SQSCANGHA-144 Add gate jobs to QA workflows for branch protection

Add a non-matrix gate job to qa-main, qa-deprecated-c-cpp, and qa-install-build-wrapper workflows. Each gate job depends on all other jobs in its workflow and provides a single stable check context that can be used in GitHub branch protection required status checks. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-05 09:00:31 +03:00 · 2026-06-02 18:30:25 +02:00
parent 7006c4492b
commit 9c783232fe
3 changed files with 65 additions and 0 deletions
@@ -88,3 +88,17 @@ jobs:
          BINARY: ${{ steps.run-action.outputs.build-wrapper-binary }}
        run: |
          ("$BINARY" || true) | grep "build-wrapper, version "
+
+  qa-gate:
+    name: QA Deprecated C and C++ - gate
+    runs-on: ubuntu-latest
+    needs: [output-test]
+    if: always()
+    steps:
+      - name: Check all jobs passed
+        run: |
+          if [[ "${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
+            echo "One or more required jobs failed or were cancelled."
+            exit 1
+          fi
+          echo "All checks passed."
@@ -70,3 +70,17 @@ jobs:
          BINARY: ${{ steps.run-action.outputs.build-wrapper-binary }}
        run: |
          ("$BINARY" || true) | grep "build-wrapper, version "
+
+  qa-gate:
+    name: QA Install Build Wrapper - gate
+    runs-on: ubuntu-latest
+    needs: [output-test]
+    if: always()
+    steps:
+      - name: Check all jobs passed
+        run: |
+          if [[ "${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
+            echo "One or more required jobs failed or were cancelled."
+            exit 1
+          fi
+          echo "All checks passed."
@@ -827,3 +827,40 @@ jobs:
        run: |
          echo "Action with invalid scannerVersion should have failed but succeeded"
          exit 1
+
+  qa-gate:
+    name: QA Main - gate
+    runs-on: ubuntu-latest
+    needs:
+      - noInputsTest
+      - argsInputTest
+      - argsInputInjectionTest
+      - backtickCommandInjectionTest
+      - dollarSymbolCommandInjectionTest
+      - otherCommandInjectionVariantsTest
+      - projectBaseDirInputTest
+      - scannerVersionTest
+      - scannerBinariesUrlTest
+      - scannerBinariesUrlIsEscapedWithWget
+      - scannerBinariesUrlIsEscapedWithCurl
+      - dontFailGradleTest
+      - dontFailGradleKotlinTest
+      - dontFailMavenTest
+      - runAnalysisTest
+      - runnerDebugUsedTest
+      - runAnalysisWithCacheTest
+      - overrideSonarcloudUrlTest
+      - curlPerformsRedirect
+      - useSslCertificate
+      - analysisWithSslCertificate
+      - updateTruststoreWhenPresent
+      - scannerVersionValidationTest
+    if: always()
+    steps:
+      - name: Check all jobs passed
+        run: |
+          if [[ "${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
+            echo "One or more required jobs failed or were cancelled."
+            exit 1
+          fi
+          echo "All checks passed."