Skip to content

Fix macOS Analyzers Build: add repox credentials#228

Merged
saberduck merged 2 commits into
masterfrom
fix/macos-repox-credentials
Apr 28, 2026
Merged

Fix macOS Analyzers Build: add repox credentials#228
saberduck merged 2 commits into
masterfrom
fix/macos-repox-credentials

Conversation

@saberduck

@saberduck saberduck commented Apr 27, 2026

Copy link
Copy Markdown
Contributor

@saberduck saberduck requested a review from a team as a code owner April 27, 2026 14:55
@sonar-review-alpha

sonar-review-alpha Bot commented Apr 27, 2026
edited
Loading

Copy link
Copy Markdown

Summary

This PR adds repox credentials to the macOS Analyzers build and enables manual workflow triggering.

Main change: Adds the SonarSource/ci-github-actions/config-gradle@v1 action to configure Gradle with repository credentials. Without these credentials, Gradle falls back to the Gradle Plugin Portal, which publishes artifacts with different checksums than the internal repox repository. This causes verification metadata validation to fail. The repox repository normalizes POMs, avoiding this checksum mismatch.

Secondary change: Adds || github.event_name == 'workflow_dispatch' to allow manual triggering of the macOS build via GitHub Actions UI.

This mirrors the credentials fix already applied to cross_platform_analyzers in PR #226.

What reviewers should know

Key areas to review:

  • The config-gradle action is added directly before the build step (line 42). This is the standard placement and matches the pattern used in cross_platform_analyzers.
  • The action uses SonarSource/ci-github-actions/config-gradle@v1 — confirm this is the expected version and matches what's used elsewhere in the workflow.
  • The workflow_dispatch change is independent; it enables manual runs but does not affect the credentials flow.

Context for reviewers:

  • This is a security-related change (adds credential handling) but uses SonarSource's official GitHub Action, so credentials themselves are not embedded in the workflow YAML.
  • The checksum mismatch issue stems from differences in how POMs are normalized between repositories — this is a known issue when switching between artifact sources.
  • If you want to verify the pattern matches the earlier fix, check the cross_platform_analyzers job in the same workflow file.
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed Apr 27, 2026
View reviewed changes

@sonar-review-alpha sonar-review-alpha Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@sonarqube-next

sonarqube-next Bot commented Apr 27, 2026

Copy link
Copy Markdown

Quality Gate passed Quality Gate passed for 'sonar-rust'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@saberduck saberduck enabled auto-merge (squash) April 28, 2026 04:57
@saberduck saberduck merged commit 20698ce into master Apr 28, 2026
18 of 21 checks passed
@saberduck saberduck deleted the fix/macos-repox-credentials branch April 28, 2026 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romainbrenguier romainbrenguier romainbrenguier approved these changes

+1 more reviewer

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@saberduck @romainbrenguier