diff --git a/.github/ci-prerequisites-atlas.sh b/.github/ci-prerequisites-atlas.sh new file mode 100755 index 000000000000..b0a16f22b1e8 --- /dev/null +++ b/.github/ci-prerequisites-atlas.sh @@ -0,0 +1,6 @@ +# Reclaims disk space and sanitizes user home on Atlas infrastructure + +# We use the GitHub cache for the relevant parts of these directories. +# Also, we do not want to keep things like ~/.gradle/build-scan-data. +rm -rf ~/.gradle/ +rm -rf ~/.m2/ diff --git a/.github/workflows/atlas.yml b/.github/workflows/atlas.yml deleted file mode 100644 index 9ff3accac72d..000000000000 --- a/.github/workflows/atlas.yml +++ /dev/null @@ -1,118 +0,0 @@ -# The main CI of Hibernate ORM is https://ci.hibernate.org/job/hibernate-orm-pipeline/. -# However, Hibernate ORM builds run on GitHub actions regularly -# to check that it still works and can be used in GitHub forks. -# See https://docs.github.com/en/free-pro-team@latest/actions -# for more information about GitHub actions. - -name: Hibernate ORM build-Atlas - -on: - push: - branches: - - '6.6' - # WARNING: Using pull_request_target to access secrets, but we check out the PR head commit. - # See checkout action for details. - pull_request_target: - branches: - - '6.6' - -permissions: {} # none - -# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting. -concurrency: - # Consider that two builds are in the same concurrency group (cannot run concurrently) - # if they use the same workflow and are about the same branch ("ref") or pull request. - group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" - # Cancel previous builds in the same concurrency group even if they are in process - # for pull requests or pushes to forks (not the upstream repository). - cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-orm' }} - -jobs: - build: - permissions: - contents: read - name: Java 11 - # runs-on: ubuntu-latest - runs-on: [self-hosted, Linux, X64, OCI] - strategy: - fail-fast: false - matrix: - include: - - rdbms: oracle_atps - - rdbms: oracle_db19c - - rdbms: oracle_db21c - - rdbms: oracle_db23c - steps: - - name: Check out commit already pushed to branch - if: "! github.event.pull_request.number" - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Check out PR head - uses: actions/checkout@v4 - if: github.event.pull_request.number - with: - # WARNING: This is potentially dangerous since we're checking out unreviewed code, - # and since we're using the pull_request_target event we can use secrets. - # Thus, we must be extra careful to never expose secrets to steps that execute this code, - # and to strictly limit our of secrets to those that only pose minor security threats. - # This means in particular we won't expose Develocity credentials to the main gradle executions, - # but instead will execute gradle a second time just to push build scans to Develocity; - # see below. - ref: "refs/pull/${{ github.event.pull_request.number }}/head" - persist-credentials: false - - name: Reclaim Disk Space - run: .github/ci-prerequisites.sh - - name: Start database - env: - RDBMS: ${{ matrix.rdbms }} - RUNID: ${{ github.run_number }} - run: ci/database-start.sh - - name: Set up Java 11 - uses: graalvm/setup-graalvm@v1 - with: - distribution: 'graalvm' - java-version: '21' - - name: Get year/month for cache key - id: get-date - run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT - shell: bash - - name: Cache Maven local repository - uses: actions/cache@v4 - id: cache-maven - with: - path: | - ~/.m2/repository - ~/.gradle/caches/ - ~/.gradle/wrapper/ - # refresh cache every month to avoid unlimited growth - key: maven-localrepo-${{ steps.get-date.outputs.yearmonth }} - - name: Run build script - env: - RDBMS: ${{ matrix.rdbms }} - RUNID: ${{ github.run_number }} - # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code. - # WARNING: As this runs on untrusted nodes, we use the same access key as for PRs: - # it has limited access, essentially it can only push build scans. - DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR || '' }}" - run: ./ci/build-github.sh - shell: bash - - name: Publish Develocity build scan for previous build - # Don't fail a build if publishing fails - continue-on-error: true - if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-orm' }}" - run: | - ./gradlew buildScanPublishPrevious - env: - # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code. - DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }} - - name: Upload test reports (if Gradle failed) - uses: actions/upload-artifact@v4 - if: failure() - with: - name: test-reports-java11-${{ matrix.rdbms }} - path: | - ./**/target/reports/tests/ - ./**/target/reports/checkstyle/ - - name: Omit produced artifacts from build cache - run: ./ci/before-cache.sh \ No newline at end of file diff --git a/.github/workflows/ci-report.yml b/.github/workflows/ci-report.yml new file mode 100644 index 000000000000..73ce74cd3b96 --- /dev/null +++ b/.github/workflows/ci-report.yml @@ -0,0 +1,78 @@ +name: GH Actions CI reporting + +on: + workflow_run: + workflows: [ "GH Actions CI" ] + types: [ completed ] + +defaults: + run: + shell: bash + +jobs: + publish-build-scans: + name: Publish Develocity build scans + if: github.repository == 'hibernate/hibernate-orm' && github.event.workflow_run.conclusion != 'cancelled' + runs-on: ubuntu-latest + steps: + # Checkout target branch which has trusted code + - name: Check out target branch + uses: actions/checkout@v4 + with: + persist-credentials: false + ref: ${{ github.ref }} + - name: Set up Java 11 + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '11' + + - name: Generate cache key + id: cache-key + run: | + CURRENT_BRANCH="${{ github.repository != 'hibernate/hibernate-orm' && 'fork' || github.base_ref || github.ref_name }}" + CURRENT_MONTH=$(/bin/date -u "+%Y-%m") + CURRENT_DAY=$(/bin/date -u "+%d") + ROOT_CACHE_KEY="buildtool-cache" + echo "buildtool-monthly-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}" >> $GITHUB_OUTPUT + echo "buildtool-monthly-branch-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}" >> $GITHUB_OUTPUT + echo "buildtool-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}-${CURRENT_DAY}" >> $GITHUB_OUTPUT + - name: Restore Maven/Gradle Dependency/Dist Caches + uses: actions/cache/restore@v4 + with: + path: | + ~/.m2/repository/ + ~/.m2/wrapper/ + ~/.gradle/caches/modules-2 + ~/.gradle/wrapper/ + key: ${{ steps.cache-key.outputs.buildtool-cache-key }} + restore-keys: | + ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}- + ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}- + + - name: Download GitHub Actions artifacts for the Develocity build scans + id: downloadBuildScan + uses: actions/download-artifact@v4 + with: + pattern: build-scan-data-* + github-token: ${{ github.token }} + repository: ${{ github.repository }} + run-id: ${{ github.event.workflow_run.id }} + path: /tmp/downloaded-build-scan-data/ + # Don't fail the build if there are no matching artifacts + continue-on-error: true + - name: Publish Develocity build scans for previous builds + if: ${{ steps.downloadBuildScan.outcome != 'failure'}} + run: | + shopt -s nullglob # Don't run the loop below if there are no artifacts + status=0 + mkdir -p ~/.gradle/ + for build_scan_data_directory in /tmp/downloaded-build-scan-data/* + do + rm -rf ~/.gradle/build-scan-data + mv "$build_scan_data_directory" ~/.gradle/build-scan-data \ + && ./gradlew --no-build-cache buildScanPublishPrevious || status=1 + done + exit $status + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY_PR }} \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000000..adabb0da7817 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,239 @@ +name: GH Actions CI + +on: + push: + branches: + - '6.6' + pull_request: + branches: + - '6.6' + +permissions: {} # none + +# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting. +concurrency: + # Consider that two builds are in the same concurrency group (cannot run concurrently) + # if they use the same workflow and are about the same branch ("ref") or pull request. + group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" + # Cancel previous builds in the same concurrency group even if they are in progress + # for pull requests or pushes to forks (not the upstream repository). + cancel-in-progress: ${{ github.event_name == 'pull_request' || github.repository != 'hibernate/hibernate-orm' }} + +jobs: + + # Main job for h2/docker DBs. + build: + permissions: + contents: read + name: OpenJDK 11 - ${{matrix.rdbms}} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - rdbms: h2 + - rdbms: hsqldb + - rdbms: derby + - rdbms: mysql + - rdbms: mariadb + - rdbms: postgresql + - rdbms: edb + - rdbms: oracle + - rdbms: db2 + - rdbms: mssql + - rdbms: sybase +# Running with CockroachDB requires at least 2-4 vCPUs, which we don't have on GH Actions runners +# - rdbms: cockroachdb +# Running with HANA requires at least 8GB memory just for the database, which we don't have on GH Actions runners +# - rdbms: hana + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Reclaim Disk Space + run: .github/ci-prerequisites.sh + - name: Start database + env: + RDBMS: ${{ matrix.rdbms }} + run: ci/database-start.sh + - name: Set up Java 11 + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '11' + + - name: Generate cache key + id: cache-key + run: | + CURRENT_BRANCH="${{ github.repository != 'hibernate/hibernate-orm' && 'fork' || github.base_ref || github.ref_name }}" + CURRENT_MONTH=$(/bin/date -u "+%Y-%m") + CURRENT_DAY=$(/bin/date -u "+%d") + ROOT_CACHE_KEY="buildtool-cache" + echo "buildtool-monthly-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}" >> $GITHUB_OUTPUT + echo "buildtool-monthly-branch-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}" >> $GITHUB_OUTPUT + echo "buildtool-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}-${CURRENT_DAY}" >> $GITHUB_OUTPUT + - name: Cache Maven/Gradle Dependency/Dist Caches + id: cache-maven + uses: actions/cache@v4 + # if it's not a pull request, we restore and save the cache + if: github.event_name != 'pull_request' + with: + path: | + ~/.m2/repository/ + ~/.m2/wrapper/ + ~/.gradle/caches/modules-2 + ~/.gradle/wrapper/ + # A new cache will be stored daily. After that first store of the day, cache save actions will fail because the cache is immutable but it's not a problem. + # The whole cache is dropped monthly to prevent unlimited growth. + # The cache is per branch but in case we don't find a branch for a given branch, we will get a cache from another branch. + key: ${{ steps.cache-key.outputs.buildtool-cache-key }} + restore-keys: | + ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}- + ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}- + - name: Restore Maven/Gradle Dependency/Dist Caches + uses: actions/cache/restore@v4 + # if it a pull request, we restore the cache but we don't save it + if: github.event_name == 'pull_request' + with: + path: | + ~/.m2/repository/ + ~/.m2/wrapper/ + ~/.gradle/caches/modules-2 + ~/.gradle/wrapper/ + key: ${{ steps.cache-key.outputs.buildtool-cache-key }} + restore-keys: | + ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}- + ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}- + + - name: Run build script + run: ./ci/build-github.sh + shell: bash + env: + RDBMS: ${{ matrix.rdbms }} + # For jobs running on 'push', publish build scan and cache immediately. + # This won't work for pull requests, since they don't have access to secrets. + POPULATE_REMOTE_GRADLE_CACHE: ${{ github.event_name == 'push' && github.repository == 'hibernate/hibernate-orm' && 'true' || 'false' }} + DEVELOCITY_ACCESS_KEY: "${{ secrets.DEVELOCITY_ACCESS_KEY }}" + + # For jobs running on 'pull_request', upload build scan data. + # The actual publishing must be done in a separate job (see ci-report.yml). + # We don't write to the remote cache as that would be unsafe. + - name: Upload GitHub Actions artifact for the Develocity build scan + uses: actions/upload-artifact@v4 + if: "${{ github.event_name == 'pull_request' && !cancelled() }}" + with: + name: build-scan-data-${{ matrix.rdbms }} + path: ~/.gradle/build-scan-data + + - name: Upload test reports (if Gradle failed) + uses: actions/upload-artifact@v4 + if: failure() + with: + name: test-reports-java11-${{ matrix.rdbms }} + path: | + ./**/target/reports/tests/ + - name: Omit produced artifacts from build cache + run: ./ci/before-cache.sh + + # Job for builds on Atlas (Oracle) infrastructure. + # This is untrusted, even for pushes, see below. + atlas: + permissions: + contents: read + name: GraalVM 21 - ${{matrix.rdbms}} + # runs-on: ubuntu-latest + runs-on: [self-hosted, Linux, X64, OCI] + strategy: + fail-fast: false + matrix: + include: + - rdbms: oracle_atps + - rdbms: oracle_db19c + - rdbms: oracle_db21c + - rdbms: oracle_db23c + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Reclaim disk space and sanitize user home + run: .github/ci-prerequisites-atlas.sh + - name: Start database + env: + RDBMS: ${{ matrix.rdbms }} + RUNID: ${{ github.run_number }} + run: ci/database-start.sh + - name: Set up Java 21 + uses: graalvm/setup-graalvm@v1 + with: + distribution: 'graalvm' + java-version: '21' + + - name: Generate cache key + id: cache-key + run: | + CURRENT_BRANCH="${{ github.repository != 'hibernate/hibernate-orm' && 'fork' || github.base_ref || github.ref_name }}" + CURRENT_MONTH=$(/bin/date -u "+%Y-%m") + CURRENT_DAY=$(/bin/date -u "+%d") + ROOT_CACHE_KEY="buildtool-cache-atlas" + echo "buildtool-monthly-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}" >> $GITHUB_OUTPUT + echo "buildtool-monthly-branch-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}" >> $GITHUB_OUTPUT + echo "buildtool-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}-${CURRENT_DAY}" >> $GITHUB_OUTPUT + - name: Cache Maven/Gradle Dependency/Dist Caches + id: cache-maven + uses: actions/cache@v4 + # if it's not a pull request, we restore and save the cache + if: github.event_name != 'pull_request' + with: + path: | + ~/.m2/repository/ + ~/.m2/wrapper/ + ~/.gradle/caches/modules-2 + ~/.gradle/wrapper/ + # A new cache will be stored daily. After that first store of the day, cache save actions will fail because the cache is immutable but it's not a problem. + # The whole cache is dropped monthly to prevent unlimited growth. + # The cache is per branch but in case we don't find a branch for a given branch, we will get a cache from another branch. + key: ${{ steps.cache-key.outputs.buildtool-cache-key }} + restore-keys: | + ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}- + ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}- + - name: Restore Maven/Gradle Dependency/Dist Caches + uses: actions/cache/restore@v4 + # if it a pull request, we restore the cache but we don't save it + if: github.event_name == 'pull_request' + with: + path: | + ~/.m2/repository/ + ~/.m2/wrapper/ + ~/.gradle/caches/modules-2 + ~/.gradle/wrapper/ + key: ${{ steps.cache-key.outputs.buildtool-cache-key }} + restore-keys: | + ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}- + ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}- + + - name: Run build script + env: + RDBMS: ${{ matrix.rdbms }} + RUNID: ${{ github.run_number }} + run: ./ci/build-github.sh + shell: bash + # Upload build scan data. + # The actual publishing must be done in a separate job (see ci-report.yml). + # We don't write to the remote cache as that would be unsafe. + # That's even on push, because we do not trust Atlas runners to hold secrets: they are shared infrastructure. + - name: Upload GitHub Actions artifact for the Develocity build scan + uses: actions/upload-artifact@v4 + if: "${{ !cancelled() }}" + with: + name: build-scan-data-${{ matrix.rdbms }} + path: ~/.gradle/build-scan-data + - name: Upload test reports (if Gradle failed) + uses: actions/upload-artifact@v4 + if: failure() + with: + name: test-reports-java11-${{ matrix.rdbms }} + path: | + ./**/target/reports/tests/ + ./**/target/reports/checkstyle/ + - name: Omit produced artifacts from build cache + run: ./ci/before-cache.sh \ No newline at end of file diff --git a/.github/workflows/contributor-build.yml b/.github/workflows/contributor-build.yml deleted file mode 100644 index 631f35cae3fd..000000000000 --- a/.github/workflows/contributor-build.yml +++ /dev/null @@ -1,126 +0,0 @@ -# The main CI of Hibernate ORM is https://ci.hibernate.org/job/hibernate-orm-pipeline/. -# However, Hibernate ORM builds run on GitHub actions regularly -# to check that it still works and can be used in GitHub forks. -# See https://docs.github.com/en/free-pro-team@latest/actions -# for more information about GitHub actions. - -name: Hibernate ORM build - -on: - push: - branches: - - '6.6' - # WARNING: Using pull_request_target to access secrets, but we check out the PR head commit. - # See checkout action for details. - pull_request_target: - branches: - - '6.6' - -permissions: {} # none - -# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting. -concurrency: - # Consider that two builds are in the same concurrency group (cannot run concurrently) - # if they use the same workflow and are about the same branch ("ref") or pull request. - group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" - # Cancel previous builds in the same concurrency group even if they are in process - # for pull requests or pushes to forks (not the upstream repository). - cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-orm' }} - -jobs: - build: - permissions: - contents: read - name: Java 11 - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - rdbms: h2 - - rdbms: hsqldb - - rdbms: derby - - rdbms: mysql - - rdbms: mariadb - - rdbms: postgresql - - rdbms: edb - - rdbms: oracle - - rdbms: db2 - - rdbms: mssql - - rdbms: sybase -# Running with CockroachDB requires at least 2-4 vCPUs, which we don't have on GH Actions runners -# - rdbms: cockroachdb -# Running with HANA requires at least 8GB memory just for the database, which we don't have on GH Actions runners -# - rdbms: hana - steps: - - name: Check out commit already pushed to branch - if: "! github.event.pull_request.number" - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Check out PR head - uses: actions/checkout@v4 - if: github.event.pull_request.number - with: - # WARNING: This is potentially dangerous since we're checking out unreviewed code, - # and since we're using the pull_request_target event we can use secrets. - # Thus, we must be extra careful to never expose secrets to steps that execute this code, - # and to strictly limit our of secrets to those that only pose minor security threats. - # This means in particular we won't expose Develocity credentials to the main gradle executions, - # but instead will execute gradle a second time just to push build scans to Develocity; - # see below. - ref: "refs/pull/${{ github.event.pull_request.number }}/head" - persist-credentials: false - - name: Reclaim Disk Space - run: .github/ci-prerequisites.sh - - name: Start database - env: - RDBMS: ${{ matrix.rdbms }} - run: ci/database-start.sh - - name: Set up Java 11 - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: '11' - - name: Get year/month for cache key - id: get-date - run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT - shell: bash - - name: Cache Maven local repository - uses: actions/cache@v4 - id: cache-maven - with: - path: | - ~/.m2/repository - ~/.gradle/caches/ - ~/.gradle/wrapper/ - # refresh cache every month to avoid unlimited growth - key: maven-localrepo-${{ steps.get-date.outputs.yearmonth }} - - name: Run build script - env: - RDBMS: ${{ matrix.rdbms }} - # Don't populate Develocity cache in pull requests as that's potentially dangerous - POPULATE_REMOTE_GRADLE_CACHE: "${{ github.event_name == 'push' }}" - # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code. - DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY || '' }}" - run: ./ci/build-github.sh - shell: bash - - name: Publish Develocity build scan for previous build (pull request) - # Don't fail a build if publishing fails - continue-on-error: true - if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-orm' }}" - run: | - ./gradlew buildScanPublishPrevious - env: - # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code. - DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }} - - name: Upload test reports (if Gradle failed) - uses: actions/upload-artifact@v4 - if: failure() - with: - name: test-reports-java11-${{ matrix.rdbms }} - path: | - ./**/target/reports/tests/ - ./**/target/reports/checkstyle/ - - name: Omit produced artifacts from build cache - run: ./ci/before-cache.sh diff --git a/ci/release/Jenkinsfile b/ci/release/Jenkinsfile index 0304265957d2..7cd548eff630 100644 --- a/ci/release/Jenkinsfile +++ b/ci/release/Jenkinsfile @@ -176,6 +176,7 @@ pipeline { // changes the version to the provided development version withEnv([ "BRANCH=${env.GIT_BRANCH}", + "DISABLE_REMOTE_GRADLE_CACHE=true", // Increase the amount of memory for this part since asciidoctor doc rendering consumes a lot of metaspace "GRADLE_OPTS=-Dorg.gradle.jvmargs='-Dlog4j2.disableJmx -Xmx4g -XX:MaxMetaspaceSize=768m -XX:+HeapDumpOnOutOfMemoryError -Duser.language=en -Duser.country=US -Duser.timezone=UTC -Dfile.encoding=UTF-8'" ]) { @@ -206,7 +207,11 @@ pipeline { sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) { // performs documentation upload and Sonatype release // push to github - sh ".release/scripts/publish.sh ${env.SCRIPT_OPTIONS} ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION} ${env.GIT_BRANCH}" + withEnv([ + "DISABLE_REMOTE_GRADLE_CACHE=true" + ]) { + sh ".release/scripts/publish.sh ${env.SCRIPT_OPTIONS} ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION} ${env.GIT_BRANCH}" + } } } } diff --git a/ci/snapshot-publish.Jenkinsfile b/ci/snapshot-publish.Jenkinsfile index 24cd67d92f1b..59a4823a8c9a 100644 --- a/ci/snapshot-publish.Jenkinsfile +++ b/ci/snapshot-publish.Jenkinsfile @@ -37,15 +37,20 @@ pipeline { string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_PASS'), file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_KEYRING') ]) { - sh '''./gradlew clean publish \ - -PhibernatePublishUsername=$hibernatePublishUsername \ - -PhibernatePublishPassword=$hibernatePublishPassword \ - -Pgradle.publish.key=$hibernatePluginPortalUsername \ - -Pgradle.publish.secret=$hibernatePluginPortalPassword \ - --no-scan \ - -DsigningPassword=$SIGNING_PASS \ - -DsigningKeyFile=$SIGNING_KEYRING \ - ''' + withEnv([ + "DISABLE_REMOTE_GRADLE_CACHE=true" + ]) { + sh '''./gradlew clean publish \ + -PhibernatePublishUsername=$hibernatePublishUsername \ + -PhibernatePublishPassword=$hibernatePublishPassword \ + -Pgradle.publish.key=$hibernatePluginPortalUsername \ + -Pgradle.publish.secret=$hibernatePluginPortalPassword \ + --no-scan \ + --no-build-cache \ + -DsigningPassword=$SIGNING_PASS \ + -DsigningKeyFile=$SIGNING_KEYRING \ + ''' + } } } } diff --git a/gradle/gradle-develocity.gradle b/gradle/gradle-develocity.gradle index 26422d767186..5e835cd6f263 100644 --- a/gradle/gradle-develocity.gradle +++ b/gradle/gradle-develocity.gradle @@ -12,6 +12,7 @@ ext { isCiEnvironment = isJenkins() || isGitHubActions() || isGenericCi() populateRemoteBuildCache = isEnabled( "POPULATE_REMOTE_GRADLE_CACHE" ) + useRemoteCache = !isEnabled( "DISABLE_REMOTE_GRADLE_CACHE" ) } private static boolean isJenkins() { diff --git a/settings.gradle b/settings.gradle index f4066f52006a..01b3fc0d32f6 100644 --- a/settings.gradle +++ b/settings.gradle @@ -300,7 +300,7 @@ buildCache { enabled = !settings.ext.isCiEnvironment } remote(develocity.buildCache) { - enabled = true + enabled = settings.ext.useRemoteCache // Check access key presence to avoid build cache errors on PR builds when access key is not present def accessKey = System.getenv("DEVELOCITY_ACCESS_KEY") push = settings.ext.populateRemoteBuildCache && accessKey