-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optimize CI a bit #574
base: main
Are you sure you want to change the base?
Optimize CI a bit #574
Changes from all commits
aacfdfe
fb59391
8932a0e
f347696
600aeb9
f6acc0d
0145156
a272ca4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,6 +18,7 @@ jobs: | |
run: echo "The selected java versions are ${{ steps.set-matrix.outputs.version_matrix }}" | ||
outputs: | ||
version_matrix: ${{ steps.set-matrix.outputs.version_matrix }} | ||
|
||
build: | ||
needs: build-jvm-matrix | ||
strategy: | ||
|
@@ -27,7 +28,7 @@ jobs: | |
java_version: ${{ fromJson(needs.build-jvm-matrix.outputs.version_matrix) }} | ||
runs-on: ${{ matrix.os }} | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- name: configure windows pagefile | ||
if: ${{ matrix.os == 'windows-latest' }} | ||
uses: al-cheb/[email protected] | ||
|
@@ -36,50 +37,23 @@ jobs: | |
maximum-size: 8GB | ||
disk-root: "D:" | ||
- name: set up JDK | ||
uses: actions/setup-java@v2 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: ${{ matrix.java_version }} | ||
distribution: 'zulu' | ||
- name: Restore Gradle caches | ||
uses: actions/cache@v2 | ||
with: | ||
path: | | ||
~/.gradle/caches/modules-2 | ||
~/.gradle/caches/files-2.1 | ||
~/.gradle/caches/metadata-2.96 | ||
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-cache- | ||
# Inspired by https://github.com/actions/cache/issues/432#issuecomment-740376179 | ||
- name: Restore TestKit cache | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does this now get handled by the Gradle Action? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nope, if we still need to cache testKit dir, can we store them to |
||
uses: actions/cache@v2 | ||
with: | ||
path: | | ||
plugin/.gradle-test-kit/caches/modules-2 | ||
plugin/.gradle-test-kit/caches/files-2.1 | ||
plugin/.gradle-test-kit/caches/metadata-2.96 | ||
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}-${{ github.sha }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}- | ||
${{ runner.os }}-gradle-wrapper- | ||
- name: Restore Gradle wrapper | ||
uses: actions/cache@v2 | ||
- uses: gradle/actions/setup-gradle@v3 | ||
with: | ||
path: | | ||
~/.gradle/wrapper | ||
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-wrapper- | ||
gradle-home-cache-cleanup: true | ||
- name: Build plugin | ||
run: ./plugin/gradlew -p ./plugin assemble ensureDependenciesAreInlined test --no-daemon | ||
- name: Upload test results | ||
uses: actions/upload-artifact@v2 | ||
uses: actions/upload-artifact@v4 | ||
if: failure() | ||
with: | ||
name: test-results-${{ runner.os }} | ||
path: plugin/build/reports/tests/test/ | ||
- name: Upload Memory Dump | ||
uses: actions/upload-artifact@v2 | ||
uses: actions/upload-artifact@v4 | ||
if: failure() | ||
with: | ||
name: memory-dump-${{ runner.os }} | ||
|
@@ -95,9 +69,9 @@ jobs: | |
runs-on: ubuntu-latest | ||
needs: build | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- name: set up JDK 11 | ||
uses: actions/setup-java@v2 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: 11 | ||
distribution: 'zulu' | ||
|
@@ -109,20 +83,9 @@ jobs: | |
run: sudo apt install -qq libdistro-info-perl | ||
- name: Install checkbashisms | ||
run: sudo apt-get install -qq devscripts | ||
- name: Restore Gradle caches | ||
uses: actions/cache@v2 | ||
- uses: gradle/actions/setup-gradle@v3 | ||
with: | ||
path: ~/.gradle/caches | ||
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-cache- | ||
- name: Restore Gradle wrapper | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.gradle/wrapper | ||
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-wrapper- | ||
gradle-home-cache-cleanup: true | ||
- name: Check git bashisms | ||
run: ./gradlew addKtlintCheckGitPreCommitHook --no-daemon && checkbashisms .git/hooks/pre-commit | ||
|
||
|
@@ -133,25 +96,14 @@ jobs: | |
runs-on: ${{ matrix.os }} | ||
needs: build | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- name: set up JDK 1.8 | ||
uses: actions/setup-java@v2 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: 8 | ||
distribution: 'zulu' | ||
- name: Restore Gradle caches | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.gradle/caches | ||
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-cache- | ||
- name: Restore Gradle wrapper | ||
uses: actions/cache@v2 | ||
- uses: gradle/actions/setup-gradle@v3 | ||
with: | ||
path: ~/.gradle/wrapper | ||
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-wrapper- | ||
gradle-home-cache-cleanup: true | ||
- name: Check ktlint-plugin on samples | ||
run: ./gradlew ktlintCheck --no-daemon |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,15 +7,13 @@ on: | |
jobs: | ||
build: | ||
name: Changelog Entry Check | ||
|
||
runs-on: ubuntu-latest | ||
|
||
if: github.repository == 'JLLeitschuh/ktlint-gradle' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why? What value does this if check add? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No much necessary to run these jobs in forked repos. |
||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- uses: actions/checkout@v4 | ||
- name: Grep CHANGES.md for PR number | ||
if: contains(github.event.pull_request.labels.*.name, 'skip news') != true | ||
run: | | ||
grep -Pz "\[(\n\s*)?#${{ github.event.pull_request.number }}(\n\s*)?\]\((\n\s*)?https://github\.com/JLLeitschuh/ktlint-gradle/pull/${{ github.event.pull_request.number }}(\n\s*)?\)" CHANGELOG.md || \ | ||
(echo "Please add '[#${{ github.event.pull_request.number }}](https://github.com/JLLeitschuh/ktlint-gradle/pull/${{ github.event.pull_request.number }})' change line to CHANGELOG.md" && \ | ||
exit 1) | ||
exit 1) |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,13 @@ | ||
name: "Validate Gradle Wrapper" | ||
|
||
on: [push, pull_request] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'd prefer to keep these. And I don't know if the filtering adds much value. It actual adds additional risk, as it completely misses the second Gradle wrapper in the plugins directory There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Reverted. |
||
|
||
jobs: | ||
validation: | ||
name: "Validation" | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- uses: gradle/wrapper-validation-action@v1 | ||
with: | ||
min-wrapper-count: 2 |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,38 +8,24 @@ jobs: | |
make-new-release: | ||
name: "Releasing plugin" | ||
runs-on: ubuntu-latest | ||
if: github.repository == 'JLLeitschuh/ktlint-gradle' | ||
env: | ||
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | ||
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | ||
GITHUB_KEY: ${{ secrets.GithubKey }} | ||
Comment on lines
+13
to
+15
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why move these to the top when they are only needed for 2 steps. I don't see value in exposing these env variables to other action steps. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just reuse them for steps. |
||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/checkout@v4 | ||
- name: set up JDK 1.8 | ||
uses: actions/setup-java@v2 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: 8 | ||
distribution: 'zulu' | ||
- name: Restore Gradle caches | ||
uses: actions/cache@v2 | ||
- uses: gradle/actions/setup-gradle@v3 | ||
with: | ||
path: ~/.gradle/caches | ||
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-cache- | ||
- name: Restore Gradle wrapper | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.gradle/wrapper | ||
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle-wrapper- | ||
gradle-home-cache-cleanup: true | ||
- name: Publish plugin | ||
env: | ||
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | ||
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | ||
GITHUB_KEY: ${{ secrets.GithubKey }} | ||
run: ./plugin/gradlew -p ./plugin publishPlugins --no-daemon | ||
- name: Create new Github release | ||
env: | ||
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | ||
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | ||
GITHUB_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
run: ./plugin/gradlew -p ./plugin githubRelease --no-daemon | ||
- name: Update VERSION_LATEST_RELEASE to new published version | ||
run: cp plugin/VERSION_CURRENT.txt plugin/VERSION_LATEST_RELEASE.txt | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,6 +21,7 @@ jobs: | |
analysis: | ||
name: Scorecard analysis | ||
runs-on: ubuntu-latest | ||
if: github.repository == 'JLLeitschuh/ktlint-gradle' | ||
permissions: | ||
# Needed to upload the results to code-scanning dashboard. | ||
security-events: write | ||
|
@@ -32,7 +33,7 @@ jobs: | |
|
||
steps: | ||
- name: "Checkout code" | ||
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 | ||
uses: actions/checkout@4 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Using the exact commit hash is done intentionally. It's a suggested security measure, advised by security scorecard. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We can pin them to hash, but there would be better to enable @renovate-bot for this repo to keep thing up to date. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Dependabot can assist here as well I believe |
||
with: | ||
persist-credentials: false | ||
|
||
|
@@ -59,14 +60,14 @@ jobs: | |
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF | ||
# format to the repository Actions tab. | ||
- name: "Upload artifact" | ||
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 | ||
uses: actions/upload-artifact@4 | ||
with: | ||
name: SARIF file | ||
path: results.sarif | ||
retention-days: 5 | ||
|
||
# Upload the results to GitHub's code scanning dashboard. | ||
- name: "Upload to code-scanning" | ||
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 | ||
uses: github/codeql-action/upload-sarif@3 | ||
with: | ||
sarif_file: results.sarif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you make sure this action is being run with no credentials?