Add shadow scan github workflow

Author: johann-beleites-sonarsource

.github/workflows/shadow_scans.yml

@@ -0,0 +1,41 @@
+name: Shadow scans
+on:
+  schedule:
+    # Run the workflow every day at 04:00 UTC
+    - cron: '0 1 * * *'
+  workflow_dispatch:
+
+jobs:
+  scan:
+    runs-on: github-ubuntu-latest-s
+    name: Scan on shadow platforms
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Vault
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
+      - uses: actions/checkout@v4
+      - uses: jdx/mise-action@v2
+      - uses: SonarSource/ci-github-actions/build-gradle@master # dogfood
+        env:
+          ARTIFACTORY_PRIVATE_USERNAME: vault-{REPO_OWNER_NAME_DASH}-private-reader
+          ARTIFACTORY_PRIVATE_PASSWORD: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
+        with:
+          run-shadow-scans: true
+          artifactory-reader-role: private-reader
+          artifactory-deployer-role: qa-deployer
+          gradle-args: --no-daemon --info --stacktrace --console plain build sonar
+      - name: Run IRIS Analysis
+        uses: SonarSource/unified-dogfooding-actions/run-iris@v1
+        with:
+          primary_project_key: "org.sonarsource.kotlin:kotlin"
+          primary_platform: "Next"
+          shadow1_project_key: "SonarSource_sonar-kotlin"
+          shadow1_platform: "SQC-EU"
+          shadow2_project_key: "SonarSource_sonar-kotlin"
+          shadow2_platform: "SQC-US"

.mise.toml

@@ -0,0 +1,3 @@
+[tools]
+java = "17.0"
+gradle = "8.10.1"