SonarSource · leonardo-pilastri-sonarsource · Feb 23, 2026 · Feb 25, 2026 · Mar 5, 2026 · Mar 6, 2026
diff --git a/.github/workflows/PrepareNextIteration.yml b/.github/workflows/PrepareNextIteration.yml
@@ -3,8 +3,8 @@ name: Prepare Next Development Iteration
 on:
   workflow_dispatch:
     inputs:
-      nextVersion:
-        description: Version number of the next iteration
+      version:
+        description: The new version (without -SNAPSHOT)
         required: true
 
 jobs:
@@ -20,15 +20,30 @@ jobs:
       - name: Checkout Sources
         uses: actions/checkout@v4
 
-      - name: Update Version Number
+      - name: Normalize Version
+        id: version
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NEXT_VERSION: ${{ inputs.nextVersion }}
+          VERSION: ${{ inputs.version }}
+        run: |
+          if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+$ ]]; then
+            VERSION="${VERSION}.0"
+          fi
+          echo "full-version=${VERSION}-SNAPSHOT" >> $GITHUB_OUTPUT
+
+      - name: Update Version Number
+        run: |
+          mvn versions:set -DgenerateBackupPoms=false -DnewVersion="${{ steps.version.outputs.full-version }}"
+
+      - name: Create Pull Request
+        uses: SonarSource/release-github-actions/create-pull-request@v1
+        id: create-pr
+        with:
+          commit-message: "Prepare next development iteration ${{ steps.version.outputs.full-version }}"
+          title: "Prepare next development iteration ${{ steps.version.outputs.full-version }}"
+          branch: gh-action/next-iteration
+          branch-suffix: timestamp
+
+      - name: Summary
         run: |
-          git config user.name "${GITHUB_ACTOR}"
-          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git checkout -b gh-action/next-iteration
-          mvn versions:set -DgenerateBackupPoms=false -DnewVersion="${NEXT_VERSION}"
-          git commit -m 'Prepare next development iteration' -a
-          git push --set-upstream origin gh-action/next-iteration
-          gh pr create -B master --title 'Prepare next development iteration' --body ''
+          echo "Generated ${{steps.create-pr.outputs.pull-request-url}}." >> $GITHUB_STEP_SUMMARY
+          echo "New version set to ${{ steps.version.outputs.full-version }}." >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/UpdateRuleMetadata.yml b/.github/workflows/UpdateRuleMetadata.yml
@@ -2,54 +2,27 @@ name: Update Rule Metadata
 
 on: workflow_dispatch
 
-env:
-  PR_BRANCH_NAME: gh-action/update-rule-metadata
-
 jobs:
-  UpdateRuleMetadata_job:
-    name: Update Rule Metadata
+  rule-metadata-update:
     runs-on: github-ubuntu-latest-s
     permissions:
-      pull-requests: write
-      contents: write
       id-token: write
-
+      contents: write
+      pull-requests: write
     steps:
-
-      - name: Checkout Sources
-        uses: actions/checkout@v4
-
-      - name: Setup JFrog
-        uses: SonarSource/jfrog-setup-wrapper@v3
+      - name: Update Rule Metadata
+        id: update-rule-metadata
+        uses: SonarSource/release-github-actions/update-rule-metadata@v1
         with:
-          artifactoryRoleSuffix: private-reader
-
-      - name: Setup Rule API
-        run: |
-          jfrog rt curl -sLf "sonarsource-private-releases/com/sonarsource/rule-api/rule-api/%5BRELEASE%5D/rule-api-%5BRELEASE%5D.jar" -o rule-api.jar
-          echo "Latest com.sonarsource.rule-api:rule-api release:"
-          jar xf rule-api.jar META-INF/MANIFEST.MF
-          grep 'Implementation-Version' META-INF/MANIFEST.MF
-        working-directory: /tmp
-
-      - name: Setup Java
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
-      - name: Update Files
-        run: |
-          java -jar "/tmp/rule-api.jar" update
-          sed --in-place='' -e 's/rule:java:S3649/rule:javasecurity:S3649/g' 'sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2077.html'
+          labels: ''
+          rspec-token-suffix: 'rspec'
+          post-update: |
+            sed --in-place='' -e 's/rule:java:S3649/rule:javasecurity:S3649/g' 'sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2077.html'
 
-      - name: Create PR
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Check Rule Metadata Changes
         run: |
-          git config user.name "${GITHUB_ACTOR}"
-          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git checkout -b "${{ env.PR_BRANCH_NAME }}"
-          git commit -m 'Update rule metadata' -a
-          git push --set-upstream origin "${{ env.PR_BRANCH_NAME }}"
-          gh pr create -B master --title 'Update rule metadata' --body ''
+          if [ "${{ steps.update-rule-metadata.outputs.has-changes }}" == "true" ]; then
+            echo "::notice title=Rule Metadata Changes::Changes detected and PR created: ${{ steps.update-rule-metadata.outputs.pull-request-url }}"
+          else
+            echo "::notice title=Rule Metadata Status::No changes to the rules metadata were detected"
+          fi
diff --git a/.github/workflows/automated-release.yml b/.github/workflows/automated-release.yml
@@ -0,0 +1,78 @@
+name: Automated Release
+on:
+  workflow_dispatch:
+    inputs:
+      short-description:
+        description: "Short description for the REL ticket"
+        required: true
+        type: string
+      branch:
+        description: "Branch from which to do the release"
+        required: true
+        default: "master"
+        type: string
+      new-version:
+        description: "New version to release (without -SNAPSHOT; if left empty, the current minor version will be auto-incremented)"
+        required: false
+        type: string
+      verbose:
+        description: "Enable verbose logging"
+        type: boolean
+        default: false
+      dry-run:
+        description: "Test mode: uses Jira sandbox and creates draft GitHub release"
+        type: boolean
+        default: true
+      ide-integration:
+        description: "Integrate into IDE"
+        type: boolean
+        default: true
+      sqc-integration:
+        description: "Integrate into SQC"
+        type: boolean
+        default: true
+      sqs-integration:
+        description: "Integrate into SQS"
+        type: boolean
+        default: true
+      bump-version:
+        description: "Create PR to bump the next iteration version"
+        type: boolean
+        default: true
+
+jobs:
+  release:
+    name: Release
+    uses: SonarSource/release-github-actions/.github/workflows/automated-release.yml@v1
+    permissions:
+      statuses: read
+      id-token: write
+      contents: write
+      actions: write
+      pull-requests: write
+    with:
+      project-name: "SonarJava"
+      plugin-name: "java"
+      # Artifacts are matched exactly, so this will prevent updating javascript.
+      plugin-artifacts-sqs: "java"
+      plugin-artifacts-sqc: "java"
+      jira-project-key: "SONARJAVA"
+      runner-environment: "github-ubuntu-latest-s"
+      rule-props-changed: false
+      short-description: ${{ github.event.inputs.short-description }}
+      new-version: ${{ github.event.inputs.new-version }}
+      sqc-integration: ${{ github.event.inputs.sqc-integration == 'true' }}
+      sqs-integration: ${{ github.event.inputs.sqs-integration == 'true' }}
+      create-sle-ticket: ${{ github.event.inputs.ide-integration == 'true' }}
+      create-sli-ticket: ${{ github.event.inputs.ide-integration == 'true' }}
+      create-slvscode-ticket: ${{ github.event.inputs.ide-integration == 'true' }}
+      branch: ${{ github.event.inputs.branch }}
+      pm-email: "jean.jimbo@sonarsource.com"
+      slack-channel: "squad-jvm-releases"
+      verbose: ${{ github.event.inputs.verbose == 'true' }}
+      use-jira-sandbox: ${{ github.event.inputs.dry-run == 'true' }}
+      is-draft-release: ${{ github.event.inputs.dry-run == 'true' }}
+      issue-categories: "Feature,False Positive,False Negative,Bug,Security,Maintenance"
+      bump-version: ${{ github.event.inputs.bump-version == 'true' }}
+      bump-version-normalize: true
+      bump-version-tool: maven
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -6,6 +6,20 @@ on:
   release:
     types:
       - published
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        description: Version
+        required: true
+      releaseId:
+        type: string
+        description: Release ID
+        required: true
+      dryRun:
+        type: boolean
+        description: Flag to enable the dry-run execution
+        default: false
 
 jobs:
   release:
@@ -16,4 +30,8 @@ jobs:
     with:
       publishToBinaries: true
       mavenCentralSync: true
-      slackChannel: squad-jvm-notifs
+      slackChannel: squad-jvm-releases
+      # We do not have any inputs if this workflow is triggered by a release event, hence we have to use a fallback for all inputs
+      version: ${{ inputs.version || github.event.release.tag_name }}
+      releaseId: ${{ inputs.releaseId || github.event.release.id }}
+      dryRun: ${{ inputs.dryRun == true }}
diff --git a/.github/workflows/slack_notify.yml b/.github/workflows/slack_notify.yml