Skip to content

[Misc] Reduce runner permissions #179

[Misc] Reduce runner permissions

[Misc] Reduce runner permissions #179

Workflow file for this run

#
# Copyright (c) 2024 Alibaba Group Holding Limited. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation. Alibaba designates this
# particular file as subject to the "Classpath" exception as provided
# by Oracle in the LICENSE file that accompanied this code.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
name: 'Dragonwell GHA Sanity Checks'
on:
pull_request:
branches:
- master
push:
branches-ignore:
- pr/*
- dragonwell_extended-*
- dragonwell_standard-*
workflow_dispatch:
inputs:
platforms:
description: 'Platform(s) to execute on (comma separated, e.g. "linux-x64, macos, aarch64")'
required: true
default: 'linux-x64, linux-aarch64, linux-cross-compile, windows-x64'
configure-arguments:
description: 'Additional configure arguments'
required: false
make-arguments:
description: 'Additional make arguments'
required: false
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
###
### Determine platforms to include
###
prerequisites:
name: Prerequisites
uses: ./.github/workflows/check_pr.yml
with:
platforms: 'linux x64, linux aarch64, windows x64, riscv64'
###
### Build jobs
###
build-linux-x64:
name: linux-x64
needs: prerequisites
uses: ./.github/workflows/build-linux.yml
with:
platform: linux-x64
gcc-major-version: '10'
configure-arguments: ${{ github.event.inputs.configure-arguments }}
make-arguments: ${{ github.event.inputs.make-arguments }}
extra-conf-options: --with-default-make-target="product-bundles test-bundles" --with-jvm-features=shenandoahgc
make-target: CONF_NAME=linux-x64
runs-on: '"ubuntu-20.04"'
if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_linux_x64 != 'false'
build-linux-aarch64:
name: linux-aarch64
needs: prerequisites
uses: ./.github/workflows/build-linux.yml
with:
platform: linux-aarch64
gcc-major-version: '10'
configure-arguments: ${{ github.event.inputs.configure-arguments }}
make-arguments: ${{ github.event.inputs.make-arguments }}
extra-conf-options: --with-default-make-target="product-bundles test-bundles" --with-jvm-features=shenandoahgc
make-target: CONF_NAME=linux-aarch64
runs-on: '["self-hosted", "ARM64"]'
if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_linux_aarch64 != 'false'
build-windows-x64:
name: windows-x64
needs: prerequisites
uses: ./.github/workflows/build-windows.yml
with:
platform: windows-x64
msvc-toolset-version: '14.29'
msvc-toolset-architecture: 'x86.x64'
configure-arguments: ${{ github.event.inputs.configure-arguments }}
make-arguments: ${{ github.event.inputs.make-arguments }}
extra-conf-options: --with-default-make-target="product-bundles test-bundles" --with-jvm-features=shenandoahgc
make-target: CONF_NAME=windows-x64
if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_windows_x64 != 'false'
build-riscv64:
name: riscv64
needs: prerequisites
uses: ./.github/workflows/build-riscv.yml
with:
platform: riscv64
debug-levels: '[ "release" ]'
configure-arguments: ${{ github.event.inputs.configure-arguments }}
make-arguments: ${{ github.event.inputs.make-arguments }}
make-target: 'images'
extra-conf-options: --with-default-make-target="product-bundles test-bundles" --with-jvm-features=shenandoahgc
if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_riscv64 != 'false'
###
### Test jobs
###
test-linux-x64:
name: linux-x64
needs:
- build-linux-x64
uses: ./.github/workflows/test.yml
with:
platform: linux-x64
bootjdk-platform: linux-x64
runs-on: '"ubuntu-20.04"'
test-linux-aarch64:
name: linux-aarch64
needs:
- build-linux-aarch64
uses: ./.github/workflows/test.yml
with:
platform: linux-aarch64
bootjdk-platform: linux-aarch64
runs-on: '["self-hosted", "ARM64"]'
test-windows-x64:
name: windows-x64
needs:
- build-windows-x64
uses: ./.github/workflows/test.yml
with:
platform: windows-x64
bootjdk-platform: windows-x64
runs-on: '"windows-2019"'
# Remove bundles so they are not misconstrued as binary distributions from the JDK project
remove-bundles:
name: 'Remove bundle artifacts'
runs-on: ubuntu-22.04
# if: always()
needs:
- build-linux-x64
- build-linux-aarch64
- build-windows-x64
- build-riscv64
- test-linux-x64
- test-windows-x64
steps:
# Hack to get hold of the api environment variables that are only defined for actions
- name: 'Get API configuration'
id: api
uses: actions/github-script@v6
with:
script: 'return { url: process.env["ACTIONS_RUNTIME_URL"], token: process.env["ACTIONS_RUNTIME_TOKEN"] }'
- name: 'Remove bundle artifacts'
run: |
# Find and remove all bundle artifacts
ALL_ARTIFACT_URLS="$(curl -s \
-H 'Accept: application/json;api-version=6.0-preview' \
-H 'Authorization: Bearer ${{ fromJson(steps.api.outputs.result).token }}' \
'${{ fromJson(steps.api.outputs.result).url }}_apis/pipelines/workflows/${{ github.run_id }}/artifacts?api-version=6.0-preview')"
BUNDLE_ARTIFACT_URLS="$(echo "$ALL_ARTIFACT_URLS" | jq -r -c '.value | map(select(.name|startswith("bundles-"))) | .[].url')"
for url in $BUNDLE_ARTIFACT_URLS; do
echo "Removing $url"
curl -s \
-H 'Accept: application/json;api-version=6.0-preview' \
-H 'Authorization: Bearer ${{ fromJson(steps.api.outputs.result).token }}' \
-X DELETE "$url" \
|| echo "Failed to remove bundle"
done