fixup! artifacts and entrypoint jobs

Signed-off-by: Sam Gammon <[email protected]>
sgammon · Mar 8, 2024 · 41118c0 · 41118c0
1 parent f25085c
commit 41118c0
Show file tree

Hide file tree

Showing 4 changed files with 132 additions and 41 deletions.
diff --git a/.github/workflows/ci.yml → .github/workflows/ci.build.yml b/.github/workflows/ci.yml → .github/workflows/ci.build.yml
@@ -1,4 +1,4 @@
-name: CI
+name: Build
 
 on:
   workflow_call:
@@ -43,30 +43,19 @@ permissions:
   contents: read
 
 jobs:
-  test:
-    permissions:
-      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
-      contents: read  # for actions/checkout to fetch code
-    name: "JDK ${{ matrix.java }} ${{ matrix.mode }} (${{ matrix.os }})"
+  build:
     strategy:
+      fail-fast: false
       matrix:
-        os: [ ubuntu-latest ]
-        java: [ 8, 11, 17 ]
-        mode: [ 'JRE', 'Android' ]
-        include:
-          - os: windows-latest
-            java: 17
-            mode: JRE
-            root-pom: pom.xml
-          - os: windows-latest
-            java: 17
-            mode: Android
-            root-pom: pom.xml
-    runs-on: ${{ matrix.os }}
+        mode: ["JRE", "Android"]
+    name: "Build Guava (${{ matrix.mode }})"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read  # for actions/checkout to fetch code
     outputs:
       hashes: ${{ steps.hash.outputs.hashes }}
     env:
-      ROOT_POM: ${{ matrix.root-pom == 'Android' && 'android/pom.xml' || 'pom.xml' }}
+      ROOT_POM: ${{ matrix.mode == 'Android' && 'android/pom.xml' || 'pom.xml' }}
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
@@ -98,35 +87,25 @@ jobs:
       - name: 'Install'
         shell: bash
         run: ./mvnw -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn install -U -DskipTests=true -f $ROOT_POM
-      - name: 'Test'
-        shell: bash
-        run: ./mvnw -B -P!standard-with-extra-repos verify -U -Dmaven.javadoc.skip=true -f $ROOT_POM
-      - name: 'Print Surefire reports'
-        # Note: Normally a step won't run if the job has failed, but this causes it to
-        if: ${{ failure() }}
-        shell: bash
-        run: ./util/print_surefire_reports.sh
-      - name: 'Integration Test'
-        if: matrix.java == 11
-        shell: bash
-        run: util/gradle_integration_tests.sh
       - name: Generate hashes
         shell: bash
         id: hash
         run: |
-          echo "hashes=$(sha256sum guava*/target/*.jar | base64 -w0)" >> "$GITHUB_OUTPUT"
+          echo "hashes=$(sha256sum guava/target/*.jar guava-gwt/target/*.jar guava-testlib/target/*.jar | base64 -w0)" >> "$GITHUB_OUTPUT"
       - name: 'Upload artifacts'
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
-          name: guava-artifacts-${{ github.sha }}
+          name: guava-artifacts-${{ github.sha }}-${{ matrix.mode == 'Android' && 'android' || 'jre' }}
           path: |
-            guava*/target/*.jar
+            guava/target/*.jar
+            guava-gwt/target/*.jar
+            guava-testlib/target/*.jar
           if-no-files-found: warn
           retention-days: 7
 
   # Generate SLSA provenance
   provenance:
-    needs: [test]
+    needs: [build]
     if: inputs.provenance
     permissions:
       actions: read
@@ -137,9 +116,10 @@ jobs:
       base64-subjects: "${{ needs.test.outputs.hashes }}"
       upload-assets: ${{ inputs.provenance_publish }}
 
+  # Publish snapshot JAR
   publish_snapshot:
-    name: 'Publish snapshot'
-    needs: [test, provenance]
+    name: 'Publish Snapshot'
+    needs: [build, provenance]
     if: inputs.snapshot
     runs-on: ubuntu-latest
     steps:
@@ -171,7 +151,7 @@ jobs:
   generate_docs:
     permissions:
       contents: write
-    name: 'Generate latest docs'
+    name: 'Generate Docs'
     needs: test
     if: github.event_name == 'push' && github.repository == 'google/guava'
     runs-on: ubuntu-latest

diff --git a/.github/workflows/ci.test.yml b/.github/workflows/ci.test.yml
@@ -0,0 +1,111 @@
+name: Tests
+
+on:
+  workflow_call:
+    inputs:
+      provenance:
+        type: boolean
+        description: "Provenance"
+        default: false
+      provenance_publish:
+        type: boolean
+        description: "Publish: Provenance"
+        default: true
+      snapshot:
+        type: boolean
+        description: "Publish: Snapshot"
+        default: false
+      repository:
+        type: string
+        description: "Publish Repository"
+        default: "sonatype-nexus-snapshots"
+
+  workflow_dispatch:
+    inputs:
+      provenance:
+        type: boolean
+        description: "Provenance"
+        default: false
+      provenance_publish:
+        type: boolean
+        description: "Publish: Provenance"
+        default: false
+      snapshot:
+        type: boolean
+        description: "Publish: Snapshot"
+        default: true
+      repository:
+        type: string
+        description: "Publish Repository"
+        default: "sonatype-nexus-snapshots"
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+    name: "JDK ${{ matrix.java }} ${{ matrix.mode }} (${{ matrix.os }})"
+    strategy:
+      matrix:
+        os: [ ubuntu-latest ]
+        java: [ 8, 11, 17 ]
+        mode: [ 'JRE', 'Android' ]
+        include:
+          - os: windows-latest
+            java: 17
+            mode: JRE
+            root-pom: pom.xml
+          - os: windows-latest
+            java: 17
+            mode: Android
+            root-pom: pom.xml
+    runs-on: ${{ matrix.os }}
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
+    env:
+      ROOT_POM: ${{ matrix.root-pom == 'Android' && 'android/pom.xml' || 'pom.xml' }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.azul.com:443
+            api.github.com:443
+            cdn.azul.com:443
+            dl.google.com:443
+            docs.oracle.com:443
+            errorprone.info:443
+            github.com:443
+            objects.githubusercontent.com:443
+            oss.sonatype.org:443
+            repo.maven.apache.org:443
+            services.gradle.org:443
+      - name: 'Check out repository'
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+      - name: 'Set up JDK ${{ matrix.java }}'
+        uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
+        with:
+          java-version: ${{ matrix.java }}
+          distribution: 'zulu'
+          cache: 'maven'
+      - name: 'Install'
+        shell: bash
+        run: ./mvnw -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn install -U -DskipTests=true -f $ROOT_POM
+      - name: 'Test'
+        shell: bash
+        run: ./mvnw -B -P!standard-with-extra-repos verify -U -Dmaven.javadoc.skip=true -f $ROOT_POM
+      - name: 'Print Surefire reports'
+        # Note: Normally a step won't run if the job has failed, but this causes it to
+        if: ${{ failure() }}
+        shell: bash
+        run: ./util/print_surefire_reports.sh
+      - name: 'Integration Test'
+        if: matrix.java == 11
+        shell: bash
+        run: util/gradle_integration_tests.sh
diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml
@@ -12,7 +12,7 @@ jobs:
   ## Run main CI build and tests.
   run-ci:
     name: "Build & Test"
-    uses: ./.github/workflows/ci.yml
+    uses: ./.github/workflows/ci.test.yml
     permissions:
       actions: write
       contents: write

diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml
@@ -11,7 +11,7 @@ permissions:
 jobs:
   ## Run main CI build and tests.
   run-ci:
-    name: "Build & Test"
+    name: "Build"
     uses: ./.github/workflows/ci.yml
     permissions:
       actions: write