BUILD-8956 Extract config-poetry action from build-poetry by hedinasr · Pull Request #292 · SonarSource/ci-github-actions

hedinasr · 2026-06-11T14:13:47Z

Summary

Adds a new config-poetry composite action for Repox authentication, JFrog CLI setup, Poetry caching, and build number management
Refactors build-poetry to delegate configuration to config-poetry, mirroring the config-npm / build-npm split
Adds shellspec coverage for config-poetry/poetry_config.sh and updates build-poetry tests

Behavioral changes

build-poetry no longer fetches Artifactory reader credentials itself; that is handled by config-poetry
config-poetry can now be used standalone in workflows that need Poetry + Repox without a full build
POETRY_HTTP_BASIC_REPOX_USERNAME and POETRY_HTTP_BASIC_REPOX_PASSWORD are exported via GITHUB_ENV for downstream steps

Test plan

shellspec spec/config-poetry_spec.sh spec/build-poetry_spec.sh passes locally
CI shellspec workflow passes on the PR

Add a standalone config-poetry composite action that fetches Vault credentials, configures JFrog CLI and Poetry for Repox, caches Poetry dependencies, and sets BUILD_NUMBER. Refactor build-poetry to consume config-poetry the same way build-npm uses config-npm.

sonarqubecloud · 2026-06-11T14:13:55Z

Agentic Analysis: Early Results

Agentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action.

1 issue(s) found across 1 file(s):

Rule	File	Line	Message
`shelldre:S1192`	`spec/build-poetry_spec.sh`	422	Define a constant instead of using the literal 'Building project...' 4 times.

_{Analyzed by SonarQube Agentic Analysis in 3.3 s}

hashicorp-vault-sonar-prod · 2026-06-11T14:15:15Z

BUILD-8956

sonarqubecloud · 2026-06-11T14:15:51Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

gitar-bot · 2026-06-11T14:17:08Z

+    - name: Set local action paths
+      id: set-path
+      if: steps.config-poetry-completed.outputs.skip != 'true'
+      shell: bash
+      run: |
+        echo "::group::Fix for using local actions"
+        echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
+        echo "github.action_path=${{ github.action_path }}"
+        ACTION_PATH_CONFIG_POETRY="${{ github.action_path }}"
+        host_actions_root="${{ inputs.host-actions-root }}"
+        if [[ -z "$host_actions_root" ]]; then
+          host_actions_root="$(dirname "$ACTION_PATH_CONFIG_POETRY")"
+        else
+          ACTION_PATH_CONFIG_POETRY="$host_actions_root/config-poetry"
+        fi


⚠️ Bug: mise restore runs in wrong dir when working-directory != '.'

In config-poetry/action.yml, the mise.local.toml file and the MISE_BACKUP temp dir are created by the "Set local action paths" step (lines 47-77), which has NO working-directory, so they live in the GitHub workspace root. But the "Configure Poetry authentication" step (line 120) sets working-directory: ${{ inputs.working-directory }} and then runs the restore logic:

rm mise.local.toml mv "$MISE_BACKUP"/* ... ./ ...

When working-directory is not ., this runs inside the subdirectory:

rm mise.local.toml fails because the file is in the workspace root, not the subdir. GitHub Actions runs bash steps with -e, so the step fails and breaks the build.

Even if it didn't fail, the user's original mise files would be restored into the subdirectory (./) instead of the workspace root, leaving the root in an inconsistent state with config-poetry's mise.local.toml never removed.

Note this diverges from config-npm/action.yml, whose "Configure NPM authentication" step (line 101-114) does the same backup/restore but does NOT set working-directory, keeping creation and restore in the same (root) directory. build-poetry exposes a working-directory input and passes it through, so any consumer using a non-root working directory will hit this regression (previously build-poetry never rm'd the file).

Fix: keep working-directory only for the poetry_config.sh invocation (which needs the project dir) and perform the mise restore relative to the workspace root, or split the restore into a separate step without working-directory (matching config-npm).

Run poetry_config.sh in the working-directory, but restore mise files in the workspace root (no working-directory) and guard with always() so the backup is restored even if poetry_config.sh fails.:

- name: Configure Poetry authentication if: steps.config-poetry-completed.outputs.skip != 'true' shell: bash working-directory: ${{ inputs.working-directory }} env: ARTIFACTORY_URL: ${{ format('{0}/artifactory', inputs.repox-url) }} ARTIFACTORY_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USERNAME }} ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} ARTIFACTORY_PYPI_REPO: ${{ inputs.artifactory-pypi-repo }} run: $ACTION_PATH_CONFIG_POETRY/poetry_config.sh - name: Restore mise files if: always() && steps.config-poetry-completed.outputs.skip != 'true' shell: bash run: | echo "::group::Restore mise files" rm -f mise.local.toml mv "${{ steps.set-path.outputs.MISE_BACKUP }}"/* "${{ steps.set-path.outputs.MISE_BACKUP }}"/.* ./ 2>/dev/null || true rmdir "${{ steps.set-path.outputs.MISE_BACKUP }}" 2>/dev/null || true echo "::endgroup::"

Apply fix

_{Check the box to apply the fix or reply for a change | Was this helpful? React with 👍 / 👎}

gitar-bot · 2026-06-11T14:17:09Z

+        echo "::group::Backup mise files to configure Poetry without interference"
+        mise_backup=$(mktemp -d)
+        echo "MISE_BACKUP=$mise_backup" >> "$GITHUB_OUTPUT"
+        mv mise.* .mise.* mise/ .mise/ .tool-versions "$mise_backup/" 2>/dev/null || true
+        cp "$ACTION_PATH_CONFIG_POETRY/mise.local.toml" mise.local.toml
+        echo "::endgroup::"


💡 Bug: mise files not restored if a step fails before restore

In config-poetry/action.yml, the "Set local action paths" step moves the user's real mise files into a temp backup and substitutes config-poetry's mise.local.toml. The restore happens inside the "Configure Poetry authentication" step, which is NOT marked always() and only runs after several intermediate steps (get-build-number, cache, mise-action, vault). If any of those steps fails, the restore never runs: the user's mise files remain stranded in the temp directory and config-poetry's mise.local.toml is left in place. For standalone config-poetry usage, this leaves the checkout in an inconsistent state for any downstream steps. Consider performing the restore in a dedicated if: always() step (see the suggested fix for the working-directory finding, which also addresses this).

_{Was this helpful? React with 👍 / 👎}

gitar-bot · 2026-06-11T14:17:12Z

Code Review ⚠️ Changes requested 0 resolved / 2 findings

Extracts the Poetry configuration logic into a standalone action to improve modularity, but fails to correctly resolve the working directory for mise restores and lacks restore robustness during step failures.

⚠️

Bug: mise restore runs in wrong dir when working-directory != '.'

📄 config-poetry/action.yml:47-61 📄 config-poetry/action.yml:117-131

In config-poetry/action.yml, the mise.local.toml file and the MISE_BACKUP temp dir are created by the "Set local action paths" step (lines 47-77), which has NO working-directory, so they live in the GitHub workspace root. But the "Configure Poetry authentication" step (line 120) sets working-directory: ${{ inputs.working-directory }} and then runs the restore logic:

rm mise.local.toml
mv "$MISE_BACKUP"/* ... ./ ...

When working-directory is not ., this runs inside the subdirectory:

rm mise.local.toml fails because the file is in the workspace root, not the subdir. GitHub Actions runs bash steps with -e, so the step fails and breaks the build.
Even if it didn't fail, the user's original mise files would be restored into the subdirectory (./) instead of the workspace root, leaving the root in an inconsistent state with config-poetry's mise.local.toml never removed.

Note this diverges from config-npm/action.yml, whose "Configure NPM authentication" step (line 101-114) does the same backup/restore but does NOT set working-directory, keeping creation and restore in the same (root) directory. build-poetry exposes a working-directory input and passes it through, so any consumer using a non-root working directory will hit this regression (previously build-poetry never rm'd the file).

Fix: keep working-directory only for the poetry_config.sh invocation (which needs the project dir) and perform the mise restore relative to the workspace root, or split the restore into a separate step without working-directory (matching config-npm).

Run poetry_config.sh in the working-directory, but restore mise files in the workspace root (no working-directory) and guard with always() so the backup is restored even if poetry_config.sh fails.

- name: Configure Poetry authentication
  if: steps.config-poetry-completed.outputs.skip != 'true'
  shell: bash
  working-directory: ${{ inputs.working-directory }}
  env:
    ARTIFACTORY_URL: ${{ format('{0}/artifactory', inputs.repox-url) }}
    ARTIFACTORY_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USERNAME }}
    ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
    ARTIFACTORY_PYPI_REPO: ${{ inputs.artifactory-pypi-repo }}
  run: $ACTION_PATH_CONFIG_POETRY/poetry_config.sh

- name: Restore mise files
  if: always() && steps.config-poetry-completed.outputs.skip != 'true'
  shell: bash
  run: |
    echo "::group::Restore mise files"
    rm -f mise.local.toml
    mv "${{ steps.set-path.outputs.MISE_BACKUP }}"/* "${{ steps.set-path.outputs.MISE_BACKUP }}"/.* ./ 2>/dev/null || true
    rmdir "${{ steps.set-path.outputs.MISE_BACKUP }}" 2>/dev/null || true
    echo "::endgroup::"

💡 Bug: mise files not restored if a step fails before restore

📄 config-poetry/action.yml:72-77 📄 config-poetry/action.yml:117-131

In config-poetry/action.yml, the "Set local action paths" step moves the user's real mise files into a temp backup and substitutes config-poetry's mise.local.toml. The restore happens inside the "Configure Poetry authentication" step, which is NOT marked always() and only runs after several intermediate steps (get-build-number, cache, mise-action, vault). If any of those steps fails, the restore never runs: the user's mise files remain stranded in the temp directory and config-poetry's mise.local.toml is left in place. For standalone config-poetry usage, this leaves the checkout in an inconsistent state for any downstream steps. Consider performing the restore in a dedicated if: always() step (see the suggested fix for the working-directory finding, which also addresses this).

🤖 Prompt for agents

Code Review: Extracts the Poetry configuration logic into a standalone action to improve modularity, but fails to correctly resolve the working directory for mise restores and lacks restore robustness during step failures.

1. ⚠️ Bug: mise restore runs in wrong dir when working-directory != '.'
   Files: config-poetry/action.yml:47-61, config-poetry/action.yml:117-131

   In `config-poetry/action.yml`, the `mise.local.toml` file and the `MISE_BACKUP` temp dir are created by the "Set local action paths" step (lines 47-77), which has NO `working-directory`, so they live in the GitHub workspace root. But the "Configure Poetry authentication" step (line 120) sets `working-directory: ${{ inputs.working-directory }}` and then runs the restore logic:
   
   ```
   rm mise.local.toml
   mv "$MISE_BACKUP"/* ... ./ ...
   ```
   
   When `working-directory` is not `.`, this runs inside the subdirectory:
   - `rm mise.local.toml` fails because the file is in the workspace root, not the subdir. GitHub Actions runs bash steps with `-e`, so the step fails and breaks the build.
   - Even if it didn't fail, the user's original mise files would be restored into the subdirectory (`./`) instead of the workspace root, leaving the root in an inconsistent state with config-poetry's `mise.local.toml` never removed.
   
   Note this diverges from `config-npm/action.yml`, whose "Configure NPM authentication" step (line 101-114) does the same backup/restore but does NOT set `working-directory`, keeping creation and restore in the same (root) directory. `build-poetry` exposes a `working-directory` input and passes it through, so any consumer using a non-root working directory will hit this regression (previously build-poetry never rm'd the file).
   
   Fix: keep `working-directory` only for the `poetry_config.sh` invocation (which needs the project dir) and perform the mise restore relative to the workspace root, or split the restore into a separate step without `working-directory` (matching config-npm).

   Fix (Run poetry_config.sh in the working-directory, but restore mise files in the workspace root (no working-directory) and guard with always() so the backup is restored even if poetry_config.sh fails.):
   - name: Configure Poetry authentication
     if: steps.config-poetry-completed.outputs.skip != 'true'
     shell: bash
     working-directory: ${{ inputs.working-directory }}
     env:
       ARTIFACTORY_URL: ${{ format('{0}/artifactory', inputs.repox-url) }}
       ARTIFACTORY_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USERNAME }}
       ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
       ARTIFACTORY_PYPI_REPO: ${{ inputs.artifactory-pypi-repo }}
     run: $ACTION_PATH_CONFIG_POETRY/poetry_config.sh
   
   - name: Restore mise files
     if: always() && steps.config-poetry-completed.outputs.skip != 'true'
     shell: bash
     run: |
       echo "::group::Restore mise files"
       rm -f mise.local.toml
       mv "${{ steps.set-path.outputs.MISE_BACKUP }}"/* "${{ steps.set-path.outputs.MISE_BACKUP }}"/.* ./ 2>/dev/null || true
       rmdir "${{ steps.set-path.outputs.MISE_BACKUP }}" 2>/dev/null || true
       echo "::endgroup::"

2. 💡 Bug: mise files not restored if a step fails before restore
   Files: config-poetry/action.yml:72-77, config-poetry/action.yml:117-131

   In `config-poetry/action.yml`, the "Set local action paths" step moves the user's real mise files into a temp backup and substitutes config-poetry's `mise.local.toml`. The restore happens inside the "Configure Poetry authentication" step, which is NOT marked `always()` and only runs after several intermediate steps (get-build-number, cache, mise-action, vault). If any of those steps fails, the restore never runs: the user's mise files remain stranded in the temp directory and config-poetry's `mise.local.toml` is left in place. For standalone `config-poetry` usage, this leaves the checkout in an inconsistent state for any downstream steps. Consider performing the restore in a dedicated `if: always()` step (see the suggested fix for the working-directory finding, which also addresses this).

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.
Unblock → Override a blocking verdict and allow merging.

Comment with these commands to change:

`Auto-apply`	`Compact`	`Unblock`
`gitar auto-apply:on`	`gitar display:verbose`	`gitar unblock`

_{Was this helpful? React with 👍 / 👎 | Gitar}

Copilot

Pull request overview

This PR introduces a new config-poetry composite action to set up Poetry + Repox (JFrog) authentication, caching, and build-number management, and refactors build-poetry to delegate that setup to config-poetry (similar to the existing config-npm / build-npm split).

Changes:

Added config-poetry composite action and poetry_config.sh to configure JFrog + Poetry auth and export POETRY_HTTP_BASIC_REPOX_* via GITHUB_ENV.
Refactored build-poetry to stop configuring Repox for dependency install, and instead call config-poetry.
Added ShellSpec coverage for config-poetry/poetry_config.sh, updated build-poetry tests, and included config-poetry in kcov include patterns.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
`config-poetry/action.yml`	New composite action to configure build number, caching, and Poetry/JFrog auth.
`config-poetry/poetry_config.sh`	New script that configures JFrog CLI + Poetry auth and exports Repox basic-auth env vars.
`config-poetry/mise.local.toml`	Adds mise tool/env config for installing/configuring JFrog CLI for config-poetry.
`build-poetry/action.yml`	Delegates setup to `config-poetry` and adjusts outputs / vault usage accordingly.
`build-poetry/build.sh`	Removes in-script Repox dependency setup; installs dependencies via plain `poetry install`.
`spec/config-poetry_spec.sh`	New ShellSpec tests for `config-poetry/poetry_config.sh`.
`spec/build-poetry_spec.sh`	Updates expectations to reflect moved Repox configuration and renamed install function.
`README.md`	Documents the new `config-poetry` action and notes `build-poetry` now calls it.
`.shellspec`	Adds `config-poetry` to the kcov include pattern.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

+    - name: Cache local Poetry cache
+      uses: SonarSource/gh-action_cache@a7d13cdd1c9f097a5f8382ccec463be2831e3dbc # v1.6.0
+      if: steps.config-poetry-completed.outputs.skip != 'true' && inputs.disable-caching == 'false'
+      with:
+        path: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }}
+        key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
+        restore-keys: poetry-${{ runner.os }}-


julien-carsique-sonarsource · 2026-06-12T12:54:39Z

@@ -64,7 +64,7 @@ outputs:
    value: ${{ steps.build.outputs.project-version }}


Suggested change

value: ${{ steps.build.outputs.project-version }}

value: ${{ steps.config.outputs.project-version }}

?

If moving the set_project_version() function to the config action. See following related comment.

julien-carsique-sonarsource · 2026-06-12T12:59:33Z

  echo "::group::Install dependencies"
  echo "Installing dependencies..."
-  jfrog_poetry_install
+  poetry_install_dependencies


Suggested change

poetry_install_dependencies

poetry install

julien-carsique-sonarsource · 2026-06-12T13:00:02Z

+poetry_install_dependencies() {
  poetry install
 }


We can remove the function, it's empty.

Suggested change

poetry_install_dependencies() {

poetry install

}

julien-carsique-sonarsource · 2026-06-12T13:06:20Z

+    - name: Set Artifactory reader role
+      if: steps.config-poetry-completed.outputs.skip != 'true'
+      shell: bash
+      env:
+        ARTIFACTORY_READER_ROLE:
+          ${{ inputs.artifactory-reader-role != '' && inputs.artifactory-reader-role ||
+          (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }}
+      run: |
+        echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV"


No need for a separate step, this can be merged with the above set-path step, renamed setup. It also adds values to GITHUB_ENV.

julien-carsique-sonarsource · 2026-06-12T13:26:24Z

+      with:
+        path: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }}
+        key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
+        restore-keys: poetry-${{ runner.os }}-


The other config actions seem to have an improved cache key that includes the workflow name:

ci-github-actions/config-gradle/action.yml

Lines 193 to 207 in 136be4d

- name: Sanitize workflow name for cache key

id: sanitize_workflow

if: steps.config-gradle-completed.outputs.skip != 'true' && inputs.disable-caching == 'false'

shell: bash

env:

WORKFLOW_NAME: ${{ github.workflow }}

run: echo "workflow_name=${WORKFLOW_NAME// /-}" >> "$GITHUB_OUTPUT"

- name: Gradle Cache

uses: SonarSource/gh-action_cache@a7d13cdd1c9f097a5f8382ccec463be2831e3dbc # v1.6.0

if: steps.config-gradle-completed.outputs.skip != 'true' && inputs.disable-caching == 'false'

with:

path: ${{ inputs.cache-paths }}

key: gradle-${{ runner.os }}-${{ steps.sanitize_workflow.outputs.workflow_name }}-${{ env.GRADLE_CACHE_KEY }}

restore-keys: gradle-${{ runner.os }}-${{ steps.sanitize_workflow.outputs.workflow_name }}-

This looks like a debt in the Poetry action.
It will be a breaking change for the existing Poetry caches, but a also a fix to avoid cache collisions.

Either implement now, or consider as out of scope and create a ticket for this specific debt.

julien-carsique-sonarsource · 2026-06-12T13:36:30Z

+  jf config remove repox > /dev/null 2>&1 || true # Ignore inexistent configuration
+  jf config add repox --url "${ARTIFACTORY_URL%/artifactory*}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
+  jf config use repox
+  jf poetry-config --server-id-resolve repox --repo-resolve "$ARTIFACTORY_PYPI_REPO"


We may want to use --global option

julien-carsique-sonarsource · 2026-06-12T13:39:48Z

 set_project_version() {
  local current_version release_version digit_count

  if ! current_version=$(poetry version -s); then
    echo "::error title=Invalid project version::Could not get version from Poetry project ('poetry version -s')" >&2
    echo "$current_version" >&2
    return 1
  fi
  export CURRENT_VERSION=$current_version

  release_version=${current_version%".dev"*}
  # In case of 2 digits, we need to add a '0' as the 3rd digit.
  digit_count=$(echo "${release_version//./ }" | wc -w)
  if [[ "$digit_count" -lt 3 ]]; then
    release_version="$release_version.0"
  fi
  if [[ "$digit_count" -gt 3 && $release_version =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
    release_version="${BASH_REMATCH[0]}"
    echo "::warning title=Version truncated::Version was truncated to $release_version because it had more than 3 digits" >&2
  fi
  release_version="$release_version.${BUILD_NUMBER}"

  echo "Replacing version $current_version with $release_version"
  poetry version "$release_version"
  echo "project-version=$release_version" >> "$GITHUB_OUTPUT"
  echo "PROJECT_VERSION=$release_version" >> "$GITHUB_ENV"
  echo "PROJECT_VERSION=$release_version"
  export PROJECT_VERSION=$release_version
 }


This should also probably go to the config-poetry action. That's the reason for calling the get-build-number action.

hedinasr temporarily deployed to sca-checking June 11, 2026 14:13 — with GitHub Actions Inactive

gitar-bot Bot reviewed Jun 11, 2026

View reviewed changes

hedinasr mentioned this pull request Jun 11, 2026

BUILD-8956 Verify config-poetry action SonarSource/sonar-dummy-python-oss#110

Draft

3 tasks

hedinasr marked this pull request as ready for review June 12, 2026 12:47

hedinasr requested a review from a team as a code owner June 12, 2026 12:47

Copilot AI review requested due to automatic review settings June 12, 2026 12:47

Copilot started reviewing on behalf of hedinasr June 12, 2026 12:48 View session

Copilot AI reviewed Jun 12, 2026

View reviewed changes

julien-carsique-sonarsource approved these changes Jun 12, 2026

View reviewed changes

		@@ -64,7 +64,7 @@ outputs:
		value: ${{ steps.build.outputs.project-version }}

	value: ${{ steps.build.outputs.project-version }}
	value: ${{ steps.config.outputs.project-version }}

	- name: Sanitize workflow name for cache key
	id: sanitize_workflow
	if: steps.config-gradle-completed.outputs.skip != 'true' && inputs.disable-caching == 'false'
	shell: bash
	env:
	WORKFLOW_NAME: ${{ github.workflow }}
	run: echo "workflow_name=${WORKFLOW_NAME// /-}" >> "$GITHUB_OUTPUT"

	- name: Gradle Cache
	uses: SonarSource/gh-action_cache@a7d13cdd1c9f097a5f8382ccec463be2831e3dbc # v1.6.0
	if: steps.config-gradle-completed.outputs.skip != 'true' && inputs.disable-caching == 'false'
	with:
	path: ${{ inputs.cache-paths }}
	key: gradle-${{ runner.os }}-${{ steps.sanitize_workflow.outputs.workflow_name }}-${{ env.GRADLE_CACHE_KEY }}
	restore-keys: gradle-${{ runner.os }}-${{ steps.sanitize_workflow.outputs.workflow_name }}-

Conversation

hedinasr commented Jun 11, 2026

Summary

Behavioral changes

Test plan

Uh oh!

sonarqubecloud Bot commented Jun 11, 2026

Agentic Analysis: Early Results

Uh oh!

hashicorp-vault-sonar-prod Bot commented Jun 11, 2026 • edited by atlassian Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sonarqubecloud Bot commented Jun 11, 2026

Quality Gate passed

Uh oh!

gitar-bot Bot Jun 11, 2026

Choose a reason for hiding this comment

Uh oh!

gitar-bot Bot Jun 11, 2026

Choose a reason for hiding this comment

Uh oh!

gitar-bot Bot commented Jun 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

julien-carsique-sonarsource Jun 12, 2026

Choose a reason for hiding this comment

Uh oh!

julien-carsique-sonarsource Jun 12, 2026

Choose a reason for hiding this comment

Uh oh!

julien-carsique-sonarsource Jun 12, 2026

Choose a reason for hiding this comment

Uh oh!

julien-carsique-sonarsource Jun 12, 2026

Choose a reason for hiding this comment

Uh oh!

julien-carsique-sonarsource Jun 12, 2026

Choose a reason for hiding this comment

Uh oh!

julien-carsique-sonarsource Jun 12, 2026

Choose a reason for hiding this comment

Uh oh!

julien-carsique-sonarsource Jun 12, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

hashicorp-vault-sonar-prod Bot commented Jun 11, 2026 •

edited by atlassian Bot

Loading

gitar-bot Bot commented Jun 11, 2026 •

edited

Loading