Deploy to os infra prod

.github/dependabot.yml

@@ -4,3 +4,21 @@ updates:
     directory: "/"
     schedule:
       interval: weekly
+    groups:
+      maven-plugins:
+        patterns:
+          - "*maven*plugin*"
+          - "org.apache.maven*:*"
+        exclude-patterns:
+          - "io.quarkus*"
+      quarkus:
+        patterns:
+          - "io.quarkus:*"
+          - "io.quarkus.*:*"
+          - "io.quarkiverse:*"
+          - "io.quarkiverse.*:*"
+    ignore:
+      # Releases too often, it's annoying
+      - dependency-name: "org.assertj:*"
+        update-types: ["version-update:semver-patch"]
+

.github/workflows/build.yml

@@ -0,0 +1,29 @@
+name: Build pull request
+
+on:
+  pull_request:
+    paths-ignore:
+      - '.gitignore'
+      - 'CODEOWNERS'
+      - 'LICENSE'
+      - '*.md'
+      - '*.adoc'
+      - '*.txt'
+      - '.all-contributorsrc'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+
+      - name: Build
+        run: ./mvnw -B clean verify

.github/workflows/deploy.yml

@@ -0,0 +1,91 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - "main"
+    paths-ignore:
+      - '.gitignore'
+      - 'CODEOWNERS'
+      - 'LICENSE'
+      - '*.md'
+      - '*.adoc'
+      - '*.txt'
+      - '.all-contributorsrc'
+
+concurrency:
+  group: deployment
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+
+    if: github.repository == 'hibernate/hibernate-github-bot'
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+
+      - name: Build
+        run: ./mvnw -B clean verify
+
+      - name: Set up Helm
+        uses: azure/[email protected]
+        with:
+          version: 'v3.13.3'
+
+      - name: Log in to OpenShift
+        uses: redhat-actions/oc-login@v1
+        with:
+          openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_INFRA_PROD }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN_INFRA_PROD }}
+          namespace: ${{ secrets.OPENSHIFT_NAMESPACE_INFRA_PROD }}
+
+      - name: Create ImageStream
+        run: |
+          oc create imagestream hibernate-github-bot || true
+          # https://docs.openshift.com/container-platform/4.14/openshift_images/using-imagestreams-with-kube-resources.html
+          oc set image-lookup hibernate-github-bot
+
+      - name: Retrieve OpenShift Container Registry URL
+        id: oc-registry
+        run: |
+          echo -n "OC_REGISTRY_URL=" >> "$GITHUB_OUTPUT"
+          oc get imagestream -o json | jq -r '.items[0].status.publicDockerImageRepository' | awk -F"[/]" '{print $1}' >> "$GITHUB_OUTPUT"
+
+      - name: Log in to OpenShift Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ steps.oc-registry.outputs.OC_REGISTRY_URL }}
+          username: ignored
+          password: ${{ secrets.OPENSHIFT_TOKEN_INFRA_PROD }}
+        # Helm in particular needs semantic versions
+        # See https://github.com/helm/helm/issues/9342#issuecomment-775269042
+        # See the parts about pre-release versions in https://semver.org/#semantic-versioning-specification-semver
+        # Ideally we should use a "+" before the SHA, but that won't work with Quarkus
+        # See https://github.com/quarkusio/quarkus/blob/da1a782e04b01b2e165d65474163050d497340c1/extensions/container-image/spi/src/main/java/io/quarkus/container/spi/ImageReference.java#L60
+      - name: Generate app version
+        id: app-version
+        run: |
+          echo "VALUE=1.0.0-$(date -u '+%Y%m%d%H%M%S')-${{ github.sha }}" >> $GITHUB_OUTPUT
+
+      - name: Build and push app container image
+        run: |
+          ./mvnw clean package -DskipTests \
+            -Drevision="${{ steps.app-version.outputs.value }}" \
+            -Dquarkus.container-image.build=true \
+            -Dquarkus.container-image.push=true \
+            -Dquarkus.container-image.registry="$(oc get imagestream -o json | jq -r '.items[0].status.publicDockerImageRepository' | awk -F"[/]" '{print $1}')" \
+            -Dquarkus.container-image.group="$(oc project --short)" \
+            -Dquarkus.container-image.additional-tags=latest  
+
+      - name: Deploy Helm charts
+        run: |
+          helm upgrade --install hibernate-github-bot ./target/helm/openshift/hibernate-github-bot

.mvn/wrapper/maven-wrapper.properties

@@ -14,5 +14,5 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
 wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar

README.md

@@ -11,6 +11,8 @@ Specifically, most of the GitHub-related features in this bot are powered by
 
 ## Features
 
+### Pull request checking
+
 This bot checks various contribution rules on pull requests submitted to Hibernate projects on GitHub,
 and notifies the pull request authors of any change they need to work on.
 
@@ -21,9 +23,16 @@ This includes:
 * Proper formatting of commits: every commit message must start with the key of a JIRA ticket.
 * Etc.
 
-The bot can also be configured to automatically add links to JIRA issues in PR descriptions. When this is enabled
+### Jira link insertion
+
+Optionally, the bot can be configured to automatically add links to JIRA issues in PR descriptions. When this is enabled
 links to JIRA tickets will be appended at the bottom of the PR body.
 
+### Develocity build scan extraction
+
+Optionally, the bot can be configured to automatically create a GitHub check listing Develocity build scans
+for every commit that has completed checks related to CI (GitHub Actions or Jenkins).
+
 ## Configuration
 
 ### Enabling the bot in a new repository
@@ -33,15 +42,16 @@ You will need admin rights in the Hibernate organization.
 Go to [the installed application settings](https://github.com/organizations/hibernate/settings/installations/15390286)
 and add your repository under "Repository access".
 
-If you wish to enable the JIRA-related features as well,
+If you wish to enable the JIRA-related or Develocity-related features as well,
 create the file `.github/hibernate-github-bot.yml` in default branch of your repository,
 with the following content:
 
 ```yaml
 ---
 jira:
   projectKey: "HSEARCH" # Change to whatever your project key is
-  insertLinksInPullRequests: true # This is optional and enables automatically adding issue links to PR descriptions
+  insertLinksInPullRequests: true # This is optional and enables automatically adding links to Jira issues found in a PR's commits to its description
+  linkIssuesLimit: 3 # This is optional and allows disabling automatic issue links when more than the specified number of keys are found in a PR's commits (defaults to 3)
   # To skip JIRA-related checks (pull request title/body includes JIRA issue keys/links etc.),
   # a list of ignore rules can be configured:
   ignore:
@@ -61,6 +71,35 @@ jira:
      # Ignore all paths matching a given pattern
      - "*/Jenkinsfile"
      - "*.Jenkinsfile"
+develocity:
+  buildScan:
+    # To have the bot create a GitHub check listing Develocity build scans
+    # for every commit that has completed checks related to CI (GitHub Actions or Jenkins)
+    addCheck: true
+    # To group tags in a separate column and/or alter/remove some tags,
+    # a list of column rules can be configured:
+    tags:
+       - column: "OS"
+         pattern: "Linux"
+       - column: "OS" # Multiple rules can target the same column
+         pattern: "Windows.*"
+         replacement: "Windows"
+       - column: "Java"
+         pattern: "jdk-(.*)"
+         replacement: "$1"
+       - column: "Backend"
+         pattern: "elasticsearch-(.*)"
+         replacement: "es-$1" # Replacement can refer to capture groups
+       - column: "Backend"
+         pattern: "(.*-)?opensearch-(.*)"
+         replacement: "$1os-$2"
+       - column: "Backend"
+         pattern: "lucene"
+       - column: "DB"
+         pattern: "h2|postgres|postgres(ql)?|mysql|mssql|derby|tidb|cockroach(db)?|oracle.*|db2"
+         replacement: "$0"
+       - pattern: "hibernate.search|elasticsearch|opensearch|main|\\d+.\\d+|PR-\\d+"
+         replacement: "" # Just remove these tags
 ```
 
 ### Altering the infrastructure

pom.xml

@@ -28,20 +28,23 @@
 
   <properties>
     <revision>999-SNAPSHOT</revision>
-    <compiler-plugin.version>3.11.0</compiler-plugin.version>
+    <maven.min.version>3.9.6</maven.min.version>
+    <maven-wrapper-plugin.version>3.3.2</maven-wrapper-plugin.version>
+    <compiler-plugin.version>3.13.0</compiler-plugin.version>
     <maven.compiler.parameters>true</maven.compiler.parameters>
-    <maven.compiler.source>17</maven.compiler.source>
-    <maven.compiler.target>17</maven.compiler.target>
+    <maven.compiler.source>21</maven.compiler.source>
+    <maven.compiler.target>21</maven.compiler.target>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-    <quarkus-github-app.version>2.1.1</quarkus-github-app.version>
+    <quarkus-github-app.version>2.7.0</quarkus-github-app.version>
+    <quarkus-openapi-generator.version>2.4.7</quarkus-openapi-generator.version>
     <!-- Using a single property for both plugin and platform, so that GitHub's Dependabot doesn't get confused -->
-    <quarkus.version>3.6.3</quarkus.version>
+    <quarkus.version>3.16.0</quarkus.version>
     <quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
     <quarkus.platform.group-id>io.quarkus</quarkus.platform.group-id>
     <glob.version>0.9.0</glob.version>
-    <surefire-plugin.version>3.2.3</surefire-plugin.version>
-    <assertj.version>3.24.2</assertj.version>
+    <surefire-plugin.version>3.5.1</surefire-plugin.version>
+    <assertj.version>3.26.0</assertj.version>
   </properties>
   <dependencyManagement>
     <dependencies>
@@ -87,10 +90,23 @@
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-smallrye-health</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-qute</artifactId>
+    </dependency>
     <dependency>
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-cache</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.quarkiverse.openapi.generator</groupId>
+      <artifactId>quarkus-openapi-generator</artifactId>
+      <version>${quarkus-openapi-generator.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-rest-client-jackson</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.hrakaroo</groupId>
       <artifactId>glob</artifactId>
@@ -110,13 +126,19 @@
   </dependencies>
   <build>
     <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-wrapper-plugin</artifactId>
+        <version>${maven-wrapper-plugin.version}</version>
+        <configuration>
+          <mavenVersion>${maven.min.version}</mavenVersion>
+        </configuration>
+      </plugin>
       <plugin>
         <groupId>io.quarkus</groupId>
         <artifactId>quarkus-maven-plugin</artifactId>
         <version>${quarkus.version}</version>
         <extensions>true</extensions>
-        <configuration>
-        </configuration>
         <executions>
           <execution>
             <goals>