|
| 1 | +# SPDX-License-Identifier: Apache-2.0 |
| 2 | +# Copyright Red Hat Inc. and Hibernate Authors |
| 3 | + |
| 4 | +# The main CI of Hibernate Validator is https://ci.hibernate.org/job/hibernate-validator/. |
| 5 | +# However, Hibernate Validator builds run on GitHub actions regularly |
| 6 | +# to build on Windows |
| 7 | +# and check that both the Linux and Windows workflows still work |
| 8 | +# and can be used in GitHub forks. |
| 9 | +# See https://docs.github.com/en/actions |
| 10 | +# for more information about GitHub actions. |
| 11 | + |
| 12 | +name: GitHub Actions Build |
| 13 | + |
| 14 | +on: |
| 15 | + push: |
| 16 | + branches: |
| 17 | + # Pattern order matters: the last matching inclusion/exclusion wins |
| 18 | + - '**' |
| 19 | + - '!4.*' |
| 20 | + - '!5.*' |
| 21 | + - '!6.*' |
| 22 | + - '!7.*' |
| 23 | + - '!8.*' |
| 24 | + - '!dependabot/**' |
| 25 | + tags: |
| 26 | + - '**' |
| 27 | + # WARNING: Using pull_request_target to access secrets, but we check out the merge commit. |
| 28 | + # See checkout action for details. |
| 29 | + pull_request_target: |
| 30 | + types: [opened, synchronize, reopened, ready_for_review] |
| 31 | + branches: |
| 32 | + # Pattern order matters: the last matching inclusion/exclusion wins |
| 33 | + - '**' |
| 34 | + - '!4.*' |
| 35 | + - '!5.*' |
| 36 | + - '!6.*' |
| 37 | + - '!7.*' |
| 38 | + - '!8.*' |
| 39 | + # Ignore dependabot PRs that are not just about build dependencies; |
| 40 | + # we'll reject such dependant PRs and send a PR ourselves. |
| 41 | + - '!dependabot/**' |
| 42 | + - 'dependabot/maven/build-dependencies-**' |
| 43 | + |
| 44 | +concurrency: |
| 45 | + group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" |
| 46 | + cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-validator' }} |
| 47 | + |
| 48 | +defaults: |
| 49 | + run: |
| 50 | + shell: bash |
| 51 | + |
| 52 | +env: |
| 53 | + MAVEN_ARGS: "-e -B --settings .github/mvn-settings.xml --fail-at-end" |
| 54 | + TESTCONTAINERS_REUSE_ENABLE: true |
| 55 | + |
| 56 | +jobs: |
| 57 | + build: |
| 58 | + name: ${{matrix.os.name}} |
| 59 | + runs-on: ${{ matrix.os.runs-on }} |
| 60 | + strategy: |
| 61 | + fail-fast: false |
| 62 | + matrix: |
| 63 | + os: |
| 64 | + - { |
| 65 | + name: "Linux JDK 17", |
| 66 | + runs-on: 'ubuntu-latest', |
| 67 | + java: { |
| 68 | + version: 17 |
| 69 | + }, |
| 70 | + maven: { |
| 71 | + args: '-Pci-build --no-transfer-progress' |
| 72 | + } |
| 73 | + } |
| 74 | + - { |
| 75 | + name: "Windows JDK 17", |
| 76 | + runs-on: 'windows-latest', |
| 77 | + java: { |
| 78 | + version: 17 |
| 79 | + }, |
| 80 | + maven: { |
| 81 | + args: '-Pci-build --no-transfer-progress' |
| 82 | + } |
| 83 | + } |
| 84 | + steps: |
| 85 | + - name: Support longpaths on Windows |
| 86 | + if: "startsWith(matrix.os.runs-on, 'windows')" |
| 87 | + run: git config --global core.longpaths true |
| 88 | + - name: Check out commit already pushed to branch |
| 89 | + if: "! github.event.pull_request.number" |
| 90 | + uses: actions/checkout@v4 |
| 91 | + - name: Check out PR head |
| 92 | + uses: actions/checkout@v4 |
| 93 | + if: github.event.pull_request.number |
| 94 | + with: |
| 95 | + # WARNING: This is potentially dangerous since we're checking out unreviewed code, |
| 96 | + # and since we're using the pull_request_target event we can use secrets. |
| 97 | + # Thus, we must be extra careful to never expose secrets to steps that execute this code, |
| 98 | + # and to strictly limit our set of secrets to those that only pose minor security threats. |
| 99 | + # This means in particular we won't expose Develocity credentials to the main maven executions, |
| 100 | + # but instead will execute maven a third time just to push build scans to Develocity; (once we have scans enabled) |
| 101 | + ref: "refs/pull/${{ github.event.pull_request.number }}/head" |
| 102 | + - name: Set up Java ${{ matrix.os.java.version }} |
| 103 | + uses: actions/setup-java@v4 |
| 104 | + with: |
| 105 | + java-version: ${{ matrix.os.java.version }} |
| 106 | + distribution: temurin |
| 107 | + # https://github.com/actions/cache/blob/main/examples.md#java---maven |
| 108 | + - name: Cache local Maven repository |
| 109 | + uses: actions/cache@v4 |
| 110 | + with: |
| 111 | + path: ~/.m2/repository |
| 112 | + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} |
| 113 | + restore-keys: | |
| 114 | + ${{ runner.os }}-maven- |
| 115 | + - name: Set up Maven |
| 116 | + run: ./mvnw -v |
| 117 | + |
| 118 | + - name: Build code and run tests and basic checks |
| 119 | + run: | |
| 120 | + ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean install \ |
| 121 | + -Pjqassistant -Pdist -Prelocation |
| 122 | +
|
| 123 | + - name: Build code and run tests in container mode |
| 124 | + run: | |
| 125 | + ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean verify \ |
| 126 | + -Pjqassistant -Pskip-checks \ |
| 127 | + -am -pl :hibernate-validator-tck-runner \ |
| 128 | + -Dincontainer -Dincontainer-prepared |
| 129 | + # Workaround for https://github.com/actions/upload-artifact/issues/240 |
| 130 | + - name: List build reports to upload (if build failed) |
| 131 | + if: ${{ failure() || cancelled() }} |
| 132 | + # The weird syntax is because we're setting a multiline environment variable |
| 133 | + # See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-of-a-multiline-string |
| 134 | + run: | |
| 135 | + { |
| 136 | + echo 'buildReportPaths<<EOF' |
| 137 | + find . -path '**/*-reports' |
| 138 | + echo EOF |
| 139 | + } >> "$GITHUB_ENV" |
| 140 | + - name: Upload build reports (if build failed) |
| 141 | + uses: actions/upload-artifact@v4 |
| 142 | + if: ${{ failure() || cancelled() }} |
| 143 | + with: |
| 144 | + name: ${{ format('build-reports-{0}', matrix.os.name ) }} |
| 145 | + path: ${{ env.buildReportPaths }} |
| 146 | + retention-days: 7 |
0 commit comments