Skip to content

Commit

Permalink
use internal composite actions in CI
Browse files Browse the repository at this point in the history
  • Loading branch information
@RBusarow
RBusarow committed Mar 10, 2024
1 parent 9c5709b commit 376002a
Show file tree
Hide file tree
Showing 5 changed files with 216 additions and 144 deletions.
287 changes: 168 additions & 119 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,166 +5,206 @@ on:
merge_group:
workflow_dispatch:

env:
macosGradleArgs: "-Dorg.gradle.jvmargs=-Xmx10g -Dfile.encoding=UTF-8 -XX:+UseParallelGC"
ubuntuGradleArgs: "-Dorg.gradle.jvmargs=-Xmx5g -Dfile.encoding=UTF-8 -XX:+UseParallelGC"
windowsGradleArgs: "-Dorg.gradle.jvmargs=-Xmx4g -Dfile.encoding=UTF-8 -XX:+UseParallelGC"

concurrency:
group: ci-${{ github.ref }}-${{ github.head_ref }}
cancel-in-progress: true

jobs:
static-analysis:
cancel-previous-runs:
runs-on: ubuntu-latest
steps:
- name: check out with token (used by forks)
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
if: github.event.repository.fork == true
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: check out with PAT (used by main repo)
validate-wrapper:
runs-on: ubuntu-latest
steps:
- name: check out
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
if: github.event.repository.fork == false
with:
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
fetch-depth: 0

- name: Set up JDK
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4
with:
distribution: "zulu"
java-version: "11"
- uses: gradle/wrapper-validation-action@699bb18358f12c5b78b37bb0111d3a0e2276e0e2 # v2

binary-compatibility:
runs-on: ubuntu-latest
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

# If the versions matrix was just updated, commit and push those changes.
- name: commit dependency-guard baseline changes (used by main repo)
if: github.actor == 'renovate[bot]'
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
- name: Create GitHub App Token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1
id: app-token
with:
commit_message: update versions matrix in yaml
commit_options: "--no-verify --signoff"
app-id: ${{ secrets.PR_BOT_APP_ID }}
private-key: ${{ secrets.PR_BOT_PRIVATE_KEY }}

- name: dependency-guard check (used by everyone but Renovate)
if: github.actor != 'renovate[bot]'
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
- name: API check
uses: rickbusarow/actions/gradle-task-with-commit@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
arguments: dependencyGuard
cache-read-only: false --refresh-dependencies
personal-access-token: ${{ steps.app-token.outputs.token }}
fix-task: apiDump
check-task: apiCheck

- name: dependency-guard baseline (used by Renovate)
if: github.actor == 'renovate[bot]'
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
ktlint:
runs-on: macos-14
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Create GitHub App Token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1
id: app-token
with:
arguments: dependencyGuardBaseline
cache-read-only: false --refresh-dependencies
app-id: ${{ secrets.PR_BOT_APP_ID }}
private-key: ${{ secrets.PR_BOT_PRIVATE_KEY }}

# If dependency-guard generated changes, commit and push those changes.
- name: commit dependency-guard baseline changes (used by main repo)
if: github.actor == 'renovate[bot]'
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
- name: ktlint
uses: rickbusarow/actions/gradle-task-with-commit@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
commit_message: update dependency-guard baseline
commit_options: "--no-verify --signoff"
personal-access-token: ${{ steps.app-token.outputs.token }}
fix-task: ktlintFormat
check-task: ktlintCheck

- name: curator check
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
spotless:
runs-on: ubuntu-latest
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Create GitHub App Token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1
id: app-token
with:
arguments: curatorCheck
cache-read-only: false
app-id: ${{ secrets.PR_BOT_APP_ID }}
private-key: ${{ secrets.PR_BOT_PRIVATE_KEY }}

- name: detekt
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
- name: spotless
uses: rickbusarow/actions/gradle-task-with-commit@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
arguments: detektAll
cache-read-only: false
personal-access-token: ${{ steps.app-token.outputs.token }}
fix-task: spotlessApply
check-task: spotlessCheck

- name: KtLint format (used by main repo)
if: github.event.repository.fork == false
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
dependency-guard:
runs-on: ubuntu-latest
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Create GitHub App Token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1
id: app-token
with:
arguments: ktlintFormat
cache-read-only: false
app-id: ${{ secrets.PR_BOT_APP_ID }}
private-key: ${{ secrets.PR_BOT_PRIVATE_KEY }}

# If KtLint generated changes, commit and push those changes.
- name: commit KtLint changes (used by main repo)
if: github.event.repository.fork == false
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
- name: dependency-guard
uses: rickbusarow/actions/gradle-task-with-commit@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
commit_message: Apply KtLint format
commit_options: "--no-verify --signoff"
personal-access-token: ${{ steps.app-token.outputs.token }}
fix-task: dependencyGuardBaseline
check-task: dependencyGuard

- name: KtLint check (used by forks)
if: github.event.repository.fork == true
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
curator:
runs-on: ubuntu-latest
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Create GitHub App Token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1
id: app-token
with:
arguments: ktlintCheck
cache-read-only: false
app-id: ${{ secrets.PR_BOT_APP_ID }}
private-key: ${{ secrets.PR_BOT_PRIVATE_KEY }}

- name: Spotless apply (used by main repo)
if: github.event.repository.fork == false
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
- name: curator
uses: rickbusarow/actions/gradle-task-with-commit@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
arguments: spotlessApply
cache-read-only: false
personal-access-token: ${{ steps.app-token.outputs.token }}
fix-task: curatorDump
check-task: curatorCheck

# If Spotless generated changes, commit and push those changes.
- name: commit changes (used by main repo)
if: github.event.repository.fork == false
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
moduleCheck:
runs-on: ubuntu-latest
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Create GitHub App Token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1
id: app-token
with:
commit_message: Apply Spotless changes
commit_options: "--no-verify --signoff"
app-id: ${{ secrets.PR_BOT_APP_ID }}
private-key: ${{ secrets.PR_BOT_PRIVATE_KEY }}

- name: Spotless check (used by forks)
if: github.event.repository.fork == true
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
- name: moduleCheck
uses: rickbusarow/actions/gradle-task-with-commit@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
arguments: spotlessCheck
cache-read-only: false
personal-access-token: ${{ steps.app-token.outputs.token }}
fix-task: moduleCheckAuto
check-task: moduleCheck

- name: Doks update (used by main repo)
if: github.event.repository.fork == false
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
doks:
runs-on: ubuntu-latest
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Create GitHub App Token
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1
id: app-token
with:
arguments: doks
cache-read-only: false
app-id: ${{ secrets.PR_BOT_APP_ID }}
private-key: ${{ secrets.PR_BOT_PRIVATE_KEY }}

# If Doks generated changes, commit and push those changes.
- name: commit changes (used by main repo)
if: github.event.repository.fork == false
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
- name: doks
uses: rickbusarow/actions/gradle-task-with-commit@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
commit_message: Apply Doks updates
commit_options: "--no-verify --signoff"
personal-access-token: ${{ steps.app-token.outputs.token }}
fix-task: doks
check-task: doksCheck

- name: Doks check (used by forks)
if: github.event.repository.fork == true
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
check-version-is-snapshot:
runs-on: ubuntu-latest
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: check version is snapshot
uses: rickbusarow/actions/gradle-task@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
arguments: doksCheck
cache-read-only: false
task: checkVersionIsSnapshot

- name: ModuleCheck with auto-correct (used by main repo)
if: github.event.repository.fork == false
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
detekt:
runs-on: macos-14
needs:
- validate-wrapper
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: detektAll
uses: rickbusarow/actions/gradle-task@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
arguments: moduleCheckAuto
cache-read-only: false
task: detektAll
restore-cache-key: main-build-artifacts

# If KtLint generated changes, commit and push those changes.
- name: commit changes (used by main repo)
if: github.event.repository.fork == false
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
- name: merge detekt SARIF reports
if: success() || failure()
uses: rickbusarow/actions/gradle-task@bf0940965387f10bcb8b6699a79499d18167dfbe # v1
with:
commit_message: Apply ModuleCheck fixes
commit_options: "--no-verify --signoff"
task: detektReportMerge

- name: ModuleCheck check (used by forks)
if: github.event.repository.fork == true
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
- name: Upload SARIF to Github using the upload-sarif action
uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3
if: success() || failure()
with:
arguments: moduleCheck
cache-read-only: false
sarif_file: build/reports/detekt/merged.sarif

tests-macos:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -272,10 +312,19 @@ jobs:
if: always()
runs-on: ubuntu-latest
needs:
- binary-compatibility
- check-version-is-snapshot
- curator
- dependency-guard
- detekt
- doks
- integration-tests-macos
- static-analysis
- ktlint
- moduleCheck
- spotless
- tests-macos
- tests-windows
- validate-wrapper

steps:
- name: require that all other jobs have passed
Expand Down
17 changes: 17 additions & 0 deletions .github/workflows/delete-pr-branch-caches.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Delete Unused Caches

on:
pull_request:
types: [closed]

jobs:
# This deletes the caches created by the branch while it was in PR.
# Those caches are inaccessible to it once it's merged, so they can be deleted.
delete-orphaned-caches:
runs-on: ubuntu-latest
steps:
- uses: snnaplab/delete-branch-cache-action@v1
with:
# Specify explicitly because the ref at the time of merging
# will be a branch name such as 'main', 'develop'
ref: refs/pull/${{ github.event.number }}/merge
15 changes: 15 additions & 0 deletions .github/workflows/dependency-submission.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Dependency Submission

on: [push]

permissions:
contents: write

jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
Loading

0 comments on commit 376002a

Please sign in to comment.