BUILD-10864: Migrate docker-a3s workflows to sonar-m-docker

hedinasr · hedinasr · commit 546fd7db58af · 2026-04-01T12:23:32.000+02:00
- Replace github-ubuntu-latest-m runner with sonar-m-docker
- Add config-npm@v1 action for Repox npm registry (self-hosted runners
  block direct npmjs access)
- Remove manual "Configure npm registry" step and ARTIFACTORY_ACCESS_TOKEN
  vault secret (now handled by config-npm@v1)
diff --git a/.github/workflows/docker-a3s-repox.yml b/.github/workflows/docker-a3s-repox.yml
@@ -19,7 +19,7 @@ concurrency:
 
 jobs:
   get_build_number:
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-m-docker
     name: Get build number
     permissions:
       id-token: write
@@ -32,7 +32,7 @@ jobs:
 
   build_and_publish:
     name: Build and publish Docker image
-    runs-on: github-ubuntu-latest-m
+    runs-on: sonar-m-docker
     needs: get_build_number
     permissions:
       id-token: write
@@ -52,21 +52,17 @@ jobs:
             [tools]
             node = "24.11.0"
 
+      - uses: SonarSource/ci-github-actions/config-npm@v1
+
       - name: Access vault secrets
         id: secrets
         uses: SonarSource/vault-action-wrapper@v3
         with:
           secrets: |
-            development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
             development/artifactory/token/{REPO_OWNER_NAME_DASH}-qa-deployer access_token | ARTIFACTORY_DEPLOY_PASSWORD;
             development/artifactory/token/{REPO_OWNER_NAME_DASH}-qa-deployer username | ARTIFACTORY_DEPLOY_USERNAME;
             development/github/token/{REPO_OWNER_NAME_DASH}-rspec token | RSPEC_GITHUB_TOKEN;
 
-      - name: Configure npm registry
-        run: |
-          npm config set //repox.jfrog.io/artifactory/api/npm/:_authToken=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
-          npm config set registry https://repox.jfrog.io/artifactory/api/npm/npm/
-
       - name: Install NPM dependencies
         run: npm ci
 
diff --git a/.github/workflows/docker-a3s.yml b/.github/workflows/docker-a3s.yml
@@ -19,7 +19,7 @@ on:
 
 jobs:
   get_build_number:
-    runs-on: github-ubuntu-latest-s
+    runs-on: sonar-m-docker
     name: Get build number
     permissions:
       id-token: write
@@ -32,7 +32,7 @@ jobs:
 
   build_and_publish:
     name: Build and publish Docker image
-    runs-on: github-ubuntu-latest-m
+    runs-on: sonar-m-docker
     needs: get_build_number
     environment: ${{ inputs.environment == 'Prod' && 'Prod' || 'Dev5' }}
     permissions:
@@ -53,19 +53,15 @@ jobs:
             [tools]
             node = "24.11.0"
 
+      - uses: SonarSource/ci-github-actions/config-npm@v1
+
       - name: Access vault secrets
         id: secrets
         uses: SonarSource/vault-action-wrapper@v3
         with:
           secrets: |
-            development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
             development/github/token/{REPO_OWNER_NAME_DASH}-rspec token | RSPEC_GITHUB_TOKEN;
 
-      - name: Configure npm registry
-        run: |
-          npm config set //repox.jfrog.io/artifactory/api/npm/:_authToken=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
-          npm config set registry https://repox.jfrog.io/artifactory/api/npm/npm/
-
       - name: Install NPM dependencies
         run: npm ci
 
