From c3952a3e4cdf6328ffd4d7c7e1fb5f237db7e142 Mon Sep 17 00:00:00 2001 From: Tobias Gesellchen Date: Sun, 1 Oct 2023 14:08:42 +0200 Subject: [PATCH] CI: use the gradle-build action and improve test report handling --- .github/workflows/cd.yml | 40 ++++++++++++--- .github/workflows/ci.yml | 29 ++++++++--- .github/workflows/publish-test-results.yml | 57 +++++++++++----------- .github/workflows/release.yml | 40 ++++++++++++--- 4 files changed, 116 insertions(+), 50 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 4867a480f..9a442f2f1 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -5,8 +5,27 @@ on: branches: - main jobs: - publish: + event-file: + # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches + name: "Event File" runs-on: ubuntu-latest + steps: + - name: Upload + uses: actions/upload-artifact@v3 + with: + name: event-file + path: ${{ github.event_path }} + publish: + strategy: + matrix: + os: + - ubuntu-latest + # - windows-latest + # - macos-latest + java: + - 8 + # - 17 + runs-on: ${{ matrix.os }} timeout-minutes: 20 steps: - uses: actions/checkout@v4 @@ -16,18 +35,23 @@ jobs: uses: actions/setup-java@v3.13.0 with: distribution: 'zulu' - java-version: 8 - cache: 'gradle' + java-version: ${{ matrix.java }} + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 +# - name: Install Docker on macOS +# uses: douglascamata/setup-docker-macos-action@v1-alpha - name: build publish run: ./gradlew clean build publish --info --stacktrace env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_SIGNING_KEY }} ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_SIGNING_PASSWORD }} - - name: Publish Test Report - if: ${{ always() }} - uses: scacap/action-surefire-report@v1 + - name: Upload Test Results + # see publish-test-results.yml for workflow that publishes test results without security issues for forks + # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches + if: always() + uses: actions/upload-artifact@v3 with: - github_token: ${{ secrets.GITHUB_TOKEN }} - report_paths: '**/build/test-results/test/TEST-*.xml' + name: Test Results (Java ${{ matrix.java }} on ${{ matrix.os }}) + path: '**/build/test-results/test/TEST-*.xml' ... diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c8884af0..d67e93528 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,11 +6,26 @@ on: branches-ignore: - main jobs: + event-file: + # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches + name: "Event File" + runs-on: ubuntu-latest + steps: + - name: Upload + uses: actions/upload-artifact@v3 + with: + name: event-file + path: ${{ github.event_path }} ci-build: strategy: matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] - java: [ 8, 17 ] + os: + - ubuntu-latest + - windows-latest + - macos-latest + java: + - 8 + - 17 runs-on: ${{ matrix.os }} timeout-minutes: 20 steps: @@ -22,10 +37,11 @@ jobs: with: distribution: 'zulu' java-version: ${{ matrix.java }} - cache: 'gradle' + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 - name: Install Docker on macOS if: matrix.os == 'macos-latest' - uses: ./.github/actions/docker-install-macos + uses: douglascamata/setup-docker-macos-action@v1-alpha - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -43,9 +59,10 @@ jobs: run: ./gradlew clean build --info --stacktrace - name: Upload Test Results # see publish-test-results.yml for workflow that publishes test results without security issues for forks + # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches + if: always() uses: actions/upload-artifact@v3 - if: ${{ always() }} with: - name: test-results + name: Test Results (Java ${{ matrix.java }} on ${{ matrix.os }}) path: '**/build/test-results/test/TEST-*.xml' ... diff --git a/.github/workflows/publish-test-results.yml b/.github/workflows/publish-test-results.yml index 0a4cc3fbe..38d42bc6f 100644 --- a/.github/workflows/publish-test-results.yml +++ b/.github/workflows/publish-test-results.yml @@ -10,41 +10,42 @@ on: workflow_run: workflows: - CI + - Publish + - Release types: - completed +permissions: {} jobs: - # Job based on https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + # Job based on + # - https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + # - https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches publish-test-results: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' }} + if: github.event.workflow_run.conclusion != 'skipped' + + permissions: + checks: write + # needed unless run with comment_mode: off + pull-requests: write + # only needed for private repository + #contents: read + # only needed for private repository + #issues: read + # required by download step to access artifacts API + actions: read + steps: - # Unfortunately, the official actions/download-artifact action is very limited in scope. - # Can't use it yet in this context, https://github.com/actions/download-artifact/issues/60 - - name: Download artifact - uses: actions/github-script@v6 + - name: Download and Extract Artifacts + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: - script: | - var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: ${{ github.event.workflow_run.id }}, - }); - var matchArtifact = artifacts.data.artifacts.filter((artifact) => { - return artifact.name == "test-results" - })[0]; - var download = await github.rest.actions.downloadArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: matchArtifact.id, - archive_format: 'zip', - }); - var fs = require('fs'); - fs.writeFileSync('${{github.workspace}}/test-results.zip', Buffer.from(download.data)); - - run: unzip test-results.zip + run_id: ${{ github.event.workflow_run.id }} + path: artifacts - name: Publish Test Results - uses: scacap/action-surefire-report@v1 + uses: EnricoMi/publish-unit-test-result-action@v2 with: - commit: ${{ github.event.workflow_run.head_commit.id }} - github_token: ${{ secrets.GITHUB_TOKEN }} - report_paths: '**/build/test-results/test/TEST-*.xml' + commit: ${{ github.event.workflow_run.head_sha }} + event_file: artifacts/event-file/event.json + event_name: ${{ github.event.workflow_run.event }} + files: "artifacts/**/build/test-results/test/TEST-*.xml" +... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 622ddb9b9..fa5766366 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,8 +7,27 @@ on: # - published jobs: - release: + event-file: + # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches + name: "Event File" runs-on: ubuntu-latest + steps: + - name: Upload + uses: actions/upload-artifact@v3 + with: + name: event-file + path: ${{ github.event_path }} + release: + strategy: + matrix: + os: + - ubuntu-latest + # - windows-latest + # - macos-latest + java: + - 8 + # - 17 + runs-on: ${{ matrix.os }} timeout-minutes: 20 steps: - uses: actions/checkout@v4 @@ -18,8 +37,11 @@ jobs: uses: actions/setup-java@v3.13.0 with: distribution: 'zulu' - java-version: 8 - cache: 'gradle' + java-version: ${{ matrix.java }} + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 +# - name: Install Docker on macOS +# uses: douglascamata/setup-docker-macos-action@v1-alpha - name: Set artifact version run: | echo "RELEASE_VERSION=$(echo '${{ github.event.release.tag_name }}' | sed -e s/^v//)" >> $GITHUB_ENV @@ -32,10 +54,12 @@ jobs: SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }} SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} - - name: Publish Test Report - if: ${{ always() }} - uses: scacap/action-surefire-report@v1 + - name: Upload Test Results + # see publish-test-results.yml for workflow that publishes test results without security issues for forks + # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches + if: always() + uses: actions/upload-artifact@v3 with: - github_token: ${{ secrets.GITHUB_TOKEN }} - report_paths: '**/build/test-results/test/TEST-*.xml' + name: Test Results (Java ${{ matrix.java }} on ${{ matrix.os }}) + path: '**/build/test-results/test/TEST-*.xml' ...