From 950e99bac222e45aec092f03b04b088c47144bf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yoann=20Rodi=C3=A8re?= Date: Wed, 26 Mar 2025 09:15:56 +0100 Subject: [PATCH] Publish Develocity build reports even on external PRs --- .github/workflows/build.yml | 74 ---------------------- .github/workflows/ci-report.yml | 69 ++++++++++++++++++++ .github/workflows/ci.yml | 109 ++++++++++++++++++++++++++++++++ 3 files changed, 178 insertions(+), 74 deletions(-) delete mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/ci-report.yml create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 8b55da2..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: GitHub Actions Build - -on: - push: - pull_request: - types: [opened, synchronize, reopened, ready_for_review] - -concurrency: - group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" - cancel-in-progress: ${{ github.event_name == 'pull_request' || github.repository != 'hibernate/hibernate-github-bot-playground' }} - -defaults: - run: - shell: bash - -env: - MAVEN_ARGS: "-e -B --fail-at-end" - -jobs: - build: - name: ${{matrix.os.name}} - runs-on: ${{ matrix.os.runs-on }} - strategy: - fail-fast: false - matrix: - os: - - { - name: "Linux JDK 17", - runs-on: 'ubuntu-latest', - java: { - version: 17 - } - } - # We can't start Linux containers on GitHub Actions' Windows VMs, - # so we can't run Elasticsearch tests. - # See https://github.com/actions/runner-images/issues/1143#issuecomment-972929995 - - { - name: "Windows JDK 17", - runs-on: 'windows-latest', - java: { - version: 17 - } - } - steps: - - name: Support longpaths on Windows - if: "startsWith(matrix.os.runs-on, 'windows')" - run: git config --global core.longpaths true - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - # Fetch the whole history to make sure that gitflow incremental builder - # can find the base commit. - fetch-depth: 0 - - name: Set up Java ${{ matrix.os.java.version }} - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 - with: - java-version: ${{ matrix.os.java.version }} - distribution: temurin - - name: Set up Maven - run: ./mvnw -v - - name: Building code and running unit tests and basic checks - run: | - ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean install \ - -Pjqassistant -Pdist -Pci-build -DskipITs - env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - DEVELOCITY_BASE_URL: "${{ env.DEVELOCITY_BASE_URL || 'https://develocity.commonhaus.dev' }}" - - name: Running integration tests in the default environment - run: | - ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean verify \ - -Pskip-checks \ - ${{ github.event.pull_request.base.ref && format('-Dincremental -Dgib.referenceBranch=refs/remotes/origin/{0}', github.event.pull_request.base.ref) || '' }} - env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - DEVELOCITY_BASE_URL: "${{ env.DEVELOCITY_BASE_URL || 'https://develocity.commonhaus.dev' }}" diff --git a/.github/workflows/ci-report.yml b/.github/workflows/ci-report.yml new file mode 100644 index 0000000..3250c9a --- /dev/null +++ b/.github/workflows/ci-report.yml @@ -0,0 +1,69 @@ +name: GH Actions CI reporting + +on: + workflow_run: + workflows: [ "GH Actions CI" ] + types: [ completed ] + +defaults: + run: + shell: bash + +env: + MAVEN_ARGS: "-e -B --settings .github/mvn-settings.xml --fail-at-end" + +jobs: + publish-build-scans: + name: Publish Develocity build scans + if: github.repository == 'hibernate/hibernate-search' && github.event.workflow_run.conclusion != 'cancelled' + runs-on: ubuntu-latest + steps: + # Checkout target branch which has trusted code + - name: Check out target branch + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + with: + persist-credentials: false + ref: ${{ github.ref }} + - name: Set up Java 21 + uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # 4.7.0 + with: + java-version: 21 + distribution: temurin + # https://github.com/actions/cache/blob/main/examples.md#java---maven + - name: Cache local Maven repository + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # 4.2.2 + with: + path: ~/.m2/repository + # use a different key than workflows running untrusted code + key: trusted-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + trusted-${{ runner.os }}-maven- + - name: Set up Maven + run: ./mvnw -v + - name: Download GitHub Actions artifacts for the Develocity build scans + id: downloadBuildScan + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # 4.1.9 + with: + pattern: build-scan-data-* + github-token: ${{ github.token }} + repository: ${{ github.repository }} + run-id: ${{ github.event.workflow_run.id }} + path: /tmp/downloaded-build-scan-data/ + # Don't fail the build if there are no matching artifacts + continue-on-error: true + - name: Publish Develocity build scans for previous builds + if: ${{ steps.downloadBuildScan.outcome != 'failure'}} + run: | + shopt -s nullglob # Don't run the loop below if there are no artifacts + status=0 + mkdir -p ~/.m2/.develocity/ + for build_scan_data_directory in /tmp/downloaded-build-scan-data/* + do + rm -rf ~/.m2/.develocity/build-scan-data + mv "$build_scan_data_directory" ~/.m2/.develocity/build-scan-data \ + && ./mvnw $MAVEN_ARGS develocity:build-scan-publish-previous || status=1 + done + exit $status + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY_PR }} + DEVELOCITY_BASE_URL: "${{ env.DEVELOCITY_BASE_URL || 'https://develocity.commonhaus.dev' }}" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..8d69205 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,109 @@ +name: GH Actions CI + +on: + push: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + +permissions: { } # none + +# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting. +concurrency: + # Consider that two builds are in the same concurrency group (cannot run concurrently) + # if they use the same workflow and are about the same branch ("ref") or pull request. + group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" + # Cancel previous builds in the same concurrency group even if they are in progress + # for pull requests or pushes to forks (not the upstream repository). + cancel-in-progress: ${{ github.event_name == 'pull_request' || github.repository != 'hibernate/hibernate-github-bot-playground' }} + +defaults: + run: + shell: bash + +env: + MAVEN_ARGS: "-e -B --fail-at-end" + +jobs: + build: + name: ${{matrix.os.name}} + runs-on: ${{ matrix.os.runs-on }} + strategy: + fail-fast: false + matrix: + os: + - { + name: "Linux JDK 17", + runs-on: 'ubuntu-latest', + java: { + version: 17 + } + } + # We can't start Linux containers on GitHub Actions' Windows VMs, + # so we can't run Elasticsearch tests. + # See https://github.com/actions/runner-images/issues/1143#issuecomment-972929995 + - { + name: "Windows JDK 17", + runs-on: 'windows-latest', + java: { + version: 17 + } + } + steps: + - name: Support longpaths on Windows + if: "startsWith(matrix.os.runs-on, 'windows')" + run: git config --global core.longpaths true + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + with: + persist-credentials: false + # Fetch the whole history to make sure that gitflow incremental builder + # can find the base commit. + fetch-depth: 0 + - name: Set up Java ${{ matrix.os.java.version }} + uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # 4.7.0 + with: + java-version: ${{ matrix.os.java.version }} + distribution: temurin + # https://github.com/actions/cache/blob/main/examples.md#java---maven + - name: Cache local Maven repository + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # 4.2.2 + with: + path: ~/.m2/repository + # use a different key than workflows running in trusted mode + key: ${{ github.event_name == 'push' && 'trusted' || 'untrusted' }}-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ github.event_name == 'push' && 'trusted' || 'untrusted' }}-${{ runner.os }}-maven- + - name: Set up Maven + run: ./mvnw -v + + - name: Build code and run unit tests and basic checks + run: | + ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean install \ + -Pjqassistant -Pdist -Pci-build -DskipITs + env: + DEVELOCITY_ACCESS_KEY: "${{ secrets.DEVELOCITY_ACCESS_KEY || '' }}" + DEVELOCITY_BASE_URL: "${{ env.DEVELOCITY_BASE_URL || 'https://develocity.commonhaus.dev' }}" + # For jobs running on 'pull_request', upload build scan data. + # The actual publishing must be done in a separate job (see ci-report.yml). + # We don't write to the remote cache as that would be unsafe. + - name: Upload GitHub Actions artifact for the Develocity build scan + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # 4.6.1 + if: "${{ github.event_name == 'pull_request' && !cancelled() }}" + with: + name: build-scan-data-initial-${{ matrix.os.name }} + path: ~/.m2/.develocity/build-scan-data + + - name: Run integration tests in the default environment + run: | + ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean verify \ + -Pskip-checks \ + ${{ github.event.pull_request.base.ref && format('-Dincremental -Dgib.referenceBranch=refs/remotes/origin/{0}', github.event.pull_request.base.ref) || '' }} + env: + DEVELOCITY_ACCESS_KEY: "${{ secrets.DEVELOCITY_ACCESS_KEY || '' }}" + DEVELOCITY_BASE_URL: "${{ env.DEVELOCITY_BASE_URL || 'https://develocity.commonhaus.dev' }}" + # Same as above, but for the build scan of the latest Maven run. + - name: Upload GitHub Actions artifact for the Develocity build scan + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # 4.6.1 + if: "${{ github.event_name == 'pull_request' && !cancelled() }}" + with: + name: build-scan-data-integrationtest-${{ matrix.os.name }} + path: ~/.m2/.develocity/build-scan-data