-
Notifications
You must be signed in to change notification settings - Fork 1.4k
221 lines (212 loc) · 7.51 KB
/
build-pull-requests.yml
File metadata and controls
221 lines (212 loc) · 7.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
name: Build Pull Request
on:
pull_request:
paths-ignore:
- '*.md' # Ignore only in root; we generally want to run build for `site/` changes
- '**/README.md' # Ignore all READMEs
- '.github/**/*.md' # Ignore github config
permissions: {}
jobs:
build:
strategy:
matrix:
jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc
jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using
fail-fast: false
name: Build and Test (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }})
permissions:
security-events: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Check ODC Data Cache
id: odc-data-cache
uses: actions/cache@v5
with:
path: core/target/data
key: odc-data
- uses: actions/setup-dotnet@v5.2.0
with:
dotnet-version: '8.0.x'
- name: Set up JDKs
uses: actions/setup-java@v5
with:
java-version: | # last version takes precedence as default
${{ matrix.jdk_test_version }}
${{ matrix.jdk_default_version }}
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: 6.0.2
- name: Build/Test with Maven
id: build
run: >
mvn -V -s settings.xml -pl '!maven' -am
clean verify
-Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64"
${{ matrix.jdk_test_version == matrix.jdk_default_version && 'source:jar javadoc:jar site' || '' }}
--no-transfer-progress --batch-mode -Dstyle.color=always
- name: SARIF Multitool
uses: microsoft/sarif-actions@v0.2
with:
# Command to be sent to SARIF Multitool
command: 'validate core/target/test-reports/Report.sarif'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: utils/target/spotbugsSarif.json
category: spotbugs-utils
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: cli/target/spotbugsSarif.json
category: spotbugs-cli
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ant/target/spotbugsSarif.json
category: spotbugs-ant
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: core/target/spotbugsSarif.json
category: spotbugs-core
- name: Archive Snapshot
if: matrix.jdk_test_version == matrix.jdk_default_version
id: archive-snapshot
uses: actions/upload-artifact@v7
with:
name: archive-snapshot
retention-days: 1
path: |
**/target/*.asc
**/target/*.jar
**/target/*.pom
ant/target/*.zip
cli/target/*.zip
maven:
strategy:
matrix:
jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc
jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using
fail-fast: false
name: Regression Test Maven Plugin (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }})
permissions:
security-events: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Maven Integration Test Cache
id: maven-it-cache
uses: actions/cache@v5
with:
path: maven/target/local-repo
key: mvn-it-repo
- name: Check ODC Data Cache
id: odc-data-cache
uses: actions/cache@v5
with:
path: core/target/data
key: odc-data
- uses: actions/setup-dotnet@v5.2.0
with:
dotnet-version: '8.0.x'
- name: Set up JDKs
uses: actions/setup-java@v5
with:
java-version: | # last version takes precedence as default
${{ matrix.jdk_test_version }}
${{ matrix.jdk_default_version }}
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: 6.0.2
- name: Regression Test Maven Plugin
id: build
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: >
mvn -V -s settings.xml -pl maven -am
clean verify -DskipTests=true -PFullIntegrationTesting
-Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64"
--no-transfer-progress --batch-mode -Dstyle.color=always
- name: Archive IT test logs
id: archive-logs
if: always()
uses: actions/upload-artifact@v7
with:
name: it-test-logs-jdk-${{ matrix.jdk_test_version }}
retention-days: 7
path: maven/target/it/**/build.log
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: maven/target/spotbugsSarif.json
category: spotbugs-maven
checkstyle:
name: Checkstyle Validation
permissions:
security-events: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up JDK
uses: actions/setup-java@v5
with:
java-version: '25'
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- name: Checkstyle
id: checkstyle
run: |
mvn -V -s settings.xml checkstyle:checkstyle-aggregate --no-transfer-progress --batch-mode -Dstyle.color=always
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: target/checkstyle-result.sarif
category: checkstyle
docker:
permissions:
contents: read # to fetch code (actions/checkout)
name: Build and Test Docker
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Set up JDK
uses: actions/setup-java@v5
with:
java-version: '25'
distribution: 'zulu'
check-latest: true
cache: 'maven'
cache-dependency-path: '**/pom.xml'
- name: Download release build
uses: actions/download-artifact@v8
with:
name: archive-snapshot
- name: Set up Docker
uses: docker/setup-docker-action@v5
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Build Docker Image
run: ./docker-build.sh
- name: build scan target
run: >
mvn -V -s settings.xml -pl cli -am
package -DskipTests=true
--no-transfer-progress --batch-mode -Dstyle.color=always
- name: Test Docker Image
run: ./docker-test.sh