From 763c58a5fd0ed006a52ae1bdd439efdca8e5dfbd Mon Sep 17 00:00:00 2001 From: Lee Rhodes Date: Sat, 28 Dec 2024 12:53:14 -0800 Subject: [PATCH] Fix workflows in main. --- .github/workflows/auto-jdk-matrix.yml | 100 ++++++++------- .github/workflows/auto-os-matrix.yml | 118 +++++++++--------- ...heck_cpp_files.yml => check_cpp_files.yml} | 7 +- .github/workflows/codeql-analysis.yml | 83 ++++++++++++ .../{manual-javadoc.yml => javadoc.yml} | 0 .github/workflows/manual-codeql-analysis.yml | 57 --------- 6 files changed, 202 insertions(+), 163 deletions(-) rename .github/workflows/{auto-check_cpp_files.yml => check_cpp_files.yml} (70%) create mode 100644 .github/workflows/codeql-analysis.yml rename .github/workflows/{manual-javadoc.yml => javadoc.yml} (100%) delete mode 100644 .github/workflows/manual-codeql-analysis.yml diff --git a/.github/workflows/auto-jdk-matrix.yml b/.github/workflows/auto-jdk-matrix.yml index f8220bbe2..9312589df 100644 --- a/.github/workflows/auto-jdk-matrix.yml +++ b/.github/workflows/auto-jdk-matrix.yml @@ -1,67 +1,71 @@ name: DataSketches-Java Auto JDK Matrix Test & Install on: - pull_request: - push: - branches: [ master, main ] - workflow_dispatch: + push: + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] + pull_request: + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + # The branches below must be a subset of the branches above + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] + workflow_dispatch: env: - MAVEN_OPTS: -Xmx4g -Xms1g + MAVEN_OPTS: -Xmx4g -Xms1g jobs: - build: - name: Build, Test, Install - runs-on: ubuntu-latest + build: + name: Build, Test, Install + runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - jdk: [ 17 ] + strategy: + fail-fast: false + matrix: + jdk: [ 17 ] - env: - JDK_VERSION: ${{ matrix.jdk }} + env: + JDK_VERSION: ${{ matrix.jdk }} - steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v4 - with: - persist-credentials: false + steps: + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" + uses: actions/checkout@v4 + with: + persist-credentials: false - - name: Print Current workflow - run: > - cat .github/workflows/auto-jdk-matrix.yml + - name: Print Current workflow + run: > + cat .github/workflows/auto-jdk-matrix.yml - - name: Cache local Maven repository - uses: actions/cache@v4 - with: - path: ~/.m2/repository - key: build-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: build-${{ runner.os }}-maven- + - name: Cache local Maven repository + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: build-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: build-${{ runner.os }}-maven- - - name: Install Matrix JDK - uses: actions/setup-java@v4 - with: - java-version: ${{ matrix.jdk }} - distribution: 'temurin' - java-package: jdk - architecture: x64 + - name: Install Matrix JDK + uses: actions/setup-java@v4 + with: + java-version: ${{ matrix.jdk }} + distribution: 'temurin' + java-package: jdk + architecture: x64 - - name: Echo Java Version - run: > - java -version + - name: Echo Java Version + run: > + java -version - - name: Test - run: > - mvn clean test -B - -Dmaven.javadoc.skip=true - -Dgpg.skip=true + - name: Test + run: > + mvn clean test -B + -Dmaven.javadoc.skip=true + -Dgpg.skip=true - - name: Install - run: > - mvn clean install -B - -DskipTests=true - -Dgpg.skip=true + - name: Install + run: > + mvn clean install -B + -DskipTests=true + -Dgpg.skip=true # Architecture options: x86, x64, armv7, aarch64, ppc64le # setup-java@v4 has a "with cache" option diff --git a/.github/workflows/auto-os-matrix.yml b/.github/workflows/auto-os-matrix.yml index d9f5bc4c5..9fb6f2812 100644 --- a/.github/workflows/auto-os-matrix.yml +++ b/.github/workflows/auto-os-matrix.yml @@ -1,77 +1,81 @@ name: DataSketches-Java Auto OS Matrix Test & Install on: - pull_request: - push: - branches: [ master, main ] - workflow_dispatch: + push: + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] + pull_request: + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + # The branches below must be a subset of the branches above + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] + workflow_dispatch: env: - MAVEN_OPTS: -Xmx1g -Xms1g + MAVEN_OPTS: -Xmx4g -Xms1g jobs: - build: - name: Build, Test, Install + build: + name: Build, Test, Install - strategy: - fail-fast: false + strategy: + fail-fast: false - matrix: - jdk: [ 17 ] - os: [ windows-latest, ubuntu-latest, macos-latest ] - include: - - os: windows-latest - skip_javadoc: "`-Dmaven`.javadoc`.skip=true" - skip_gpg: "`-Dgpg`.skip=true" - - os: ubuntu-latest - skip_javadoc: -Dmaven.javadoc.skip=true - skip_gpg: -Dgpg.skip=true - - os: macos-latest - skip_javadoc: -Dmaven.javadoc.skip=true - skip_gpg: -Dgpg.skip=true + matrix: + jdk: [ 17 ] + os: [ windows-latest, ubuntu-latest, macos-latest ] + include: + - os: windows-latest + skip_javadoc: "`-Dmaven`.javadoc`.skip=true" + skip_gpg: "`-Dgpg`.skip=true" + - os: ubuntu-latest + skip_javadoc: -Dmaven.javadoc.skip=true + skip_gpg: -Dgpg.skip=true + - os: macos-latest + skip_javadoc: -Dmaven.javadoc.skip=true + skip_gpg: -Dgpg.skip=true - runs-on: ${{matrix.os}} + runs-on: ${{matrix.os}} - env: - JDK_VERSION: ${{ matrix.jdk }} + env: + JDK_VERSION: ${{ matrix.jdk }} - steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v4 - with: - persist-credentials: false + steps: + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" + uses: actions/checkout@v4 + with: + persist-credentials: false - - name: Cache local Maven repository - uses: actions/cache@v4 - with: - path: ~/.m2/repository - key: build-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: build-${{ runner.os }}-maven- + - name: Cache local Maven repository + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: build-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: build-${{ runner.os }}-maven- - - name: Install Matrix JDK - uses: actions/setup-java@v4 - with: - java-version: ${{ matrix.jdk }} - distribution: 'temurin' - java-package: jdk - architecture: x64 + - name: Install Matrix JDK + uses: actions/setup-java@v4 + with: + java-version: ${{ matrix.jdk }} + distribution: 'temurin' + java-package: jdk + architecture: x64 - - name: Echo Java Version - run: > - java -version + - name: Echo Java Version + run: > + java -version - - name: Test - run: > - mvn clean test - ${{matrix.os.skip_javadoc}} - ${{matrix.os.skip_gpg}} + - name: Test + run: > + mvn clean test + ${{matrix.os.skip_javadoc}} + ${{matrix.os.skip_gpg}} - - name: Install - run: > - mvn clean install -B - ${{matrix.os.skip_javadoc}} - -D skipTests=true - ${{matrix.os.skip_gpg}} + - name: Install + run: > + mvn clean install -B + ${{matrix.os.skip_javadoc}} + -D skipTests=true + ${{matrix.os.skip_gpg}} # Architecture options: x86, x64, armv7, aarch64, ppc64le # setup-java@v4 has a "with cache" option diff --git a/.github/workflows/auto-check_cpp_files.yml b/.github/workflows/check_cpp_files.yml similarity index 70% rename from .github/workflows/auto-check_cpp_files.yml rename to .github/workflows/check_cpp_files.yml index 068b12f4d..4ca9e0aa4 100644 --- a/.github/workflows/auto-check_cpp_files.yml +++ b/.github/workflows/check_cpp_files.yml @@ -2,7 +2,12 @@ name: Serialization Compatibility Test on: push: - branches: [ master, main ] + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] + pull_request: + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + # The branches below must be a subset of the branches above + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] workflow_dispatch: jobs: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000..e6589b243 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,83 @@ +name: "CodeQL" + +on: + push: + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] + pull_request: + paths-ignore: [ '**/*.html', '**/*.md', '**/*.txt', '**/*.xml', '**/*.yaml', '**/*.yml', '**/.*', '**/LICENSE', '**/NOTICE' ] + # The branches below must be a subset of the branches above + branches: [ 'main', '[0-9]+.[0-9]+.[Xx]' ] + workflow_dispatch: + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'java' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + cache: 'maven' + java-version: '17' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # Details on CodeQL's query packs refer to link below. + + - name: Custom building using maven + run: > + mvn clean package -f "pom.xml" -B -V -e + -Dfindbugs.skip=true + -Dcheckstyle.skip=true + -Dpmd.skip=true + -Denforcer.skip + -Dmaven.javadoc.skip + -DskipTests=true + -Dmaven.test.skip.exec + -Dlicense.skip=true + -Dweb.console.skip=true + -Dgpg.skip=true + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + + +# CodeQL's Query Packs: +# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + +# Command-line programs to run using the OS shell. +# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + +# Architecture options: x86, x64, armv7, aarch64, ppc64le +# Lifecycles: validate, compile, test, package, verify, install, deploy +# -B batch mode, never stops for user input +# -V show Version without stopping +# -X debug mode +# -q quiet, only show errors +# -e produce execution error messages \ No newline at end of file diff --git a/.github/workflows/manual-javadoc.yml b/.github/workflows/javadoc.yml similarity index 100% rename from .github/workflows/manual-javadoc.yml rename to .github/workflows/javadoc.yml diff --git a/.github/workflows/manual-codeql-analysis.yml b/.github/workflows/manual-codeql-analysis.yml deleted file mode 100644 index 1b94d13a3..000000000 --- a/.github/workflows/manual-codeql-analysis.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: "CodeQL" - -on: - workflow_dispatch: - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'java' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - queries: +security-and-quality - - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v4 - - # Command-line programs to run using the OS shell. - # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 - with: - category: "/language:${{matrix.language}}"