From f68ccd81df79a65135ca991229bd4a0f0cdf8043 Mon Sep 17 00:00:00 2001 From: Evan Williams Date: Tue, 26 Oct 2021 11:52:50 -0700 Subject: [PATCH] Enable Java PR builds in GitHub Actions (#712) Disable Java 11 builds until we can get that resolved, also use a secure environment for the publish workflow. --- .github/scripts/build.sh | 82 +++++++++++++++++++++++++++++++++++ .github/workflows/build.yml | 18 ++++---- .github/workflows/publish.yml | 15 ++++--- 3 files changed, 99 insertions(+), 16 deletions(-) create mode 100755 .github/scripts/build.sh diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh new file mode 100755 index 0000000000..8fb08f5888 --- /dev/null +++ b/.github/scripts/build.sh @@ -0,0 +1,82 @@ +#!/usr/bin/env bash + +# Ensure that this is being run in CI by GitHub Actions +if [ "$CI" != "true" ] || [ "$GITHUB_ACTIONS" != "true" ]; then + echo "This script should only be run in CI by GitHub Actions." + exit 2 +fi + +# Ensure that the script is being run from the root project directory +PROPERTIES_FILE='gradle.properties' +if [ ! -f "$PROPERTIES_FILE" ]; then + echo "Could not find $PROPERTIES_FILE, are you sure this is being run from the root project directory?" + echo "PWD: ${PWD}" + exit 1 +fi + +# Determine the current version +VERSION=$(awk 'BEGIN { FS = "=" }; $1 == "version" { print $2 }' $PROPERTIES_FILE | awk '{ print $1 }') +if [ -z "$VERSION" ]; then + echo "Could not read the version from $PROPERTIES_FILE, please fix it and try again." + exit 1 +fi + +# Determine if the version is a release candidate version +RELEASE_CANDIDATE=false +if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$ ]]; then + RELEASE_CANDIDATE=true +fi + +# If the project version is being bumped in this PR, assert that the changelog contains an entry for it +if (! $RELEASE_CANDIDATE) && + (git diff ${TRAVIS_BRANCH}...HEAD -- gradle.properties | grep -F "+version=$VERSION" > /dev/null) && + ! ( (cat CHANGELOG.md | grep -F "## [$VERSION] -" > /dev/null) && + (cat CHANGELOG.md | grep -F "[$VERSION]: https" > /dev/null) ); then + echo "This change bumps the project version to $VERSION, but no changelog entry could be found for this version!" + echo 'Please update CHANGELOG.md using the changelog helper script.' + echo 'For more info, run: ./scripts/update-changelog --help' + exit 1 +fi + +# TODO: Is this needed on GitHub Actions? Travis aborts after 10 minutes of no output, not sure about GA +# while sleep 9m; do echo "[Ping] Keeping Travis job alive ($((SECONDS / 60)) minutes)"; done & +# WAITER_PID=$! + +# For PR builds, Skip module-specific tests if its module dependencies haven't been touched +if [ ! -z "$GITHUB_HEAD_REF" ] && [ ! -z "$GITHUB_BASE_REF" ]; then + CONDITIONAL_TESTING_MODULES='d2 r2-int-test restli-int-test' + echo "This is a PR build, so testing will be conditional for these subprojects: [${CONDITIONAL_TESTING_MODULES// /,}]" + # If any Gradle file was touched, run all tests just to be safe + if (git diff ${TRAVIS_BRANCH}...HEAD --name-only | grep '\.gradle' > /dev/null); then + echo "This PR touches a file matching *.gradle, so tests will be run for all subprojects." + else + # Have to prime the comma-separated list with a dummy value because list construction in bash is hard... + EXTRA_ARGS="${EXTRA_ARGS} -Ppegasus.skipTestsForSubprojects=primer" + # For all the following modules (which have lengthy tests), determine if they can be skipped + for MODULE in $CONDITIONAL_TESTING_MODULES; do + echo "Checking test dependencies for subproject $MODULE..." + MODULE_DEPENDENCIES="$(./scripts/get-module-dependencies $MODULE testRuntimeClasspath | tr '\n' ' ')" + # Create regex to capture lines in the diff's paths, e.g. 'a b c' -> '^\(a\|b\|c\)/' + PATH_MATCHING_REGEX="^\\($(echo $MODULE_DEPENDENCIES | sed -z 's/ \+/\\|/g;s/\\|$/\n/g')\\)/" + if [ ! -z "$PATH_MATCHING_REGEX" ] && ! (git diff ${TRAVIS_BRANCH}...HEAD --name-only | grep "$PATH_MATCHING_REGEX" > /dev/null); then + echo "Computed as... [${MODULE_DEPENDENCIES// /,}]" + echo "None of $MODULE's module dependencies have been touched, skipping tests for $MODULE." + EXTRA_ARGS="${EXTRA_ARGS},$MODULE" + else + echo "Some of $MODULE's module dependencies have been touched, tests for $MODULE will remain enabled." + fi + done + fi +fi + +# Run the actual build +./gradlew build $EXTRA_ARGS +EXIT_CODE=$? + +# Kill the waiter job +# TODO: Figure out if this can be removed as well for GitHub Actions +# kill $WAITER_PID + +if [ $EXIT_CODE != 0 ]; then + exit 1 +fi diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d265fefa6c..a5c216e99b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,19 +6,19 @@ on: branches: [master] jobs: build: - runs-on: '${{ matrix.os }}' + runs-on: ${{ matrix.os }} strategy: - fail-fast: true + fail-fast: false matrix: - os: ['ubuntu-latest'] - java: ['8', '11'] - name: 'Build with Java ${{ matrix.java }} on ${{ matrix.os }}' + os: [ubuntu-latest] + java: [8] # TODO: Add 11 once build issues are resolved + name: Java ${{ matrix.java }} on ${{ matrix.os }} steps: - uses: actions/checkout@v2 - uses: actions/setup-java@v2 with: - distribution: 'zulu' - java-version: '${{ matrix.java }}' - cache: 'gradle' - - run: './gradlew -version' + distribution: zulu + java-version: ${{ matrix.java }} + cache: gradle + - run: ./.github/scripts/build.sh diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0da5d1d1ca..0705871311 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,19 +7,20 @@ on: # On release-candidate tags (e.g. "v1.2.3-rc.1") - v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+ jobs: - build: - runs-on: 'ubuntu-latest' + publish: + environment: jfrog-publish + runs-on: ubuntu-latest strategy: fail-fast: false matrix: - java: ['8'] - name: 'Build and publish with Java ${{ matrix.java }}' + java: [8] + name: Java ${{ matrix.java }} steps: - uses: actions/checkout@v2 - uses: actions/setup-java@v2 with: - distribution: 'zulu' - java-version: '${{ matrix.java }}' + distribution: zulu + java-version: ${{ matrix.java }} # Do NOT use caching, since we want to ensure published artifacts are fresh - - run: './gradlew -version' + - run: ./gradlew -version # TODO: Use actual publishing script