Problem
The integration-tests-cleanup job in pipeline.yml has two issues that cause sonar-* resource groups to leak:
-
Missing dependency: The job specifies needs: [integration-tests] but does not include sonarqube-scan. This means it runs (and potentially completes) before the SonarQube scan finishes — it can't clean up groups that are still in use.
-
Prefix mismatch: The cleanup script filters by prefix itest-<run_id>-<attempt>, which only matches groups created by the Integration Tests job. The SonarQube scan creates groups with prefix sonar-<run_id>-<attempt> (set in .github/actions/scan-with-sonar/action.yml) which are never cleaned up.
Fix
integration-tests-cleanup:
needs: [integration-tests, sonarqube-scan]
if: always()
And update the cleanup script to delete both prefixes:
const prefixes = [
'itest-' + runId + '-' + attempt,
'sonar-' + runId + '-' + attempt
];
const toDelete = groups.filter(rg =>
rg.resourceGroupId && prefixes.some(p => rg.resourceGroupId.startsWith(p))
);
Impact
Each CI run leaks 1 sonar-* resource group that is never cleaned up, accumulating toward the 50-group hard quota on the AI Core instance.
Problem
The
integration-tests-cleanupjob inpipeline.ymlhas two issues that causesonar-*resource groups to leak:Missing dependency: The job specifies
needs: [integration-tests]but does not includesonarqube-scan. This means it runs (and potentially completes) before the SonarQube scan finishes — it can't clean up groups that are still in use.Prefix mismatch: The cleanup script filters by prefix
itest-<run_id>-<attempt>, which only matches groups created by the Integration Tests job. The SonarQube scan creates groups with prefixsonar-<run_id>-<attempt>(set in.github/actions/scan-with-sonar/action.yml) which are never cleaned up.Fix
And update the cleanup script to delete both prefixes:
Impact
Each CI run leaks 1
sonar-*resource group that is never cleaned up, accumulating toward the 50-group hard quota on the AI Core instance.