TEST

marko-bekhta · marko-bekhta · commit 8ee700a12328 · 2025-08-22T16:03:15.000+02:00
Signed-off-by: marko-bekhta &lt;marko.prykladna@gmail.com&gt;
diff --git a/.github/workflows/ci-report.yml b/.github/workflows/ci-report.yml
@@ -17,69 +17,46 @@ env:
 
 permissions:
   contents: read
+  pull-requests: read
 
 jobs:
   publish-build-scans:
     name: Publish Develocity build scans
-    if: github.repository == 'hibernate/hibernate-validator' && github.event.workflow_run.conclusion != 'cancelled'
     runs-on: ubuntu-latest
     steps:
       # Different branches might have different versions of Develocity, and we want to make sure
       #  that we publish with the one that we built the scan with in the first place:
       - name: Determine the Branch Reference for which the original action was triggered
         id: determine_branch_ref
+        env:
+          GH_TOKEN: ${{ github.token }}
         run: |
-          if [ -n "${{ github.event.workflow_run.pull_requests[0].base.ref }}" ]; then
-            BRANCH_REF="${{ github.event.workflow_run.pull_requests[0].base.ref }}"
+          if [ "${{ github.event.workflow_run.event }}" == "pull_request" ]; then
+            echo "::notice::Triggering workflow was executed for a pull request"
+          
+            FORK_OWNER="${{ github.event.workflow_run.head_repository.owner.login }}"
+            BRANCH_NAME="${{ github.event.workflow_run.head_branch }}"
+            if [ "${{ github.event.workflow_run.head_repository.owner.login }}" != "${{ github.event.workflow_run.repository.owner.login }}" ]; then
+              BRANCH_NAME="$FORK_OWNER:$BRANCH_NAME"
+            fi
+            TARGET_BRANCH=$(gh pr view "$BRANCH_NAME"  --repo ${{ github.event.workflow_run.repository.full_name }} --json baseRefName -q .baseRefName)
+          
+            echo "::notice::PR found. Target branch is: $TARGET_BRANCH"
+            echo "original_branch_ref=$TARGET_BRANCH" >> "$GITHUB_OUTPUT"
           else
-            BRANCH_REF="${{ github.event.workflow_run.head_branch }}"
+            echo "::notice::PR not found. Defaulting to head_branch."
+            echo "original_branch_ref=${{ github.event.workflow_run.head_branch }}" >> "$GITHUB_OUTPUT"
           fi
-          echo "original_branch_ref=$BRANCH_REF" >> "$GITHUB_OUTPUT"
       # Checkout target branch which has trusted code
       - name: Check out target branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
         with:
           persist-credentials: false
+          # Different branches might have different versions of Develocity, and we want to make sure
+          #  that we publish with the one that we built the scan with in the first place:
           ref: ${{ steps.determine_branch_ref.outputs.original_branch_ref }}
       - name: Set up Java 21
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1
         with:
           java-version: 21
           distribution: temurin
-      # https://github.com/actions/cache/blob/main/examples.md#java---maven
-      - name: Cache local Maven repository
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3
-        with:
-          path: ~/.m2/repository
-          # use a different key than workflows running untrusted code
-          key: trusted-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            trusted-${{ runner.os }}-maven-
-      - name: Set up Maven
-        run: ./mvnw -v
-      - name: Download GitHub Actions artifacts for the Develocity build scans
-        id: downloadBuildScan
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0
-        with:
-          pattern: build-scan-data-*
-          github-token: ${{ github.token }}
-          repository: ${{ github.repository }}
-          run-id: ${{ github.event.workflow_run.id }}
-          path: /tmp/downloaded-build-scan-data/
-        # Don't fail the build if there are no matching artifacts
-        continue-on-error: true
-      - name: Publish Develocity build scans for previous builds
-        if: ${{ steps.downloadBuildScan.outcome != 'failure'}}
-        run: |
-          shopt -s nullglob # Don't run the loop below if there are no artifacts
-          status=0
-          mkdir -p ~/.m2/.develocity/
-          for build_scan_data_directory in /tmp/downloaded-build-scan-data/*
-          do
-            rm -rf ~/.m2/.develocity/build-scan-data
-            mv "$build_scan_data_directory" ~/.m2/.develocity/build-scan-data \
-            && ./mvnw $MAVEN_ARGS develocity:build-scan-publish-previous || status=1
-          done
-          exit $status
-        env:
-          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY_PR }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -95,50 +95,5 @@ jobs:
           java-version: ${{ matrix.os.java.version }}
           distribution: temurin
       # https://github.com/actions/cache/blob/main/examples.md#java---maven
-      - name: Cache local Maven repository
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3
-        with:
-          path: ~/.m2/repository
-          # use a different key than workflows running in trusted mode
-          key: ${{ github.event_name == 'push' && 'trusted' || 'untrusted' }}-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ github.event_name == 'push' && 'trusted' || 'untrusted' }}-${{ runner.os }}-maven-
       - name: Set up Maven
         run: ./mvnw -v
-
-      - name: Build code and run tests and basic checks (Standalone)
-        run: |
-          ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean install \
-          -Pjqassistant -Pdist
-        env:
-          DEVELOCITY_ACCESS_KEY: "${{ secrets.DEVELOCITY_ACCESS_KEY || '' }}"
-          DEVELOCITY_BASE_URL: "${{ env.DEVELOCITY_BASE_URL || 'https://develocity.commonhaus.dev' }}"
-      # For jobs running on 'pull_request', upload build scan data.
-      # The actual publishing must be done in a separate job (see ci-report.yml).
-      # We don't write to the remote cache as that would be unsafe.
-      - name: Upload GitHub Actions artifact for the Develocity build scan
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
-        if: "${{ github.event_name == 'pull_request' && !cancelled() }}"
-        with:
-          name: build-scan-data-standalone-${{ matrix.os.name }}
-          path: ~/.m2/.develocity/build-scan-data
-
-      - name: Run TCK tests in container mode
-        run: |
-          ./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean verify \
-          -Pjqassistant -Pskip-checks \
-          -am -pl :hibernate-validator-tck-runner \
-          -Dincontainer -Dincontainer-prepared
-        env:
-          DEVELOCITY_ACCESS_KEY: "${{ secrets.DEVELOCITY_ACCESS_KEY || '' }}"
-          DEVELOCITY_BASE_URL: "${{ env.DEVELOCITY_BASE_URL || 'https://develocity.commonhaus.dev' }}"
-
-      - name: Upload GitHub Actions artifact for the Develocity build scan
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
-        if: "${{ github.event_name == 'pull_request' && !cancelled() }}"
-        with:
-          name: build-scan-data-incontainer-${{ matrix.os.name }}
-          path: ~/.m2/.develocity/build-scan-data
-
-      - name: Omit produced artifacts from build cache
-        run: rm -r ~/.m2/repository/org/hibernate/validator
