From 2d37aa4d41a1198d8b8eebd1b59eb825b171f6d6 Mon Sep 17 00:00:00 2001 From: Guillaume Smet Date: Fri, 13 Oct 2023 16:59:04 +0200 Subject: [PATCH 1/2] Enable publication of build scans for PRs coming from forks --- .github/workflows/ci-actions-incremental.yml | 58 ++++++++++++++++++- .../develocity-publish-build-scans.yml | 24 ++++++++ .github/workflows/develocity-verify-tos.yml | 33 +++++++++++ 3 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/develocity-publish-build-scans.yml create mode 100644 .github/workflows/develocity-verify-tos.yml diff --git a/.github/workflows/ci-actions-incremental.yml b/.github/workflows/ci-actions-incremental.yml index 85ae65268d611..47fa67d932ce2 100644 --- a/.github/workflows/ci-actions-incremental.yml +++ b/.github/workflows/ci-actions-incremental.yml @@ -199,6 +199,11 @@ jobs: target/gradle-build-scan-url.txt LICENSE.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Initial JDK 11 Build" calculate-test-jobs: name: Calculate Test Jobs @@ -388,6 +393,11 @@ jobs: path: | **/build.log retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "JVM Tests - JDK ${{matrix.java.name}}" maven-tests: name: Maven Tests - JDK ${{matrix.java.name}} @@ -445,7 +455,6 @@ jobs: distribution: temurin java-version: ${{ matrix.java.java-version }} - name: Build - # Important: keep -pl ... in sync with "Calculate run flags"! # Despite the pre-calculated run_jvm flag, GIB has to be re-run here to figure out the exact submodules to build. run: ./mvnw $COMMON_MAVEN_ARGS $JVM_TEST_MAVEN_ARGS clean install -pl 'integration-tests/maven' -pl 'integration-tests/devmode' ${{ needs.build-jdk11.outputs.gib_args }} @@ -477,6 +486,11 @@ jobs: target/gradle-build-scan-url.txt LICENSE.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Maven Tests - JDK ${{matrix.java.name}}" gradle-tests: name: Gradle Tests - JDK ${{matrix.java.name}} @@ -549,6 +563,11 @@ jobs: target/gradle-build-scan-url.txt LICENSE.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Gradle Tests - JDK ${{matrix.java.name}}" devtools-tests: name: Devtools Tests - JDK ${{matrix.java.name}} @@ -627,6 +646,11 @@ jobs: target/gradle-build-scan-url.txt LICENSE.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Devtools Tests - JDK ${{matrix.java.name}}" kubernetes-tests: name: Kubernetes Tests - JDK ${{matrix.java.name}} @@ -655,6 +679,10 @@ jobs: os-name: "windows-latest" } steps: + - name: Gradle Enterprise environment + run: | + echo "GE_TAGS=jdk-${{matrix.java.name}}" >> "$GITHUB_ENV" + echo "GE_CUSTOM_VALUES=gh-job-name=Kubernetes Tests - JDK ${{matrix.java.name}}" >> "$GITHUB_ENV" - name: Support longpaths on Windows if: "startsWith(matrix.java.os-name, 'windows')" run: git config --global core.longpaths true @@ -700,6 +728,11 @@ jobs: target/build-report.json LICENSE.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Kubernetes Tests - JDK ${{matrix.java.name}}" quickstarts-tests: name: Quickstarts Compilation - JDK ${{matrix.java.name}} @@ -756,6 +789,12 @@ jobs: quarkus-quickstarts/target/build-report.json quarkus-quickstarts/LICENSE retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Quickstarts Compilation - JDK ${{matrix.java.name}}" + virtual-thread-native-tests: name: Native Tests - Virtual Thread - ${{matrix.category}} runs-on: ${{matrix.os-name}} @@ -812,6 +851,12 @@ jobs: integration-tests/virtual-threads/target/build-report.json integration-tests/virtual-threads/target/gradle-build-scan-url.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Native Tests - Virtual Thread - ${{matrix.category}}" + tcks-test: name: MicroProfile TCKs Tests needs: [build-jdk11, calculate-test-jobs] @@ -819,7 +864,6 @@ jobs: if: "needs.calculate-test-jobs.outputs.run_tcks == 'true' && (github.repository == 'quarkusio/quarkus' || !endsWith(github.ref, '/main'))" runs-on: ubuntu-latest timeout-minutes: 150 - steps: - name: Gradle Enterprise environment run: | @@ -879,6 +923,11 @@ jobs: target/gradle-build-scan-url.txt LICENSE.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "MicroProfile TCKs Tests" native-tests: name: Native Tests - ${{matrix.category}} @@ -971,6 +1020,11 @@ jobs: target/gradle-build-scan-url.txt LICENSE.txt retention-days: 2 + - name: Save Build Scan + if: always() + uses: gradle/github-actions/maven-build-scan/save@v1-beta + with: + job-name: "Native Tests - ${{matrix.category}}" build-report: runs-on: ubuntu-latest diff --git a/.github/workflows/develocity-publish-build-scans.yml b/.github/workflows/develocity-publish-build-scans.yml new file mode 100644 index 0000000000000..4c3b1e03d231f --- /dev/null +++ b/.github/workflows/develocity-publish-build-scans.yml @@ -0,0 +1,24 @@ +name: Develocity - Publish Maven Build Scans + +on: + workflow_run: + workflows: [ "Quarkus CI" ] + types: [ completed ] + +jobs: + publish-build-scans: + if: github.repository == 'quarkusio/quarkus' + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - name: Verify Terms of Service acceptance job passed + uses: gradle/github-actions/terms-of-service-acceptance/verify@v1-beta + with: + terms-of-service-acceptance-workflow-job-name: 'run-terms-of-service-acceptance' + - name: Publish Maven Build Scans + uses: gradle/github-actions/maven-build-scan/publish@v1-beta + with: + develocity-url: 'https://ge.quarkus.io' + develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + skip-comment: true \ No newline at end of file diff --git a/.github/workflows/develocity-verify-tos.yml b/.github/workflows/develocity-verify-tos.yml new file mode 100644 index 0000000000000..7533088f1db21 --- /dev/null +++ b/.github/workflows/develocity-verify-tos.yml @@ -0,0 +1,33 @@ +name: Develocity - Terms of Service acceptance verification + +on: + # issue_comment event is triggered when a pull-request is commented + issue_comment: + types: [ created ] + pull_request_target: + +jobs: + run-terms-of-service-acceptance: + if: github.repository == 'quarkusio/quarkus' + runs-on: ubuntu-latest + permissions: + # required to update signature file + contents: write + # required to comment pull-request + pull-requests: write + # required to update pull-request status check + actions: write + statuses: write + steps: + - name: Run Terms of Service acceptance verification + uses: gradle/github-actions/terms-of-service-acceptance/run@v1-beta + with: + # tos-location can also point to a file in a Github repository with this syntax: ///blob//tos.html + tos-location: 'https://foo.bar/tos.html' + # Optional inputs + pr-comment-tos-acceptance-missing: 'Quarkus uses Develocity to provide insights about CI builds. Please accept [Develocity Terms Of Service]({0}) to get your pull request Build Scan published by commenting this pull-request with the following message:' + #pr-comment-tos-acceptance-request: 'I have read Develocity Terms Of Service and I hereby accept the Terms' + pr-comment-tos-acceptance-validation: 'All contributors have accepted Develocity Terms Of Service.' + # let's whitelist the most active contributors from Red Hat + white-list: 'gsmet,geoand,stuartwdouglas,gastaldi,mkouba,cescoffier,sberyozkin,Sanne,aloubyansky,yrodiere,FroMage,phillip-kruger,machi1990,dmlloyd,iocanel,Sgitario,ia3andy,radcortez,rsvoboda,Ladicek,zakkak,ebullient,jmartisk,gwenneg,manovotn,maxandersen,starksm64,patriot1burke,emmanuelbernard,ozangunalp,michalvavrik,n1hility,tsegismont,galderz,ppalaga,evanchooly,holly-cummins,michelle-purcell,jponge,DavideD,karesti,brunobat,stalep,Karm,manusa,pedroigor,aureamunoz,metacosm,johnaohara,MichalMaler,MikeEdgar,alesj' + white-list-only: true \ No newline at end of file From d501eee211d4f681297ff2277aab494bb85cc3ed Mon Sep 17 00:00:00 2001 From: Guillaume Smet Date: Wed, 8 Nov 2023 13:47:19 +0100 Subject: [PATCH 2/2] Simplify build scan workflow by publishing only for approved developers --- .../develocity-preapproved-developers.json | 56 +++++++++++++++++++ .../develocity-publish-build-scans.yml | 28 ++++++++-- .github/workflows/develocity-verify-tos.yml | 33 ----------- 3 files changed, 78 insertions(+), 39 deletions(-) create mode 100644 .github/develocity-preapproved-developers.json delete mode 100644 .github/workflows/develocity-verify-tos.yml diff --git a/.github/develocity-preapproved-developers.json b/.github/develocity-preapproved-developers.json new file mode 100644 index 0000000000000..670c4d84f00ac --- /dev/null +++ b/.github/develocity-preapproved-developers.json @@ -0,0 +1,56 @@ +{ + "preapproved-developers": [ + "alesj", + "aloubyansky", + "aureamunoz", + "brunobat", + "cescoffier", + "DavideD", + "dmlloyd", + "ebullient", + "emmanuelbernard", + "evanchooly", + "FroMage", + "galderz", + "gastaldi", + "geoand", + "gsmet", + "gwenneg", + "holly-cummins", + "ia3andy", + "iocanel", + "jmartisk", + "johnaohara", + "jponge", + "karesti", + "Karm", + "Ladicek", + "machi1990", + "manovotn", + "manusa", + "maxandersen", + "metacosm", + "MichalMaler", + "michalvavrik", + "michelle-purcell", + "MikeEdgar", + "mkouba", + "n1hility", + "ozangunalp", + "patriot1burke", + "pedroigor", + "phillip-kruger", + "ppalaga", + "radcortez", + "rsvoboda", + "Sanne", + "sberyozkin", + "Sgitario", + "stalep", + "starksm64", + "stuartwdouglas", + "tsegismont", + "yrodiere", + "zakkak" + ] +} \ No newline at end of file diff --git a/.github/workflows/develocity-publish-build-scans.yml b/.github/workflows/develocity-publish-build-scans.yml index 4c3b1e03d231f..e56ea04a0d47a 100644 --- a/.github/workflows/develocity-publish-build-scans.yml +++ b/.github/workflows/develocity-publish-build-scans.yml @@ -5,20 +5,36 @@ on: workflows: [ "Quarkus CI" ] types: [ completed ] +defaults: + run: + shell: bash + jobs: publish-build-scans: - if: github.repository == 'quarkusio/quarkus' + if: github.repository == 'quarkusio/quarkus' && github.event.workflow_run.event == 'pull_request' runs-on: ubuntu-latest permissions: pull-requests: write steps: - - name: Verify Terms of Service acceptance job passed - uses: gradle/github-actions/terms-of-service-acceptance/verify@v1-beta - with: - terms-of-service-acceptance-workflow-job-name: 'run-terms-of-service-acceptance' + - uses: actions/checkout@v4 + - name: Extract preapproved developers list + id: extract-preapproved-developers + run: | + preapproveddevelopers=$(cat .github/develocity-preapproved-developers.json) + echo "preapproved-developpers=${preapproveddevelopers}" >> $GITHUB_OUTPUT - name: Publish Maven Build Scans uses: gradle/github-actions/maven-build-scan/publish@v1-beta + if: ${{ contains(fromJson(steps.extract-preapproved-developers.outputs.preapproved-developpers).preapproved-developers, github.event.workflow_run.actor.login) }} with: develocity-url: 'https://ge.quarkus.io' develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - skip-comment: true \ No newline at end of file + skip-comment: true + - name: Push to summary + run: | + echo -n "Pull request: " >> ${GITHUB_STEP_SUMMARY} + cat pr-number.out >> ${GITHUB_STEP_SUMMARY} + echo >> ${GITHUB_STEP_SUMMARY} + echo >> ${GITHUB_STEP_SUMMARY} + echo "| Job | Status | Build scan |" >> ${GITHUB_STEP_SUMMARY} + echo "|---|---|---|" >> ${GITHUB_STEP_SUMMARY} + cat publication.out >> ${GITHUB_STEP_SUMMARY} diff --git a/.github/workflows/develocity-verify-tos.yml b/.github/workflows/develocity-verify-tos.yml deleted file mode 100644 index 7533088f1db21..0000000000000 --- a/.github/workflows/develocity-verify-tos.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Develocity - Terms of Service acceptance verification - -on: - # issue_comment event is triggered when a pull-request is commented - issue_comment: - types: [ created ] - pull_request_target: - -jobs: - run-terms-of-service-acceptance: - if: github.repository == 'quarkusio/quarkus' - runs-on: ubuntu-latest - permissions: - # required to update signature file - contents: write - # required to comment pull-request - pull-requests: write - # required to update pull-request status check - actions: write - statuses: write - steps: - - name: Run Terms of Service acceptance verification - uses: gradle/github-actions/terms-of-service-acceptance/run@v1-beta - with: - # tos-location can also point to a file in a Github repository with this syntax: ///blob//tos.html - tos-location: 'https://foo.bar/tos.html' - # Optional inputs - pr-comment-tos-acceptance-missing: 'Quarkus uses Develocity to provide insights about CI builds. Please accept [Develocity Terms Of Service]({0}) to get your pull request Build Scan published by commenting this pull-request with the following message:' - #pr-comment-tos-acceptance-request: 'I have read Develocity Terms Of Service and I hereby accept the Terms' - pr-comment-tos-acceptance-validation: 'All contributors have accepted Develocity Terms Of Service.' - # let's whitelist the most active contributors from Red Hat - white-list: 'gsmet,geoand,stuartwdouglas,gastaldi,mkouba,cescoffier,sberyozkin,Sanne,aloubyansky,yrodiere,FroMage,phillip-kruger,machi1990,dmlloyd,iocanel,Sgitario,ia3andy,radcortez,rsvoboda,Ladicek,zakkak,ebullient,jmartisk,gwenneg,manovotn,maxandersen,starksm64,patriot1burke,emmanuelbernard,ozangunalp,michalvavrik,n1hility,tsegismont,galderz,ppalaga,evanchooly,holly-cummins,michelle-purcell,jponge,DavideD,karesti,brunobat,stalep,Karm,manusa,pedroigor,aureamunoz,metacosm,johnaohara,MichalMaler,MikeEdgar,alesj' - white-list-only: true \ No newline at end of file