From c0fc74ee7ccaaf5c5ac3a8a50df90dc1a23120f2 Mon Sep 17 00:00:00 2001
From: Julien Carsique <julien.carsique@sonarsource.com>
Date: Wed, 18 Feb 2026 18:06:26 +0100
Subject: [PATCH] BUILD-9208 Exclude release and sign profiles during Maven
 shadow scans

Shadow scans perform analysis without deployment, so release and sign Maven profiles are unnecessary overhead.
This change prevents adding these profiles when RUN_SHADOW_SCANS is enabled, making Maven builds faster and logs cleaner.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 build-maven/build.sh     |  8 ++++++--
 spec/build-maven_spec.sh | 22 ++++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/build-maven/build.sh b/build-maven/build.sh
index e26d9d0e..76a61902 100755
--- a/build-maven/build.sh
+++ b/build-maven/build.sh
@@ -166,12 +166,16 @@ build_maven() {
 
   if is_default_branch || is_maintenance_branch; then
     echo "======= Build and analyze $GITHUB_REF_NAME ======="
-    maven_command_args+=("-Prelease,sign")
+    if [[ "${RUN_SHADOW_SCANS}" != "true" ]]; then
+      maven_command_args+=("-Prelease,sign")
+    fi
   elif is_pull_request; then
     echo "======= Build and analyze pull request $PULL_REQUEST ($GITHUB_HEAD_REF) ======="
   elif is_dogfood_branch; then
     echo "======= Build dogfood branch $GITHUB_REF_NAME ======="
-    maven_command_args+=("-Prelease")
+    if [[ "${RUN_SHADOW_SCANS}" != "true" ]]; then
+      maven_command_args+=("-Prelease")
+    fi
   elif is_long_lived_feature_branch; then
     echo "======= Build and analyze long lived feature branch $GITHUB_REF_NAME ======="
   else
diff --git a/spec/build-maven_spec.sh b/spec/build-maven_spec.sh
index 243d7dfa..4af975a7 100755
--- a/spec/build-maven_spec.sh
+++ b/spec/build-maven_spec.sh
@@ -495,6 +495,28 @@ Describe 'build_maven()'
       The output should include "Maven command: mvn install"
       The output should not include "Maven command: mvn deploy"
     End
+
+    It 'excludes release and sign profiles when shadow scans are enabled'
+      When call build_maven
+      The status should be success
+      The stderr should include "Shadow scans enabled - disabling deployment"
+      The output should include "Maven command: mvn install -Pcoverage"
+      The output should not include "release"
+      The output should not include "sign"
+    End
+  End
+
+  Describe 'dogfood branch with shadow scans'
+    export GITHUB_REF_NAME="dogfood-on-next"
+    export RUN_SHADOW_SCANS="true"
+
+    It 'excludes release profile when shadow scans are enabled'
+      When call build_maven
+      The status should be success
+      The stderr should include "Shadow scans enabled - disabling deployment"
+      The output should include "Maven command: mvn install"
+      The output should not include "release"
+    End
   End
 
   Describe 'scan depends on the sonar platform and branch'