-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optimize CI a bit #574
base: main
Are you sure you want to change the base?
Optimize CI a bit #574
Conversation
CC @JLLeitschuh |
@JLLeitschuh CC |
This will unblock #574 Signed-off-by: Jonathan Leitschuh <[email protected]>
This will unblock #574 Signed-off-by: Jonathan Leitschuh <[email protected]>
You can update to Gradle 8 or 7.6 to support Java 19. |
That's the plan. But things are breaking, and I don't have the time to figure out what's going on right now: #660 |
Validation job now only be executed after wrapper files are changed, it could be removed from required status checks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some things to resolve. Much appreciated for the assistance
restore-keys: | | ||
${{ runner.os }}-gradle-cache- | ||
# Inspired by https://github.com/actions/cache/issues/432#issuecomment-740376179 | ||
- name: Restore TestKit cache |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this now get handled by the Gradle Action?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, if we still need to cache testKit dir, can we store them to ~/.gradle/.gradle-test-kit
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you make sure this action is being run with no credentials?
runs-on: ubuntu-latest | ||
|
||
if: github.repository == 'JLLeitschuh/ktlint-gradle' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why? What value does this if check add?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No much necessary to run these jobs in forked repos.
@@ -1,12 +1,18 @@ | |||
name: "Validate Gradle Wrapper" | |||
on: [push, pull_request] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer to keep these. And I don't know if the filtering adds much value. It actual adds additional risk, as it completely misses the second Gradle wrapper in the plugins directory
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reverted.
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | ||
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | ||
GITHUB_KEY: ${{ secrets.GithubKey }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why move these to the top when they are only needed for 2 steps. I don't see value in exposing these env variables to other action steps.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just reuse them for steps.
@@ -32,7 +33,7 @@ jobs: | |||
|
|||
steps: | |||
- name: "Checkout code" | |||
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 | |||
uses: actions/checkout@4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the exact commit hash is done intentionally.
It's a suggested security measure, advised by security scorecard.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can pin them to hash, but there would be better to enable @renovate-bot for this repo to keep thing up to date.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dependabot can assist here as well I believe
Mainly for using
gradle-build-action
to speed up build on CI, and bump action versions by the way.