From fd474ba0857a9f2a61013b6f44de56b6a57dd1e6 Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 10:47:06 +0200 Subject: [PATCH 1/8] Enable PMD analysis cache --- .github/workflows/check-build.yml | 8 ++++++++ chartjs-java-model/pom.xml | 1 + pom.xml | 1 + 3 files changed, 10 insertions(+) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index 73124dc..daea1db 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -122,6 +122,14 @@ jobs: java-version: ${{ matrix.java }} cache: 'maven' + - name: PMD Analysis Cache + uses: actions/cache@v4 + with: + path: '**/target/pmd/pmd.cache' + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - name: Run PMD run: ./mvnw -B test pmd:aggregate-pmd-no-fork pmd:check -P pmd -DskipTests -T2C diff --git a/chartjs-java-model/pom.xml b/chartjs-java-model/pom.xml index 9a454c3..0ce3f2e 100644 --- a/chartjs-java-model/pom.xml +++ b/chartjs-java-model/pom.xml @@ -355,6 +355,7 @@ maven-pmd-plugin 3.27.0 + true true true diff --git a/pom.xml b/pom.xml index bba5629..81ad245 100644 --- a/pom.xml +++ b/pom.xml @@ -72,6 +72,7 @@ maven-pmd-plugin 3.27.0 + true true true From 4e0154c0be4b992a6a58a87f27add4a4df20628d Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 10:49:15 +0200 Subject: [PATCH 2/8] Naming --- .github/workflows/check-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index daea1db..19a76d4 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -126,9 +126,9 @@ jobs: uses: actions/cache@v4 with: path: '**/target/pmd/pmd.cache' - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + key: ${{ runner.os }}-pmd-${{ hashFiles('**/pom.xml') }} restore-keys: | - ${{ runner.os }}-maven- + ${{ runner.os }}-pmd- - name: Run PMD run: ./mvnw -B test pmd:aggregate-pmd-no-fork pmd:check -P pmd -DskipTests -T2C From cad7e0c72b5a32088b4b1bac9a3a10171ed694e6 Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 10:52:45 +0200 Subject: [PATCH 3/8] Cache CheckStyle --- .github/workflows/check-build.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index 19a76d4..0072b47 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -99,6 +99,14 @@ jobs: java-version: ${{ matrix.java }} cache: 'maven' + - name: CheckStyle Cache + uses: actions/cache@v4 + with: + path: '**/target/checkstyle-cachefile' + key: ${{ runner.os }}-checkstyle-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-checkstyle- + - name: Run Checkstyle run: ./mvnw -B checkstyle:check -P checkstyle -T2C @@ -122,7 +130,7 @@ jobs: java-version: ${{ matrix.java }} cache: 'maven' - - name: PMD Analysis Cache + - name: PMD Cache uses: actions/cache@v4 with: path: '**/target/pmd/pmd.cache' From 3fe3ba83977b422906e4902b350a62c90fc0ae7a Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 11:07:41 +0200 Subject: [PATCH 4/8] Use dedicated maven caches for pmd and checkstyle to avoid cache pollution --- .github/workflows/check-build.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index 0072b47..189bb71 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -97,7 +97,14 @@ jobs: with: distribution: ${{ matrix.distribution }} java-version: ${{ matrix.java }} - cache: 'maven' + + - name: Cache Maven + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-mvn-checkstyle-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-mvn-checkstyle- - name: CheckStyle Cache uses: actions/cache@v4 @@ -128,7 +135,14 @@ jobs: with: distribution: ${{ matrix.distribution }} java-version: ${{ matrix.java }} - cache: 'maven' + + - name: Cache Maven + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-mvn-pmd-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-mvn-pmd- - name: PMD Cache uses: actions/cache@v4 From 578ab819b0992203157e87704dbded08f07ca81e Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 11:15:12 +0200 Subject: [PATCH 5/8] Improve caching --- .github/workflows/check-build.yml | 32 ++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index 189bb71..58ad174 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -26,12 +26,10 @@ jobs: build: runs-on: ubuntu-latest timeout-minutes: 30 - strategy: matrix: - java: [11, 17, 21] + java: [17, 21] distribution: [temurin] - steps: - uses: actions/checkout@v5 @@ -43,8 +41,7 @@ jobs: cache: 'maven' - name: Build with Maven - # Java 17 is required for tests - run: ./mvnw -B clean package ${{ matrix.java >=17 && '-P run-integration-tests' || '-Dmaven.test.skip=true' }} + run: ./mvnw -B clean package -P run-integration-tests - name: Check for uncommited changes run: | @@ -79,6 +76,31 @@ jobs: path: ${{ env.PRIMARY_MAVEN_MODULE }}/target/screenshots if-no-files-found: ignore + # Ensure compatibility with Java 11 + # See https://github.com/xdev-software/chartjs-java-model/issues/14 + build-legacy-java-11: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@v5 + + - name: Set up JDK + uses: actions/setup-java@v5 + with: + distribution: temurin + java-version: 11 + + - name: Cache Maven + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-mvn-java-11-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-mvn-java-11- + + - name: Build with Maven + run: ./mvnw -B clean package -Dmaven.test.skip=true + checkstyle: runs-on: ubuntu-latest if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }} From ffcc7b0cfbc2640fb1d8650a45071c9f57ea9f98 Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 11:37:21 +0200 Subject: [PATCH 6/8] Explicitly regain full control over caching --- .github/workflows/check-build.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml index 58ad174..41ba8ba 100644 --- a/.github/workflows/check-build.yml +++ b/.github/workflows/check-build.yml @@ -38,7 +38,14 @@ jobs: with: distribution: ${{ matrix.distribution }} java-version: ${{ matrix.java }} - cache: 'maven' + + - name: Cache Maven + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-mvn-build- - name: Build with Maven run: ./mvnw -B clean package -P run-integration-tests @@ -78,7 +85,7 @@ jobs: # Ensure compatibility with Java 11 # See https://github.com/xdev-software/chartjs-java-model/issues/14 - build-legacy-java-11: + build-java-11: runs-on: ubuntu-latest timeout-minutes: 30 steps: @@ -94,9 +101,9 @@ jobs: uses: actions/cache@v4 with: path: ~/.m2/repository - key: ${{ runner.os }}-mvn-java-11-${{ hashFiles('**/pom.xml') }} + key: ${{ runner.os }}-mvn-build-java-11-${{ hashFiles('**/pom.xml') }} restore-keys: | - ${{ runner.os }}-mvn-java-11- + ${{ runner.os }}-mvn-build-java-11- - name: Build with Maven run: ./mvnw -B clean package -Dmaven.test.skip=true From 4d1ffe9a717b8c8cb22358ba8ccdf346364ce25a Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 11:46:09 +0200 Subject: [PATCH 7/8] Try to utilize cache in releases where possible --- .github/workflows/release.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ea4ad2f..3c4d88d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,8 @@ permissions: contents: write pull-requests: write +# DO NOT RESTORE CACHE for critical release steps to prevent a (extremely unlikely) scenario +# where a supply chain attack could be achieved due to poisoned cache jobs: check-code: runs-on: ubuntu-latest @@ -23,7 +25,15 @@ jobs: with: java-version: '17' distribution: 'temurin' - cache: 'maven' + + # Try to reuse existing cache from check-build + - name: Try restore Maven Cache + uses: actions/cache/restore@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-mvn-build- - name: Build with Maven run: ./mvnw -B clean package -T2C @@ -168,6 +178,15 @@ jobs: distribution: 'temurin' cache: 'maven' + # Try to reuse existing cache from check-build + - name: Try restore Maven Cache + uses: actions/cache/restore@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-mvn-build- + - name: Build site run: ../mvnw -B compile site -DskipTests -T2C working-directory: ${{ env.PRIMARY_MAVEN_MODULE }} From eee20de0bb12b10aec6d2a2c66ca9c2335efb836 Mon Sep 17 00:00:00 2001 From: AB Date: Thu, 28 Aug 2025 12:02:00 +0200 Subject: [PATCH 8/8] Update release.yml --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3c4d88d..3d92007 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -176,7 +176,6 @@ jobs: with: java-version: '17' distribution: 'temurin' - cache: 'maven' # Try to reuse existing cache from check-build - name: Try restore Maven Cache