From 1d4f2d8458f685db1934376466cf8e0bbd911ba4 Mon Sep 17 00:00:00 2001
From: Aakash Nayak <aanayak@google.com>
Date: Fri, 30 Aug 2024 16:19:20 +0530
Subject: [PATCH] Run build with unit tests without elevated permissions

---
 .github/workflows/build-report.yml | 53 ++++++++++++++++++++++++++++++
 .github/workflows/build.yml        | 38 ++++++++++-----------
 .github/workflows/trigger.yml      | 47 --------------------------
 3 files changed, 72 insertions(+), 66 deletions(-)
 create mode 100644 .github/workflows/build-report.yml
 delete mode 100644 .github/workflows/trigger.yml

diff --git a/.github/workflows/build-report.yml b/.github/workflows/build-report.yml
new file mode 100644
index 0000000..5f44c69
--- /dev/null
+++ b/.github/workflows/build-report.yml
@@ -0,0 +1,53 @@
+# Copyright © 2024 Cask Data, Inc.
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#  http://www.apache.org/licenses/LICENSE-2.0
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven   
+
+# Note: Any changes to this workflow would be used only after merging into develop
+name:   
+ Build Unit Tests Report
+
+on:
+  workflow_run:
+    workflows:
+    - Build with unit tests
+    types:
+    - completed
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: ${{ github.event.workflow_run.conclusion != 'skipped' }}
+
+    steps:
+    # Pinned 1.0.0 version
+    - uses: marocchino/action-workflow_run-status@54b6e87d6cb552fc5f36dbe9a722a6048725917a
+
+    - name: Download artifact
+      uses: actions/download-artifact@v4
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        run-id: ${{ github.event.workflow_run.id }}
+        path: artifacts/
+
+    - name: Surefire Report
+      # Pinned 3.5.2 version
+      uses: mikepenz/action-junit-report@16a9560bd02f11e7e3bf6b3e2ef6bba6c9d07c32
+      if: always()
+      with:
+        report_paths: '**/target/surefire-reports/TEST-*.xml'
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        detailed_summary: true
+        commit: ${{ github.event.workflow_run.head_sha }}
+        check_name: Build Test Report
+
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e4a07f7..c37580b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,21 +15,28 @@
 name: Build with unit tests
 
 on:
-  workflow_run:
-    workflows:
-      - Trigger build
-    types:
-      - completed
+  push:
+    branches: [ develop, release/** ]
+  pull_request:
+    branches: [ develop, release/** ]
+    types: [opened, synchronize, reopened, labeled]
 
 jobs:
   build:
     runs-on: k8s-runner-build
 
-    if: ${{ github.event.workflow_run.conclusion != 'skipped' }}
-
+    # We allow builds:
+    # 1) When it's a merge into a branch
+    # 2) For PRs that are labeled as build and
+    #  - It's a code change
+    #  - A build label was just added
+    # A bit complex, but prevents builds when other labels are manipulated
+    if: >
+      github.event_name == 'push'
+      || (contains(github.event.pull_request.labels.*.name, 'build')
+         && (github.event.action != 'labeled' || github.event.label.name == 'build')
+         )
     steps:
-      # Pinned 1.0.0 version
-      - uses: marocchino/action-workflow_run-status@54b6e87d6cb552fc5f36dbe9a722a6048725917a
       - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.workflow_run.head_sha }}
@@ -43,18 +50,11 @@ jobs:
       - name: Build with Maven
         run: mvn clean test -fae -T 2 -B -V -DcloudBuild -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=25
       - name: Archive build artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: Build debug files
+          name: reports-${{ github.run_id }}
           path: |
             **/target/rat.txt
             **/target/surefire-reports/*
-      - name: Surefire Report
-        # Pinned 1.0.5 version
-        uses: ScaCap/action-surefire-report@ad808943e6bfbd2e6acba7c53fdb5c89534da533
-        if: always()
-        with:
-          # GITHUB_TOKEN
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          commit: ${{ github.event.workflow_run.head_sha }}
+
diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml
deleted file mode 100644
index e5693af..0000000
--- a/.github/workflows/trigger.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-# Copyright © 2021 Cask Data, Inc.
-#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
-#  use this file except in compliance with the License. You may obtain a copy of
-#  the License at
-#  http://www.apache.org/licenses/LICENSE-2.0
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations under
-#  the License.
-
-# This workflow will trigger build.yml only when needed.
-# This way we don't flood main workflow run list
-# Note that build.yml from develop will be used even for PR builds
-# Also it will have access to the proper GITHUB_SECRET
-
-name: Trigger build
-
-on:
-  push:
-    branches: [ develop, release/** ]
-  pull_request:
-    branches: [ develop, release/** ]
-    types: [opened, synchronize, reopened, labeled]
-  workflow_dispatch:
-
-jobs:
-  trigger:
-    runs-on: ubuntu-latest
-
-    # We allow builds:
-    # 1) When triggered manually
-    # 2) When it's a merge into a branch
-    # 3) For PRs that are labeled as build and
-    #  - It's a code change
-    #  - A build label was just added
-    # A bit complex, but prevents builds when other labels are manipulated
-    if: >
-      github.event_name == 'workflow_dispatch'
-      || github.event_name == 'push'
-      || (contains(github.event.pull_request.labels.*.name, 'build')
-         && (github.event.action != 'labeled' || github.event.label.name == 'build')
-         )
-
-    steps:
-      - name: Trigger build
-        run: echo Maven build will be triggered now