Skip to content

BUILD-10889: config-npm to pull npm packages from repox#5558

Merged
hedinasr merged 1 commit intomasterfrom
fix/hnasr/BUILD-10889-config-npm
Apr 9, 2026
Merged

BUILD-10889: config-npm to pull npm packages from repox#5558
hedinasr merged 1 commit intomasterfrom
fix/hnasr/BUILD-10889-config-npm

Conversation

@hedinasr
Copy link
Copy Markdown
Contributor

@hedinasr hedinasr commented Apr 9, 2026

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown
Contributor

hashicorp-vault-sonar-prod bot commented Apr 9, 2026
edited by atlassian bot
Loading

BUILD-10889

@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha bot commented Apr 9, 2026
edited
Loading

Summary

This PR adds a single GitHub Actions step to configure npm to pull packages from repox instead of the default registry. The step uses the config-npm action from SonarSource's shared CI actions and is inserted in the upload-actual workflow, before the "Generate Diff Report" step. The configuration is skipped on Windows runners to avoid platform-specific issues.

What reviewers should know

What to review:

  • The change is minimal: one new workflow step in .github/actions/upload-actual/action.yml
  • The step invokes an external action (SonarSource/ci-github-actions/config-npm@v1) — the actual npm configuration logic lives there, not in this repo
  • The if: runner.os != 'Windows' condition is intentional and reasonable for npm tooling compatibility

Context:

  • This is part of a larger effort (BUILD-10889) to standardize npm registry configuration across CI pipelines
  • The step runs early in the artifact upload flow, ensuring npm is configured before any downstream steps that might need package installation
  • No other files or workflows are affected by this change

No testing visible in the diff — verify that existing CI runs successfully with this new step enabled.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@hedinasr hedinasr force-pushed the fix/hnasr/BUILD-10889-config-npm branch from 2da65d5 to 26cf8f5 Compare April 9, 2026 13:35
tomasz-tylenda-sonarsource
tomasz-tylenda-sonarsource reviewed Apr 9, 2026
View reviewed changes
@hedinasr hedinasr force-pushed the fix/hnasr/BUILD-10889-config-npm branch 2 times, most recently from d9b9576 to f4314b0 Compare April 9, 2026 14:59
@hedinasr hedinasr force-pushed the fix/hnasr/BUILD-10889-config-npm branch from f4314b0 to e8e7c58 Compare April 9, 2026 15:09
@sonarqube-next
Copy link
Copy Markdown

sonarqube-next bot commented Apr 9, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

tomasz-tylenda-sonarsource
tomasz-tylenda-sonarsource reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Test run is https://github.com/SonarSource/sonar-java/actions/runs/24197708489 - it generated expected diff files.

@hedinasr hedinasr enabled auto-merge (rebase) April 9, 2026 15:27
sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

Clean, minimal change. The config-npm step is correctly placed before npx diff2html-cli in the Generate Diff Report step, which is the sole consumer of npm packages in this action. The Windows guard is consistent with the rest of the action (the bash shell step also implicitly targets non-Windows). No issues found.

🗣️ Give feedback

@hedinasr hedinasr merged commit b52d978 into master Apr 9, 2026
19 checks passed
@hedinasr hedinasr deleted the fix/hnasr/BUILD-10889-config-npm branch April 9, 2026 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hedinasr @tomasz-tylenda-sonarsource