Skip to content

HSEARCH-3319 WIP: Type-safe field references v2 #1757

HSEARCH-3319 WIP: Type-safe field references v2

HSEARCH-3319 WIP: Type-safe field references v2 #1757

Workflow file for this run

# SPDX-License-Identifier: Apache-2.0
# Copyright Red Hat Inc. and Hibernate Authors
# The main CI of Hibernate Search is https://ci.hibernate.org/job/hibernate-search/.
# However, Hibernate Search builds run on GitHub actions regularly
# to build on Windows
# and check that both the Linux and Windows workflows still work
# and can be used in GitHub forks.
# See https://docs.github.com/en/actions
# for more information about GitHub actions.
name: GitHub Actions Build
on:
push:
branches:
# Pattern order matters: the last matching inclusion/exclusion wins
- '**'
- '!3.*'
- '!4.*'
- '!5.*'
- '!6.*'
- '!dependabot/**'
- '!wip/**/dependency-update/**'
tags:
- '**'
# WARNING: Using pull_request_target to access secrets, but we check out the merge commit.
# See checkout action for details.
pull_request_target:
types: [opened, synchronize, reopened, ready_for_review]
branches:
# Pattern order matters: the last matching inclusion/exclusion wins
- '**'
- '!3.*'
- '!4.*'
- '!5.*'
- '!6.*'
# Ignore dependabot PRs that are not just about build dependencies;
# we'll reject such dependant PRs and send a PR ourselves.
- '!dependabot/**'
- 'dependabot/maven/build-dependencies-**'
- 'dependabot/docker/**/build-containers-**'
- 'dependabot/docker/**/database-containers-**'
concurrency:
group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}"
cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-search' }}
defaults:
run:
shell: bash
env:
MAVEN_ARGS: "-e -B --settings .github/mvn-settings.xml --fail-at-end"
TESTCONTAINERS_REUSE_ENABLE: true
jobs:
build:
name: ${{matrix.os.name}}
runs-on: ${{ matrix.os.runs-on }}
strategy:
fail-fast: false
matrix:
os:
- {
name: "Linux JDK 21",
runs-on: 'ubuntu-latest',
java: {
version: 21
},
maven: {
# Since we only start an Elasticsearch container on Linux we add the profile to enable container reuse here:
args: '-Pci-build'
}
}
# We can't start Linux containers on GitHub Actions' Windows VMs,
# so we can't run Elasticsearch tests.
# See https://github.com/actions/runner-images/issues/1143#issuecomment-972929995
- {
name: "Windows JDK 21",
runs-on: 'windows-latest',
java: {
version: 21
},
maven: {
args: '-Dtest.elasticsearch.skip=true'
}
}
steps:
- name: Support longpaths on Windows
if: "startsWith(matrix.os.runs-on, 'windows')"
run: git config --global core.longpaths true
- name: Check out commit already pushed to branch
if: "! github.event.pull_request.number"
uses: actions/checkout@v4
- name: Check out PR head
uses: actions/checkout@v4
if: github.event.pull_request.number
with:
# WARNING: This is potentially dangerous since we're checking out unreviewed code,
# and since we're using the pull_request_target event we can use secrets.
# Thus, we must be extra careful to never expose secrets to steps that execute this code,
# and to strictly limit our of secrets to those that only pose minor security threads.
# This means in particular we won't expose Develocity credentials to the main maven executions,
# but instead will execute maven a third time just to push build scans to Develocity;
# see below.
ref: "refs/pull/${{ github.event.pull_request.number }}/head"
# Fetch the whole history to make sure that gitflow incremental builder
# can find the base commit.
fetch-depth: 0
- name: Set up Java ${{ matrix.os.java.version }}
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.os.java.version }}
distribution: temurin
# https://github.com/actions/cache/blob/main/examples.md#java---maven
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Set up Maven
run: ./mvnw -v
- name: Docker cleanup
run: ./ci/docker-cleanup.sh
- name: Build code and run unit tests and basic checks
run: |
./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean install \
-Pjqassistant -Pdist -Pci-build -DskipITs
env:
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY || '' }}"
- name: Publish Develocity build scan for previous build (pull request)
# Don't fail a build if publishing fails
continue-on-error: true
if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-search' }}"
run: |
./mvnw $MAVEN_ARGS develocity:build-scan-publish-previous
env:
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
- name: Run integration tests in the default environment
run: |
./mvnw $MAVEN_ARGS ${{ matrix.os.maven.args }} clean verify \
-Pskip-checks \
${{ github.event.pull_request.base.ref && format('-Dincremental -Dgib.referenceBranch=refs/remotes/origin/{0}', github.event.pull_request.base.ref) || '' }}
env:
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY || '' }}"
- name: Publish Develocity build scan for previous build (pull request)
# Don't fail a build if publishing fails
continue-on-error: true
if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-search' }}"
run: |
./mvnw $MAVEN_ARGS develocity:build-scan-publish-previous
env:
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
- name: Docker cleanup
run: ./ci/docker-cleanup.sh
- name: Omit produced artifacts from build cache
run: rm -r ~/.m2/repository/org/hibernate/search
# Workaround for https://github.com/actions/upload-artifact/issues/240
- name: List build reports to upload (if build failed)
if: ${{ failure() || cancelled() }}
# The weird syntax is because we're setting a multiline environment variable
# See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-of-a-multiline-string
run: |
{
echo 'buildReportPaths<<EOF'
find . -path '**/*-reports'
echo EOF
} >> "$GITHUB_ENV"
- name: Upload build reports (if build failed)
uses: actions/upload-artifact@v4
if: ${{ failure() || cancelled() }}
with:
name: ${{ format('build-reports-{0}', matrix.os.name ) }}
path: ${{ env.buildReportPaths }}
retention-days: 7