From 0639604e914cdb836166ffd3ee2e1eaf491365f7 Mon Sep 17 00:00:00 2001
From: Sebastian Zumbrunn <sebastian.zumbrunn@sonarsource.com>
Date: Tue, 3 Feb 2026 09:42:05 +0100
Subject: [PATCH 1/6] test

---
 .github/workflows/build.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 07254e4c45..0e35d803ab 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,9 +6,10 @@ on:
       - branch-*
       - dogfood-*
   workflow_dispatch:
+  pull_request:
   schedule:
     # Nightly build at 2 AM UTC for shadow analysis
-    - cron: '0 2 * * *' 
+    - cron: '0 2 * * *'
 
 env:
   PYTHON_VERSION: 3.9.5
@@ -76,3 +77,5 @@ jobs:
           SONAR_TOKEN: ${{ fromJson(steps.secrets.outputs.vault).SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ matrix.sonar_host_url }}
           SONAR_PROJECT_KEY: ${{ matrix.sonar_project_key }}
+
+           
\ No newline at end of file

From b2a102c32a254233dc6252c6516c59161351ca41 Mon Sep 17 00:00:00 2001
From: Sebastian Zumbrunn <sebastian.zumbrunn@sonarsource.com>
Date: Tue, 3 Feb 2026 09:45:55 +0100
Subject: [PATCH 2/6] Migrate to common analysis action

---
 .github/workflows/build.yml | 34 ++++++++++------------------------
 1 file changed, 10 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0e35d803ab..8b54a80025 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -31,20 +31,14 @@ jobs:
       matrix:
         include:
           - name: "Analysis on SonarQube NEXT"
-            sonar_token_path: "development/kv/data/next"
-            sonar_host_url: "https://next.sonarqube.com/sonarqube"
-            sonar_project_key: "org.sonarsource.python:python"
-            run_condition: "always"
+            sonarqube-instance: "next"
+            sonar-project-key: "org.sonarsource.python:python"
           - name: "Analysis on Sonarcloud.io"
-            sonar_token_path: "development/kv/data/sonarcloud"
-            sonar_host_url: "https://sonarcloud.io"
-            sonar_project_key: "SonarSource_sonar-python"
-            run_condition: "nightly"
+            sonarqube-instance: "sqc-eu"
+            sonar-project-key: "SonarSource_sonar-python"
           - name: "Analysis on SonarQube.us"
-            sonar_token_path: "development/kv/data/sonarqube-us"
-            sonar_host_url: "https://sonarqube.us"
-            sonar_project_key: "SonarSource_sonar-python"
-            run_condition: "nightly"
+            sonarqube-instance: "sqc-us"
+            sonar-project-key: "SonarSource_sonar-python"
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
@@ -55,13 +49,6 @@ jobs:
           git sparse-checkout set stubs/sklearn
           git checkout
 
-      - name: Get sonar token
-        id: secrets
-        uses: SonarSource/vault-action-wrapper@v3
-        with:
-          secrets: |
-            ${{ matrix.sonar_token_path }} token | SONAR_TOKEN;
-
       - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
         with:
           version: 2025.12.12
@@ -72,10 +59,9 @@ jobs:
         run: rm -rf private
 
       - name: Analyze
-        run: bash ./.cirrus/analyze.sh
-        env:
-          SONAR_TOKEN: ${{ fromJson(steps.secrets.outputs.vault).SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ matrix.sonar_host_url }}
-          SONAR_PROJECT_KEY: ${{ matrix.sonar_project_key }}
+        uses: ./.github-commons/actions/analyze
+        with:
+          sonarqube-instance: ${{ matrix.sonarqube-instance }}
+          sonar-project-key: ${{ matrix.sonar-project-key }}
 
            
\ No newline at end of file

From b9a5fd3aa8d69a08fbc3f45625b6b515c877beee Mon Sep 17 00:00:00 2001
From: Sebastian Zumbrunn <sebastian.zumbrunn@sonarsource.com>
Date: Tue, 3 Feb 2026 11:49:13 +0100
Subject: [PATCH 3/6] disable mise caching

---
 .github/workflows/build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8b54a80025..b1354f8d6a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -52,6 +52,7 @@ jobs:
       - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
         with:
           version: 2025.12.12
+          cache: false
         env:
           MISE_ENV: test-and-analyze
 

From 9c0be3493dc2b964559dcfe556251e049795fc9e Mon Sep 17 00:00:00 2001
From: joke1196 <david.kunzmann@sonarsource.com>
Date: Mon, 23 Feb 2026 09:31:46 +0100
Subject: [PATCH 4/6] Test with cache and different cache key

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b1354f8d6a..167aa73877 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -52,7 +52,7 @@ jobs:
       - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
         with:
           version: 2025.12.12
-          cache: false
+          cache_key: "sonar-python-mise-cache"
         env:
           MISE_ENV: test-and-analyze
 
@@ -65,4 +65,4 @@ jobs:
           sonarqube-instance: ${{ matrix.sonarqube-instance }}
           sonar-project-key: ${{ matrix.sonar-project-key }}
 
-           
\ No newline at end of file
+           

From ed1df73a16398a4351f6c62e22e903b97f55c0b9 Mon Sep 17 00:00:00 2001
From: joke1196 <david.kunzmann@sonarsource.com>
Date: Mon, 23 Feb 2026 09:42:35 +0100
Subject: [PATCH 5/6] Disabling cache for maven

---
 .github/workflows/build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 167aa73877..0723b8443d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -64,5 +64,6 @@ jobs:
         with:
           sonarqube-instance: ${{ matrix.sonarqube-instance }}
           sonar-project-key: ${{ matrix.sonar-project-key }}
+          disable-caching: true
 
            

From 387cd77d36276d6f9fba60c3d29e619f0f66f08e Mon Sep 17 00:00:00 2001
From: joke1196 <david.kunzmann@sonarsource.com>
Date: Mon, 23 Feb 2026 09:48:20 +0100
Subject: [PATCH 6/6] Removed all caching

---
 .github-commons/actions/analyze/action.yml | 5 +++++
 .github/workflows/build.yml                | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github-commons/actions/analyze/action.yml b/.github-commons/actions/analyze/action.yml
index 658cd83129..f7da7dce66 100644
--- a/.github-commons/actions/analyze/action.yml
+++ b/.github-commons/actions/analyze/action.yml
@@ -7,6 +7,10 @@ inputs:
   sonar-project-key:
     description: 'SonarQube project key'
     required: true
+  disable-caching:
+    description: 'Disable caching'
+    required: false
+    default: 'false'
 
 runs:
   using: 'composite'
@@ -20,3 +24,4 @@ runs:
         deploy: false
         sonar-platform: ${{ inputs.sonarqube-instance }}
         scanner-java-opts: '-Xmx1G'
+        disable-caching: ${{ inputs.disable-caching }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0723b8443d..9ecc596afa 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -52,7 +52,7 @@ jobs:
       - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1
         with:
           version: 2025.12.12
-          cache_key: "sonar-python-mise-cache"
+          cache: false
         env:
           MISE_ENV: test-and-analyze