SCANPY-197 setup shadow scans

Author: Wohops

.cirrus.yml

@@ -5,8 +5,6 @@ env:
   ARTIFACTORY_DEPLOY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
   ARTIFACTORY_DEPLOY_REPO: sonarsource-pypi-public-qa
   GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
-  SONAR_TOKEN: VAULT[development/kv/data/next data.token]
-  SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
   DEPLOY_PULL_REQUEST: 'true'
   POETRY_VIRTUALENVS_PATH: "~/.cache/poetry/venvs"
   POETRY_CACHE_DIR: "~/.cache/poetry/pypoetry"
@@ -158,25 +156,55 @@ documentation_task:
     - poetry run python tools/generate_cli_documentation.py
     - git diff --exit-code CLI_ARGS.md
 
-analysis_linux_task:
+analysis_base_linux_template: &ANALYSIS_BASE_LINUX_TEMPLATE
   <<: *LINUX_CONTAINER_DEFINITION
-  alias: analysis
-  name: "NEXT Analysis"
+  alias: analysis_base_setup
+  name: "Analysis Base Setup"
   <<: *POETRY_INSTALL
-  # For NEXT analysis we don't need to set the build versions, but we still need to access jfrog to recover the dependencies
-  analysis_script:
+  # For analysis we don't need to set the build versions, but we still need to access jfrog to recover the dependencies
+  setup_script:
     - poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
     - poetry run mypy src/ > mypy-report.txt || true # mypy exits with 1 if there are errors
     - uv venv
     - source .venv/bin/activate
     - uv pip install pysonar
-    - . .cirrus/analysis.sh
   always:
     pytest_artifacts:
       path: "coverage.xml"
       format: junit
       type: text/xml
 
+analysis_next_task:
+  <<: *ANALYSIS_BASE_LINUX_TEMPLATE
+  alias: sonar_analysis_next
+  name: "NEXT Analysis"
+  env:
+    SONAR_TOKEN: VAULT[development/kv/data/next data.token]
+    SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
+  # For NEXT analysis we don't need to set the build versions, but we still need to access jfrog to recover the dependencies
+  analysis_script:
+    - . .cirrus/analysis.sh
+
+analysis_SQC_EU_shadow_task:
+  <<: *ANALYSIS_BASE_LINUX_TEMPLATE
+  alias: sonar_analysis_shadow_sqc_eu
+  name: "SQC-EU Shadow Analysis"
+  env:
+    SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token]
+    SONAR_HOST_URL: https://sonarcloud.io
+  analysis_script:
+    - . .cirrus/analysis.sh
+
+analysis_SQC_US_shadow_task:
+  <<: *ANALYSIS_BASE_LINUX_TEMPLATE
+  alias: sonar_analysis_shadow_sqc_us
+  name: "SQC-US Shadow Analysis"
+  env:
+    SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token]
+    SONAR_HOST_URL: https://sonarqube.us
+  analysis_script:
+    - . .cirrus/analysis.sh
+
 qa_task:
   alias: qa
   matrix:
@@ -275,7 +303,9 @@ its_macos_task:
 promote_task:
   depends_on:
     - formatting
-    - analysis
+    - sonar_analysis_next
+    - sonar_analysis_shadow_sqc_eu
+    - sonar_analysis_shadow_sqc_us
     - qa
     - qa_windows
     - build

sonar-project.properties

@@ -1,5 +1,6 @@
 sonar.projectKey=SonarSource_sonar-scanner-python
 sonar.projectName=Python Scanner
+sonar.organization=sonarsource
 sonar.python.version=3.9,3.10,3.11,3.12,3.13
 sonar.python.coverage.reportPaths=coverage.xml
 sonar.python.mypy.reportPaths=mypy-report.txt