
           run_rules_cov: false
           slack_channel: sonarqube-build
         env:
           ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }}
-          BINTRAY_USER: ${{ secrets.BINTRAY_USER }}
-          BINTRAY_TOKEN: ${{ secrets.BINTRAY_TOKEN }}
           BURGRX_USER: ${{ secrets.BURGRX_USER }}
           BURGRX_PASSWORD: ${{ secrets.BURGRX_PASSWORD }}
-          CENTRAL_USER: ${{ secrets.CENTRAL_USER }}
-          CENTRAL_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }}
           CIRRUS_TOKEN: ${{ secrets.CIRRUS_TOKEN }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
           PATH_PREFIX: ${{ secrets.BINARIES_PATH_PREFIX }}
           GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
           RELEASE_SSH_USER: ${{ secrets.RELEASE_SSH_USER }}
@@ -57,3 +51,45 @@ jobs:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
         with:
           args: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}"
+  maven-central-sync:
+    runs-on: ubuntu-latest
+    needs:
+      - run_release
+    steps:
+      - name: Setup JFrog CLI
+        uses: jfrog/setup-jfrog-cli@v1
+      - name: JFrog config
+        run: jfrog rt config repox --url https://repox.jfrog.io/artifactory/ --apikey $ARTIFACTORY_API_KEY --basic-auth-only
+        env:
+          ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }}
+      - name: Get the version
+        id: get_version
+        run: |
+          IFS=. read major minor patch build <<< "${{ github.event.release.tag_name }}"
+          echo ::set-output name=build::"${build}"
+      - name: Create local repository directory
+        id: local_repo
+        run: echo ::set-output name=dir::"$(mktemp -d repo.XXXXXXXX)"
+      - name: Download Artifacts
+        uses: SonarSource/gh-action_release/download-build@v3
+        with:
+          build-number: ${{ steps.get_version.outputs.build }}
+          local-repo-dir: ${{ steps.local_repo.outputs.dir }}
+      - name: Maven Central Sync
+        id: maven-central-sync
+        continue-on-error: true
+        uses: SonarSource/gh-action_release/maven-central-sync@v3
+        with:
+          local-repo-dir: ${{ steps.local_repo.outputs.dir }}
+        env:
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+      - name: Notify on failure
+        if: ${{ failure() || steps.maven-central-sync.outcome == 'failure' }}
+        uses: 8398a7/action-slack@v3
+        with:
+          status: failure
+          fields: repo,author,eventName
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_WEBHOOK }}
+