Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optimize CI a bit #574

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 15 additions & 63 deletions .github/workflows/build-and-check.yml
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make sure this action is being run with no credentials?

Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ jobs:
run: echo "The selected java versions are ${{ steps.set-matrix.outputs.version_matrix }}"
outputs:
version_matrix: ${{ steps.set-matrix.outputs.version_matrix }}

build:
needs: build-jvm-matrix
strategy:
Expand All @@ -27,7 +28,7 @@ jobs:
java_version: ${{ fromJson(needs.build-jvm-matrix.outputs.version_matrix) }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: configure windows pagefile
if: ${{ matrix.os == 'windows-latest' }}
uses: al-cheb/[email protected]
Expand All @@ -36,50 +37,23 @@ jobs:
maximum-size: 8GB
disk-root: "D:"
- name: set up JDK
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java_version }}
distribution: 'zulu'
- name: Restore Gradle caches
uses: actions/cache@v2
with:
path: |
~/.gradle/caches/modules-2
~/.gradle/caches/files-2.1
~/.gradle/caches/metadata-2.96
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }}
restore-keys: |
${{ runner.os }}-gradle-cache-
# Inspired by https://github.com/actions/cache/issues/432#issuecomment-740376179
- name: Restore TestKit cache
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this now get handled by the Gradle Action?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, if we still need to cache testKit dir, can we store them to ~/.gradle/.gradle-test-kit?

uses: actions/cache@v2
with:
path: |
plugin/.gradle-test-kit/caches/modules-2
plugin/.gradle-test-kit/caches/files-2.1
plugin/.gradle-test-kit/caches/metadata-2.96
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}-
${{ runner.os }}-gradle-wrapper-
- name: Restore Gradle wrapper
uses: actions/cache@v2
- uses: gradle/actions/setup-gradle@v3
with:
path: |
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}
restore-keys: |
${{ runner.os }}-gradle-wrapper-
gradle-home-cache-cleanup: true
- name: Build plugin
run: ./plugin/gradlew -p ./plugin assemble ensureDependenciesAreInlined test --no-daemon
- name: Upload test results
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
if: failure()
with:
name: test-results-${{ runner.os }}
path: plugin/build/reports/tests/test/
- name: Upload Memory Dump
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
if: failure()
with:
name: memory-dump-${{ runner.os }}
Expand All @@ -95,9 +69,9 @@ jobs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: set up JDK 11
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'zulu'
Expand All @@ -109,20 +83,9 @@ jobs:
run: sudo apt install -qq libdistro-info-perl
- name: Install checkbashisms
run: sudo apt-get install -qq devscripts
- name: Restore Gradle caches
uses: actions/cache@v2
- uses: gradle/actions/setup-gradle@v3
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }}
restore-keys: |
${{ runner.os }}-gradle-cache-
- name: Restore Gradle wrapper
uses: actions/cache@v2
with:
path: ~/.gradle/wrapper
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}
restore-keys: |
${{ runner.os }}-gradle-wrapper-
gradle-home-cache-cleanup: true
- name: Check git bashisms
run: ./gradlew addKtlintCheckGitPreCommitHook --no-daemon && checkbashisms .git/hooks/pre-commit

Expand All @@ -133,25 +96,14 @@ jobs:
runs-on: ${{ matrix.os }}
needs: build
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: set up JDK 1.8
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'zulu'
- name: Restore Gradle caches
uses: actions/cache@v2
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }}
restore-keys: |
${{ runner.os }}-gradle-cache-
- name: Restore Gradle wrapper
uses: actions/cache@v2
- uses: gradle/actions/setup-gradle@v3
with:
path: ~/.gradle/wrapper
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}
restore-keys: |
${{ runner.os }}-gradle-wrapper-
gradle-home-cache-cleanup: true
- name: Check ktlint-plugin on samples
run: ./gradlew ktlintCheck --no-daemon
8 changes: 3 additions & 5 deletions .github/workflows/changelog.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,13 @@ on:
jobs:
build:
name: Changelog Entry Check

runs-on: ubuntu-latest

if: github.repository == 'JLLeitschuh/ktlint-gradle'
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why? What value does this if check add?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No much necessary to run these jobs in forked repos.

steps:
- uses: actions/checkout@v2

- uses: actions/checkout@v4
- name: Grep CHANGES.md for PR number
if: contains(github.event.pull_request.labels.*.name, 'skip news') != true
run: |
grep -Pz "\[(\n\s*)?#${{ github.event.pull_request.number }}(\n\s*)?\]\((\n\s*)?https://github\.com/JLLeitschuh/ktlint-gradle/pull/${{ github.event.pull_request.number }}(\n\s*)?\)" CHANGELOG.md || \
(echo "Please add '[#${{ github.event.pull_request.number }}](https://github.com/JLLeitschuh/ktlint-gradle/pull/${{ github.event.pull_request.number }})' change line to CHANGELOG.md" && \
exit 1)
exit 1)
10 changes: 8 additions & 2 deletions .github/workflows/gradle-wrapper-validation.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
name: "Validate Gradle Wrapper"
on: [push, pull_request]
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to keep these. And I don't know if the filtering adds much value. It actual adds additional risk, as it completely misses the second Gradle wrapper in the plugins directory

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted.


on:
pull_request:
paths:
- 'gradlew'
- 'gradlew.bat'
- 'gradle/wrapper/'

jobs:
validation:
name: "Validation"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- uses: gradle/wrapper-validation-action@v1
with:
min-wrapper-count: 2
32 changes: 9 additions & 23 deletions .github/workflows/new-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,38 +8,24 @@ jobs:
make-new-release:
name: "Releasing plugin"
runs-on: ubuntu-latest
if: github.repository == 'JLLeitschuh/ktlint-gradle'
env:
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
GITHUB_KEY: ${{ secrets.GithubKey }}
Comment on lines +13 to +15
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why move these to the top when they are only needed for 2 steps. I don't see value in exposing these env variables to other action steps.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just reuse them for steps.

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: set up JDK 1.8
uses: actions/setup-java@v2
uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'zulu'
- name: Restore Gradle caches
uses: actions/cache@v2
- uses: gradle/actions/setup-gradle@v3
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-cache-${{ hashFiles('**/*.gradle.kts') }}-${{ hashFiles('**/gradle.properties') }}
restore-keys: |
${{ runner.os }}-gradle-cache-
- name: Restore Gradle wrapper
uses: actions/cache@v2
with:
path: ~/.gradle/wrapper
key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}
restore-keys: |
${{ runner.os }}-gradle-wrapper-
gradle-home-cache-cleanup: true
- name: Publish plugin
env:
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
GITHUB_KEY: ${{ secrets.GithubKey }}
run: ./plugin/gradlew -p ./plugin publishPlugins --no-daemon
- name: Create new Github release
env:
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
GITHUB_KEY: ${{ secrets.GITHUB_TOKEN }}
run: ./plugin/gradlew -p ./plugin githubRelease --no-daemon
- name: Update VERSION_LATEST_RELEASE to new published version
run: cp plugin/VERSION_CURRENT.txt plugin/VERSION_LATEST_RELEASE.txt
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/perform-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,18 @@ name: "Perform Release"
on:
workflow_dispatch:
inputs:
new_version:

description: "Release Version (no 'v')"
required: true
type: string
new_version:
description: "Release Version (no 'v')"
required: true
type: string

jobs:
perform-release:
runs-on: ubuntu-latest
if: github.repository == 'JLLeitschuh/ktlint-gradle'
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT }}
- name: Update Changelog
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
if: github.repository == 'JLLeitschuh/ktlint-gradle'
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
Expand All @@ -32,7 +33,7 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
uses: actions/checkout@4
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the exact commit hash is done intentionally.

It's a suggested security measure, advised by security scorecard.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can pin them to hash, but there would be better to enable @renovate-bot for this repo to keep thing up to date.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot can assist here as well I believe

with:
persist-credentials: false

Expand All @@ -59,14 +60,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
uses: actions/upload-artifact@4
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
uses: github/codeql-action/upload-sarif@3
with:
sarif_file: results.sarif
Loading