Update sonar analysis workflow and Slack webhook

[rajapandi1234]

Summary by CodeRabbit

• Chores
  • Updated internal CI/CD workflow configuration and webhook references to improve deployment processes.

[coderabbitai]

Walkthrough

GitHub Actions workflow configuration updated to use a different upstream workflow variant (maven-sonar-analysis.yml@dsd9685 instead of maven-sonar-analysis-new.yml@develop) and change Slack webhook secret references from SLACK_WEBHOOK to SLACK_WEBHOOK_INJI_TEAM across multiple jobs.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Configuration .github/workflows/push-trigger.yml	Updated workflow reference and Slack webhook secret name in multiple jobs (+4/-4 lines).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A workflow hops to a new design,
Secrets renamed in Slack's great shrine,
Configuration cleaned with care,
Pipeline bounces through the air! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: updating the sonar analysis workflow reference and Slack webhook secret in the CI/CD configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/push-trigger.yml (1)

52-65: ⚠️ Potential issue | 🟡 Minor

Incomplete migration — two sonar jobs still reference the old workflow and secret.

sonar_analysis_mosip-identity-certify-plugin (Line 96) and sonar_analysis_mock-certify-plugin (Line 137) still use maven-sonar-analysis-new.yml@develop and SLACK_WEBHOOK, while the two updated jobs now diverge to maven-sonar-analysis.yml@dsd9685 and SLACK_WEBHOOK_INJI_TEAM. Unless the intent is deliberately asymmetric, these two jobs should receive the same update.

🔧 Proposed fix for the two skipped jobs

  sonar_analysis_mosip-identity-certify-plugin:
    needs: build-maven-mosip-identity-certify-plugin
    if: "${{  github.event_name != 'pull_request' }}"
-   uses: mosip/kattu/.github/workflows/maven-sonar-analysis-new.yml@develop
+   uses: mosip/kattu/.github/workflows/maven-sonar-analysis.yml@dsd9685
    with:
      SERVICE_LOCATION: mosip-identity-certify-plugin
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      ORG_KEY: ${{ secrets.ORG_KEY }}
      OSSRH_USER: ${{ secrets.OSSRH_USER }}
      OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }}
      OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
      GPG_SECRET: ${{ secrets.GPG_SECRET }}
-     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_INJI_TEAM }}

  sonar_analysis_mock-certify-plugin:
    needs: build-maven-mock-certify-plugin
    if: "${{  github.event_name != 'pull_request' }}"
-   uses: mosip/kattu/.github/workflows/maven-sonar-analysis-new.yml@develop
+   uses: mosip/kattu/.github/workflows/maven-sonar-analysis.yml@dsd9685
    with:
      SERVICE_LOCATION: mock-certify-plugin
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      ORG_KEY: ${{ secrets.ORG_KEY }}
      OSSRH_USER: ${{ secrets.OSSRH_USER }}
      OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }}
      OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
      GPG_SECRET: ${{ secrets.GPG_SECRET }}
-     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_INJI_TEAM }}

Also applies to: 175-188

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/push-trigger.yml around lines 52 - 65, Two sonar jobs
(sonar_analysis_mosip-identity-certify-plugin and
sonar_analysis_mock-certify-plugin) still reference the old workflow and secret;
update their uses from maven-sonar-analysis-new.yml@develop to
mosip/kattu/.github/workflows/maven-sonar-analysis.yml@dsd9685 and replace
SLACK_WEBHOOK with SLACK_WEBHOOK_INJI_TEAM in their secrets blocks (also apply
the same replacement for the other occurrence around the later block
referenced), ensuring all sonar_analysis jobs consistently use the same workflow
and Slack secret.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/workflows/push-trigger.yml:
- Around line 52-65: Two sonar jobs
(sonar_analysis_mosip-identity-certify-plugin and
sonar_analysis_mock-certify-plugin) still reference the old workflow and secret;
update their uses from maven-sonar-analysis-new.yml@develop to
mosip/kattu/.github/workflows/maven-sonar-analysis.yml@dsd9685 and replace
SLACK_WEBHOOK with SLACK_WEBHOOK_INJI_TEAM in their secrets blocks (also apply
the same replacement for the other occurrence around the later block
referenced), ensuring all sonar_analysis jobs consistently use the same workflow
and Slack secret.