From 8664e3f95d7c5f1d99e256421afab6241ec1ff3d Mon Sep 17 00:00:00 2001 From: Brian Date: Thu, 26 Mar 2026 16:16:20 -0500 Subject: [PATCH 01/10] PREQ-4918: Support unique artfiact names for matrix jobs --- build-gradle/action.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/build-gradle/action.yml b/build-gradle/action.yml index 99fceea7..87cf8140 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -67,6 +67,14 @@ inputs: generate-summary: description: Whether to generate a workflow summary after the build. default: 'true' + artifact-name: + description: >- + Suffix appended to the problems-report artifact name: `problems-report-`. + Defaults to ``, which is unique for direct matrix jobs but + collides when this action is called from a reusable workflow (where `github.job` is always + the called workflow's job id). Override with a unique value (e.g. the module name) when + using this action inside a reusable workflow that is invoked in a matrix. + default: '' outputs: project-version: @@ -179,7 +187,7 @@ runs: if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: problems-report-${{ github.job }}${{ strategy.job-index }} + name: problems-report-${{ inputs.artifact-name != '' && inputs.artifact-name || format('{0}{1}', github.job, strategy.job-index) }} path: build/reports/problems/problems-report.html if-no-files-found: ignore From 760bfd5a3d203503dfc33956bd2ec2246c975aca Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 12:12:27 +0200 Subject: [PATCH 02/10] PREQ-4918: Replace artifact-name with job-identifier and UUID fallback in build-gradle Co-Authored-By: Claude Sonnet 4.6 --- build-gradle/action.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/build-gradle/action.yml b/build-gradle/action.yml index 87cf8140..71bd68ec 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -67,13 +67,12 @@ inputs: generate-summary: description: Whether to generate a workflow summary after the build. default: 'true' - artifact-name: + job-identifier: description: >- - Suffix appended to the problems-report artifact name: `problems-report-`. - Defaults to ``, which is unique for direct matrix jobs but - collides when this action is called from a reusable workflow (where `github.job` is always - the called workflow's job id). Override with a unique value (e.g. the module name) when - using this action inside a reusable workflow that is invoked in a matrix. + Unique identifier appended to the artifact name (`problems-report-`). + Set this to a matrix dimension (e.g. `${{ matrix.module }}`) when calling this action + from a reusable workflow that is invoked in a matrix, to produce human-readable artifact + names. When omitted, a UUID is generated automatically to guarantee uniqueness. default: '' outputs: @@ -183,11 +182,17 @@ runs: working-directory: ${{ inputs.working-directory }} run: $ACTION_PATH_BUILD_GRADLE/build.sh + - name: Generate unique job ID + id: uid + if: always() + shell: bash + run: echo "value=$(cat /proc/sys/kernel/random/uuid)" >> $GITHUB_OUTPUT + - name: Archive problems report if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: problems-report-${{ inputs.artifact-name != '' && inputs.artifact-name || format('{0}{1}', github.job, strategy.job-index) }} + name: problems-report-${{ inputs.job-identifier != '' && inputs.job-identifier || steps.uid.outputs.value }} path: build/reports/problems/problems-report.html if-no-files-found: ignore From 02578df8d1b777c9fde6cad239303a821d844ec2 Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 12:24:37 +0200 Subject: [PATCH 03/10] PREQ-4918: Use python3 for cross-platform UUID generation in build-gradle --- build-gradle/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-gradle/action.yml b/build-gradle/action.yml index 71bd68ec..92c9b27a 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -186,7 +186,7 @@ runs: id: uid if: always() shell: bash - run: echo "value=$(cat /proc/sys/kernel/random/uuid)" >> $GITHUB_OUTPUT + run: echo "value=$(python3 -c 'import uuid; print(uuid.uuid4())')" >> "$GITHUB_OUTPUT" - name: Archive problems report if: always() From 622f910fc7e15654bfd83df74351bc7b1845a183 Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 12:27:12 +0200 Subject: [PATCH 04/10] PREQ-4918: Document job-identifier input in build-gradle README --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 67b95939..a8f02c00 100644 --- a/README.md +++ b/README.md @@ -680,6 +680,21 @@ See also [`config-gradle`](#config-gradle) input environment variables. | `provenance` | Whether to generate provenance attestation for built artifacts | `false` | | `provenance-artifact-paths` | Relative paths of artifacts for provenance attestation (glob pattern). See [Provenance Attestation](#provenance-attestation) | (optional) | | `generate-summary` | Whether to generate a workflow summary after the build | `true` | +| `job-identifier` | Unique identifier for the problems-report artifact name. Set to a matrix dimension (e.g. `${{ matrix.module }}`) when using this action inside a reusable workflow invoked in a matrix. Auto-generated UUID when omitted. | (optional) | + +> [!TIP] +> When using this action inside a reusable workflow that is itself called in a matrix, set +> `job-identifier` to a matrix dimension to produce readable artifact names: +> +> ```yaml +> - uses: SonarSource/ci-github-actions/build-gradle@v1 +> with: +> job-identifier: ${{ matrix.module }} +> ``` +> +> Without this, a UUID is generated automatically — artifact names will be unique but opaque. + + > [!TIP] > When using `working-directory`, Java must be available at root due to a limitation From f0d9720c0c6a6522f6217227063a45175693e097 Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 12:33:20 +0200 Subject: [PATCH 05/10] PREQ-4918: Add job-identifier input with UUID fallback to build-npm --- build-npm/action.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/build-npm/action.yml b/build-npm/action.yml index c85288a1..540c28c7 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -59,6 +59,13 @@ inputs: generate-summary: description: Whether to generate a workflow summary after the build. default: 'true' + job-identifier: + description: >- + Unique identifier appended to the artifact name (`npm-logs-`). + Set this to a matrix dimension (e.g. `${{ matrix.module }}`) when calling this action + from a reusable workflow that is invoked in a matrix, to produce human-readable artifact + names. When omitted, a UUID is generated automatically to guarantee uniqueness. + default: '' outputs: BUILD_NUMBER: @@ -173,11 +180,17 @@ runs: working-directory: ${{ inputs.working-directory }} run: $ACTION_PATH_BUILD_NPM/build.sh + - name: Generate unique job ID + id: uid + if: always() + shell: bash + run: echo "value=$(python3 -c 'import uuid; print(uuid.uuid4())')" >> "$GITHUB_OUTPUT" + - name: Archive logs if: failure() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: npm-logs-${{ github.job }}${{ strategy.job-index }} + name: npm-logs-${{ inputs.job-identifier != '' && inputs.job-identifier || steps.uid.outputs.value }} path: ~/.npm/_logs/ if-no-files-found: ignore From 0d041ed467cf1c88ec021564f34245b533e0a9ad Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 12:33:27 +0200 Subject: [PATCH 06/10] PREQ-4918: Document job-identifier input in build-npm README --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index a8f02c00..2e9caa56 100644 --- a/README.md +++ b/README.md @@ -972,6 +972,19 @@ See also [`config-npm`](#config-npm) input environment variables. | `provenance` | Whether to generate provenance attestation for built artifacts | `false` | | `provenance-artifact-paths` | Relative paths of artifacts for provenance attestation (glob pattern). See [Provenance Attestation](#provenance-attestation) | (optional) | | `generate-summary` | Whether to generate a workflow summary after the build | `true` | +| `job-identifier` | Unique identifier for the npm-logs artifact name. Set to a matrix dimension (e.g. `${{ matrix.module }}`) when using this action inside a reusable workflow invoked in a matrix. Auto-generated UUID when omitted. | (optional) | + +> [!TIP] +> When using this action inside a reusable workflow that is itself called in a matrix, set +> `job-identifier` to a matrix dimension to produce readable artifact names: +> +> ```yaml +> - uses: SonarSource/ci-github-actions/build-npm@v1 +> with: +> job-identifier: ${{ matrix.module }} +> ``` +> +> Without this, a UUID is generated automatically — artifact names will be unique but opaque. ### Outputs From 1568050be0bc9d58b89daa50e14b85609733bcb8 Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 12:34:48 +0200 Subject: [PATCH 07/10] PREQ-4918: Remove expression syntax from job-identifier descriptions --- build-gradle/action.yml | 2 +- build-npm/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-gradle/action.yml b/build-gradle/action.yml index 92c9b27a..ba6b950d 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -70,7 +70,7 @@ inputs: job-identifier: description: >- Unique identifier appended to the artifact name (`problems-report-`). - Set this to a matrix dimension (e.g. `${{ matrix.module }}`) when calling this action + Set this to a matrix dimension value (e.g. the value of `matrix.module`) when calling this action from a reusable workflow that is invoked in a matrix, to produce human-readable artifact names. When omitted, a UUID is generated automatically to guarantee uniqueness. default: '' diff --git a/build-npm/action.yml b/build-npm/action.yml index 540c28c7..b7275901 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -62,7 +62,7 @@ inputs: job-identifier: description: >- Unique identifier appended to the artifact name (`npm-logs-`). - Set this to a matrix dimension (e.g. `${{ matrix.module }}`) when calling this action + Set this to a matrix dimension value (e.g. the value of `matrix.module`) when calling this action from a reusable workflow that is invoked in a matrix, to produce human-readable artifact names. When omitted, a UUID is generated automatically to guarantee uniqueness. default: '' From 3a3c6da1918e50fd8e6b5e2d3812b9e17401127b Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 13:06:08 +0200 Subject: [PATCH 08/10] PREQ-4918: Use run_id and runner.name for unique artifact names in build-gradle --- build-gradle/action.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/build-gradle/action.yml b/build-gradle/action.yml index ba6b950d..e825152c 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -72,7 +72,7 @@ inputs: Unique identifier appended to the artifact name (`problems-report-`). Set this to a matrix dimension value (e.g. the value of `matrix.module`) when calling this action from a reusable workflow that is invoked in a matrix, to produce human-readable artifact - names. When omitted, a UUID is generated automatically to guarantee uniqueness. + names. When omitted, the run ID and runner name are used to guarantee uniqueness. default: '' outputs: @@ -182,17 +182,11 @@ runs: working-directory: ${{ inputs.working-directory }} run: $ACTION_PATH_BUILD_GRADLE/build.sh - - name: Generate unique job ID - id: uid - if: always() - shell: bash - run: echo "value=$(python3 -c 'import uuid; print(uuid.uuid4())')" >> "$GITHUB_OUTPUT" - - name: Archive problems report if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: problems-report-${{ inputs.job-identifier != '' && inputs.job-identifier || steps.uid.outputs.value }} + name: problems-report-${{ inputs.job-identifier != '' && inputs.job-identifier || format('{0}-{1}', github.run_id, runner.name) }} path: build/reports/problems/problems-report.html if-no-files-found: ignore From 9e2a37017ccaa94e1c027c83ffb519b6e3bd0b0e Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 13:08:07 +0200 Subject: [PATCH 09/10] PREQ-4918: Use run_id and runner.name for unique artifact names in build-npm --- build-npm/action.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/build-npm/action.yml b/build-npm/action.yml index b7275901..bd73f5e0 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -64,7 +64,7 @@ inputs: Unique identifier appended to the artifact name (`npm-logs-`). Set this to a matrix dimension value (e.g. the value of `matrix.module`) when calling this action from a reusable workflow that is invoked in a matrix, to produce human-readable artifact - names. When omitted, a UUID is generated automatically to guarantee uniqueness. + names. When omitted, the run ID and runner name are used to guarantee uniqueness. default: '' outputs: @@ -180,17 +180,11 @@ runs: working-directory: ${{ inputs.working-directory }} run: $ACTION_PATH_BUILD_NPM/build.sh - - name: Generate unique job ID - id: uid - if: always() - shell: bash - run: echo "value=$(python3 -c 'import uuid; print(uuid.uuid4())')" >> "$GITHUB_OUTPUT" - - name: Archive logs if: failure() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: npm-logs-${{ inputs.job-identifier != '' && inputs.job-identifier || steps.uid.outputs.value }} + name: npm-logs-${{ inputs.job-identifier != '' && inputs.job-identifier || format('{0}-{1}', github.run_id, runner.name) }} path: ~/.npm/_logs/ if-no-files-found: ignore From 9a96167409e84aff6a40251afc2b20d7e89d4ccf Mon Sep 17 00:00:00 2001 From: Mikolaj Matuszny Date: Mon, 30 Mar 2026 13:18:14 +0200 Subject: [PATCH 10/10] PREQ-4918: Use $RANDOM fallback for unique artifact names in build-gradle and build-npm --- build-gradle/action.yml | 10 ++++++++-- build-npm/action.yml | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/build-gradle/action.yml b/build-gradle/action.yml index e825152c..8c2e517d 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -72,7 +72,7 @@ inputs: Unique identifier appended to the artifact name (`problems-report-`). Set this to a matrix dimension value (e.g. the value of `matrix.module`) when calling this action from a reusable workflow that is invoked in a matrix, to produce human-readable artifact - names. When omitted, the run ID and runner name are used to guarantee uniqueness. + names. When omitted, a random value is generated to guarantee uniqueness. default: '' outputs: @@ -182,11 +182,17 @@ runs: working-directory: ${{ inputs.working-directory }} run: $ACTION_PATH_BUILD_GRADLE/build.sh + - name: Generate unique job ID + id: uid + if: always() + shell: bash + run: echo "value=$RANDOM$RANDOM" >> "$GITHUB_OUTPUT" + - name: Archive problems report if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: problems-report-${{ inputs.job-identifier != '' && inputs.job-identifier || format('{0}-{1}', github.run_id, runner.name) }} + name: problems-report-${{ inputs.job-identifier != '' && inputs.job-identifier || steps.uid.outputs.value }} path: build/reports/problems/problems-report.html if-no-files-found: ignore diff --git a/build-npm/action.yml b/build-npm/action.yml index bd73f5e0..b703eb2b 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -64,7 +64,7 @@ inputs: Unique identifier appended to the artifact name (`npm-logs-`). Set this to a matrix dimension value (e.g. the value of `matrix.module`) when calling this action from a reusable workflow that is invoked in a matrix, to produce human-readable artifact - names. When omitted, the run ID and runner name are used to guarantee uniqueness. + names. When omitted, a random value is generated to guarantee uniqueness. default: '' outputs: @@ -180,11 +180,17 @@ runs: working-directory: ${{ inputs.working-directory }} run: $ACTION_PATH_BUILD_NPM/build.sh + - name: Generate unique job ID + id: uid + if: always() + shell: bash + run: echo "value=$RANDOM$RANDOM" >> "$GITHUB_OUTPUT" + - name: Archive logs if: failure() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: npm-logs-${{ inputs.job-identifier != '' && inputs.job-identifier || format('{0}-{1}', github.run_id, runner.name) }} + name: npm-logs-${{ inputs.job-identifier != '' && inputs.job-identifier || steps.uid.outputs.value }} path: ~/.npm/_logs/ if-no-files-found: ignore