SonarSource · marc-jasper-sonarsource · Jan 8, 2026 · Jan 9, 2026 · Jan 9, 2026 · Jan 9, 2026
diff --git a/.github/actions/config-poetry/action.yml b/.github/actions/config-poetry/action.yml
@@ -37,11 +37,13 @@ runs:
     - uses: SonarSource/ci-github-actions/get-build-number@v1
       id: get_build_number
     - name: Cache local Poetry cache
-      uses: SonarSource/ci-github-actions/cache@v1
+      uses: SonarSource/gh-action_cache@v1
       with:
         path: ${{ inputs.poetry-cache-dir }}
-        key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
-        restore-keys: poetry-${{ runner.os }}-
+        key: poetry-${{ runner.os }}-${{ inputs.python-version }}-${{ hashFiles('poetry.lock') }}
+        restore-keys: |
+          poetry-${{ runner.os }}-${{ inputs.python-version }}-
+          poetry-${{ runner.os }}-
 
       # python needs to be installed before jfrog and poetry
       # (see https://xtranet-sonarsource.atlassian.net/wiki/spaces/Platform/pages/4344217683/Mise+Poetry+Install+-+GitHub)

diff --git a/.github/workflows/MacOsNightly.yml b/.github/workflows/MacOsNightly.yml
@@ -0,0 +1,108 @@
+name: macOS Nightly Build
+
+on:
+  schedule:
+    # Run at 3:00 AM UTC every day (5:00 AM CEST / 4:00 AM CET)
+    - cron: "0 3 * * *"
+  workflow_dispatch:
+    inputs:
+      skip_its:
+        description: "Skip integration tests"
+        required: false
+        default: false
+        type: boolean
+
+# Only allow one instance of this workflow to run at a time
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  qa-macos:
+    name: "Test macOS Python ${{ matrix.python-version }}"
+    runs-on: macos-latest-xlarge
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.9.18", "3.10.13", "3.11.7", "3.12.1", "3.13.2"]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Setup Cloudflare WARP
+        uses: SonarSource/gh-action_setup-cloudflare-warp@v1
+
+      - name: Configure poetry
+        uses: ./.github/actions/config-poetry
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Execute the test suite
+        run: poetry run pytest tests/
+
+  its-macos:
+    name: "macOS Integration Tests"
+    runs-on: macos-latest-xlarge
+    if: ${{ !inputs.skip_its }}
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      SONARQUBE_VERSION: 25.3.0.104237
+      SKIP_DOCKER: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Setup Cloudflare WARP
+        uses: SonarSource/gh-action_setup-cloudflare-warp@v1
+
+      - name: Cache SonarQube
+        uses: SonarSource/gh-action_cache@v1
+        id: sonarqube-cache
+        with:
+          path: sonarqube_cache/
+          key: sonarqube-macos-${{ env.SONARQUBE_VERSION }}
+          restore-keys: sonarqube-macos-
+
+      - name: Download SonarQube
+        if: ${{ !steps.sonarqube-cache.outputs.cache-hit }}
+        run: |
+          mkdir -p sonarqube_cache
+          if [ ! -f sonarqube_cache/sonarqube.zip ]; then
+            wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONARQUBE_VERSION.zip -O sonarqube_cache/sonarqube.zip
+          fi
+
+      - name: Configure poetry
+        uses: ./.github/actions/config-poetry
+
+      - name: Execute the integration tests
+        run: ./.github/scripts/run_its.sh
+
+  notify-on-failure:
+    name: "Notify on Failure"
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    needs: [qa-macos, its-macos]
+    if: failure() && github.event_name == 'schedule'
+    steps:
+      - name: Write failure summary
+        run: |
+          echo "## macOS Nightly Build Failed" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "The scheduled macOS nightly build has failed." >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Workflow Run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_STEP_SUMMARY
+
+      - name: Send Slack notification
+        uses: SonarSource/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          slackChannel: squad-python-notifs
+
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -174,16 +174,17 @@ jobs:
       contents: write
     env:
       SONARQUBE_VERSION: 25.3.0.104237
+      SKIP_DOCKER: true
     steps:
       - name: Checkout repository
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: Cache SonarQube
-        uses: SonarSource/ci-github-actions/cache@v1
+        uses: SonarSource/gh-action_cache@v1
         id: sonarqube-cache
         with:
           path: sonarqube_cache/
-          key: sonarqube-25.3.0.104237
-          restore-keys: cache-${{ runner.os }}-
+          key: sonarqube-${{ env.SONARQUBE_VERSION }}
+          restore-keys: sonarqube-
       - name: Download SonarQube
         if: ${{ !steps.sonarqube-cache.outputs.cache-hit }}
         run: |

diff --git a/tests/its/conftest.py b/tests/its/conftest.py
@@ -38,7 +38,7 @@ def check_health(sonarqube_client: SonarQubeClient) -> bool:
         return False
 
 
-if "CIRRUS_OS" in os.environ:
+if "SKIP_DOCKER" in os.environ:
     from time import sleep
 
     @pytest.fixture(scope="session")