BUILD-10889: Migrate GitHub Actions workflows to sonar-*-public runners (#5547)

hedinasr · web-flow · commit 21cadefba4cf · 2026-04-09T12:14:53.000+02:00
diff --git a/.github/workflows/PrepareNextIteration.yml b/.github/workflows/PrepareNextIteration.yml
@@ -10,7 +10,7 @@ on:
 jobs:
   Next-Iteration-Job:
     name: Next Iteration Job
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       pull-requests: write
       contents: write
diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml
@@ -7,7 +7,7 @@ on:
 jobs:
   PullRequestMerged_job:
     name: Pull Request Merged
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
       pull-requests: read
diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml
@@ -7,7 +7,7 @@ on:
 jobs:
   PullRequestCreated_job:
     name: Pull Request Created
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
     # For external PR, ticket should be created manually
diff --git a/.github/workflows/ReleasabilityCheck.yml b/.github/workflows/ReleasabilityCheck.yml
@@ -14,7 +14,7 @@ name: Releasability Check
 jobs:
   releasability-status:
     name: Releasability status
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
       statuses: write
diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml
@@ -7,7 +7,7 @@ on:
 jobs:
   RequestReview_job:
     name: Request review
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
     # For external PR, ticket should be moved manually
diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml
@@ -7,7 +7,7 @@ on:
 jobs:
   SubmitReview_job:
     name: Submit Review
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
       pull-requests: read
diff --git a/.github/workflows/ToggleLockBranch.yml b/.github/workflows/ToggleLockBranch.yml
@@ -6,7 +6,7 @@ on:
 jobs:
   ToggleLockBranch_job:
     name: Toggle lock branch
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
     steps:
diff --git a/.github/workflows/UpdateRuleMetadata.yml b/.github/workflows/UpdateRuleMetadata.yml
@@ -4,7 +4,7 @@ on: workflow_dispatch
 
 jobs:
   rule-metadata-update:
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/automated-release.yml b/.github/workflows/automated-release.yml
@@ -57,7 +57,7 @@ jobs:
       plugin-artifacts-sqs: "java"
       plugin-artifacts-sqc: "java"
       jira-project-key: "SONARJAVA"
-      runner-environment: "github-ubuntu-latest-s"
+      runner-environment: "sonar-xs-public"
       rule-props-changed: false
       short-description: ${{ github.event.inputs.short-description }}
       new-version: ${{ github.event.inputs.new-version }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -21,7 +21,7 @@ env:
 
 jobs:
   build:
-    runs-on: github-ubuntu-latest-m  # Public repo uses custom GitHub-hosted runner
+    runs-on: sonar-m-public
     name: Build
     permissions:
       id-token: write  # Required for Vault OIDC authentication
@@ -56,8 +56,8 @@ jobs:
       fail-fast: false
       matrix:
         item:
-          - { runner: github-ubuntu-latest-m, profile: without-sonarqube-project, sq_version: LATEST_RELEASE }
-          - { runner: github-ubuntu-latest-m, profile: only-sonarqube-project, sq_version: LATEST_RELEASE }
+          - { runner: sonar-m-public, profile: without-sonarqube-project, sq_version: LATEST_RELEASE }
+          - { runner: sonar-m-public, profile: only-sonarqube-project, sq_version: LATEST_RELEASE }
           - { runner: github-windows-latest-m, profile: without-sonarqube-project, sq_version: LATEST_RELEASE }
           - { runner: github-windows-latest-m, profile: only-sonarqube-project, sq_version: LATEST_RELEASE }
     name: Ruling QA
@@ -125,7 +125,7 @@ jobs:
     needs:
       - build
     if: ${{ needs.build.outputs.deployed }}
-    runs-on: github-ubuntu-latest-m
+    runs-on: sonar-m-public
     permissions:
       id-token: write
       contents: write
@@ -168,7 +168,7 @@ jobs:
     needs:
       - build
     if: ${{ needs.build.outputs.deployed }}
-    runs-on: github-ubuntu-latest-m
+    runs-on: sonar-m-public
     permissions:
       id-token: write
       contents: write
@@ -210,7 +210,7 @@ jobs:
     needs:
       - build
     if: ${{ needs.build.outputs.deployed }}
-    runs-on: github-ubuntu-latest-l
+    runs-on: sonar-l-public
     permissions:
       id-token: write
       contents: write
@@ -245,7 +245,7 @@ jobs:
     needs:
       - build
     if: ${{ needs.build.outputs.deployed }}
-    runs-on: github-ubuntu-latest-m
+    runs-on: sonar-m-public
     permissions:
       id-token: write
       contents: write
@@ -292,7 +292,7 @@ jobs:
     needs:
       - build
     if: ${{ needs.build.outputs.deployed }}
-    runs-on: github-ubuntu-latest-m
+    runs-on: sonar-m-public
     permissions:
       id-token: write
       contents: write
@@ -383,7 +383,7 @@ jobs:
       - autoscan
       - qa-os-win
     if: ${{ needs.build.outputs.deployed }}
-    runs-on: github-ubuntu-latest-s  # Public repo uses custom GitHub-hosted runners
+    runs-on: sonar-s-public
     name: Promote
     permissions:
       id-token: write
diff --git a/.github/workflows/cleanup-cache.yml b/.github/workflows/cleanup-cache.yml
@@ -21,7 +21,7 @@ on:
 
 jobs:
   cleanup:
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write
       contents: read
diff --git a/.github/workflows/dogfood.yml b/.github/workflows/dogfood.yml
@@ -12,7 +12,7 @@ on:
 
 jobs:
   dogfood_merge:
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     name: Update dogfood branch
     permissions:
       id-token: write # required for SonarSource/vault-action-wrapper
diff --git a/.github/workflows/mark-prs-stale.yml b/.github/workflows/mark-prs-stale.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   stale:
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       issues: write
       pull-requests: write
diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   cleanup:
-    runs-on: github-ubuntu-latest-s  # Public repo
+    runs-on: sonar-xs-public  # Public repo
     permissions:
       actions: write
     steps:
diff --git a/.github/workflows/releasability.yaml b/.github/workflows/releasability.yaml
@@ -11,7 +11,7 @@ on:
 jobs:
   releasability-job:
     name: Releasability check
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-xs-public
     permissions:
       id-token: write      # required by SonarSource/vault-action-wrapper
       contents: read       # required by checkout
diff --git a/.github/workflows/unified-dogfooding.yml b/.github/workflows/unified-dogfooding.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   unified-platform-dogfooding:
-    runs-on: github-ubuntu-latest-l
+    runs-on: sonar-l-public
     name: Unified Platform Dogfooding
     permissions:
       id-token: write
