From 72e31b6d7734698ef15c225c0595437891a277c6 Mon Sep 17 00:00:00 2001 From: Sam Gammon Date: Wed, 21 Feb 2024 16:00:31 -0800 Subject: [PATCH] chore: various ci job fixups - fix: publish failed test reports as artifact - fix: coverage reporting - fix: separate jobs for dependency graph and build - fix: warnings yielded by detekt job Signed-off-by: Sam Gammon --- .github/codeql/codeql-config.yml | 7 -- .github/workflows/checks.codeql.yml | 4 + .github/workflows/job.build.yml | 113 +++++++++++++++++++++ .github/workflows/job.dependency-graph.yml | 46 +-------- .github/workflows/job.native-build.yml | 65 ++++++++++-- .github/workflows/job.tests.yml | 13 ++- .github/workflows/on.pr.yml | 35 ++++--- .github/workflows/on.push.yml | 12 --- 8 files changed, 208 insertions(+), 87 deletions(-) create mode 100644 .github/workflows/job.build.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index d81ec948c..3c517b871 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -5,10 +5,3 @@ languages: queries: - uses: security-and-quality - -paths: - - packages - -paths-ignore: - - .codebase - - build diff --git a/.github/workflows/checks.codeql.yml b/.github/workflows/checks.codeql.yml index 48de970aa..2c979838f 100644 --- a/.github/workflows/checks.codeql.yml +++ b/.github/workflows/checks.codeql.yml @@ -15,6 +15,10 @@ name: "CodeQL" schedule: - cron: "0 0-23/2 * * *" + push: + branches: + - main + permissions: contents: read diff --git a/.github/workflows/job.build.yml b/.github/workflows/job.build.yml new file mode 100644 index 000000000..9937819ea --- /dev/null +++ b/.github/workflows/job.build.yml @@ -0,0 +1,113 @@ +name: "Build" + +"on": + workflow_dispatch: {} + workflow_call: + inputs: {} + secrets: + GRADLE_CONFIGURATION_KEY: + description: "Gradle cache key" + required: false + BUILDLESS_APIKEY: + description: "Buildless key" + required: false + +permissions: + contents: read + +jobs: + ## + ## Job: Build + ## + gradle: + strategy: + fail-fast: false + matrix: + os: [Ubuntu] + mode: ["Strict"] + machine: + - "ubuntu-latest" + + name: "Build (${{ matrix.os }})" + runs-on: ${{ matrix.machine }} + continue-on-error: ${{ matrix.mode != 'Strict' }} + + defaults: + run: + shell: bash + + outputs: + hashes: ${{ steps.hash.outputs.hashes }} + + steps: + - name: "Setup: Harden Runner" + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: "Setup: Checkout" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + submodules: true + persist-credentials: false + - name: "Setup: Cache Restore (Build)" + id: cache-restore-build + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + with: + key: pkl-v1-build-${{ hashFiles('gradle/libs.versions.toml') }} + restore-keys: | + pkl-v1-build-${{ hashFiles('gradle/libs.versions.toml') }} + pkl-v1-build- + pkl-v1- + pkl- + path: | + .gradle/ + build/ + .codebase/ + .kotlin/ + ./*/build/bin + ./*/build/classes + ./*/build/kotlin + ./*/build/klib + ./*/build/generated + ./*/build/generated-sources + - name: "Setup: Java 21" + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 + with: + distribution: 'adopt' + java-version: '21' + - name: "Setup: GraalVM (Java 21)" + uses: graalvm/setup-graalvm@d72e3dbf5f44eb0b78c4f8ec61a262d8bf9b94af # v1.1.7 + with: + distribution: "graalvm" + java-version: 21 + check-for-updates: false + github-token: ${{ secrets.GITHUB_TOKEN }} + set-java-home: 'false' + - name: "🛠️ Build" + uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 + id: gradlebuild + env: + CI: true + with: + cache-read-only: true + cache-encryption-key: ${{ secrets.GRADLE_CONFIGURATION_KEY }} + gradle-home-cache-cleanup: true + arguments: build -x test -x check + build-scan-publish: true + build-scan-terms-of-service-url: "https://gradle.com/terms-of-service" + build-scan-terms-of-service-agree: "yes" + - name: "Artifact: Caches" + uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + with: + key: ${{ steps.cache-restore.outputs.cache-primary-key }} + path: | + .gradle/ + build/ + .codebase/ + .kotlin/ + ./*/build/bin + ./*/build/classes + ./*/build/kotlin + ./*/build/klib + ./*/build/generated + ./*/build/generated-sources diff --git a/.github/workflows/job.dependency-graph.yml b/.github/workflows/job.dependency-graph.yml index 879ef3e8f..4e3206f07 100644 --- a/.github/workflows/job.dependency-graph.yml +++ b/.github/workflows/job.dependency-graph.yml @@ -20,17 +20,8 @@ jobs: ## Job: Build+Submit Dependency Graph ## gradle: - strategy: - fail-fast: false - matrix: - os: [Ubuntu] - mode: ["Strict"] - machine: - - "ubuntu-latest" - - name: "Build (${{ matrix.os }})" - runs-on: ${{ matrix.machine }} - continue-on-error: ${{ matrix.mode != 'Strict' }} + name: "Dependency Graph" + runs-on: "ubuntu-latest" permissions: ## Needed for submission of dependency graphs @@ -79,39 +70,6 @@ jobs: with: distribution: 'adopt' java-version: '21' - - name: "Setup: GraalVM (Java 21)" - uses: graalvm/setup-graalvm@d72e3dbf5f44eb0b78c4f8ec61a262d8bf9b94af # v1.1.7 - with: - distribution: "graalvm" - java-version: 21 - check-for-updates: false - github-token: ${{ secrets.GITHUB_TOKEN }} - set-java-home: 'false' - - name: "🛠️ Build" - uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 - id: gradlebuild - env: - CI: true - with: - cache-read-only: true - cache-encryption-key: ${{ secrets.GRADLE_CONFIGURATION_KEY }} - gradle-home-cache-cleanup: true - arguments: dependencies build -x test -x check --scan - name: "🛠️ Dependency Graph" uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 continue-on-error: true - - name: "Artifact: Caches" - uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 - with: - key: ${{ steps.cache-restore.outputs.cache-primary-key }} - path: | - .gradle/ - build/ - .codebase/ - .kotlin/ - ./*/build/bin - ./*/build/classes - ./*/build/kotlin - ./*/build/klib - ./*/build/generated - ./*/build/generated-sources diff --git a/.github/workflows/job.native-build.yml b/.github/workflows/job.native-build.yml index 7a3d7f867..3568849e4 100644 --- a/.github/workflows/job.native-build.yml +++ b/.github/workflows/job.native-build.yml @@ -1,13 +1,51 @@ name: "Native Build" "on": - workflow_dispatch: {} + workflow_dispatch: + inputs: + release: + type: boolean + default: false + description: "Release build" + macos: + type: boolean + default: true + description: "macOS" + linux: + type: boolean + default: true + description: "Linux" + windows: + type: boolean + default: false + description: "Windows" + artifact: + type: string + default: "" + description: "Artifact prefix" + workflow_call: inputs: release: type: boolean default: false description: "Release build" + macos: + type: boolean + default: true + description: "macOS" + linux: + type: boolean + default: true + description: "Linux" + windows: + type: boolean + default: false + description: "Windows" + artifact: + type: string + default: "" + description: "Artifact prefix" secrets: GRADLE_CONFIGURATION_KEY: @@ -30,18 +68,23 @@ jobs: matrix: os: [Ubuntu] mode: ["Strict"] - tag: ["linux-amd64"] + tag: ["linux-amd64-${{ fromJson(inputs.release) && 'opt' || 'dev' }}"] machine: ["ubuntu-latest"] target: [":pkl-cli:linuxExecutableAmd64"] + enabled: + - ${{ fromJson(inputs.linux) }} include: - os: macOS x64 - tag: macos-x64 + tag: macos-x64-${{ fromJson(inputs.release) && 'opt' || 'dev' }} machine: macos-13 target: :pkl-cli:macExecutableAmd64 + enabled: ${{ fromJson(inputs.macos) }} - os: macOS aarch64 - tag: macos-aarch64 + tag: macos-aarch64-${{ fromJson(inputs.release) && 'opt' || 'dev' }} machine: macos-13-xlarge target: :pkl-cli:macExecutableAarch64 + enabled: ${{ fromJson(inputs.macos) }} + # Windows build is currently broken. # # - os: Windows @@ -51,6 +94,7 @@ jobs: name: "Native CLI (${{ matrix.os }})" runs-on: ${{ matrix.machine }} + if: ${{ matrix.enabled }} defaults: run: @@ -119,13 +163,14 @@ jobs: ${{ matrix.target || ':pkl-cli:assembleNative' }} -PnativeRelease=${{ inputs.release }} - name: "Artifact: Native CLI" - if: success() - uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: - key: pkl-native-${{ matrix.tag }} - path: | - ./pkl-cli/build/distributions/pkl-*.zip - ./pkl-cli/build/distributions/pkl-*.tar + name: "${{ inputs.artifact || 'pkl-cli-latest' }}-${{ matrix.tag }}" + path: ./pkl-cli/build/distributions/pkl*.* + if-no-files-found: warn + retention-days: 14 + compression-level: 1 + overwrite: true - name: "Artifact: Caches" uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: diff --git a/.github/workflows/job.tests.yml b/.github/workflows/job.tests.yml index e22205655..e641ec7e8 100644 --- a/.github/workflows/job.tests.yml +++ b/.github/workflows/job.tests.yml @@ -98,10 +98,21 @@ jobs: build-scan-publish: true build-scan-terms-of-service-url: "https://gradle.com/terms-of-service" build-scan-terms-of-service-agree: "yes" - arguments: test koverVerify reports -x check + arguments: test koverVerify koverXmlReport koverHtmlReport koverBinaryReport reports -x check + - name: "Artifact: Test Reports" + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + if: success() || failure() + with: + name: "pkl-test-reports-${{ github.ref }}" + path: "./build/reports/**/*.*" + if-no-files-found: warn + retention-days: 7 + compression-level: 4 + overwrite: true - name: "Reporting: Coverage" uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 continue-on-error: true + if: success() with: token: ${{ secrets.CODECOV_TOKEN }} slug: elide-dev/pkl diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml index f5213b8be..fd03409f4 100644 --- a/.github/workflows/on.pr.yml +++ b/.github/workflows/on.pr.yml @@ -68,18 +68,28 @@ jobs: tasks ## - ## Job: Build + Submit Dependency Graph + ## Job: Build ## - dependency-graph: + build: name: "Build" uses: ./.github/workflows/job.dependency-graph.yml needs: [preflight-checks] secrets: GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }} BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} + + ## + ## Job: Native Build + ## + native-build: + name: "Build" + uses: ./.github/workflows/job.native-build.yml + needs: [preflight-checks, build] + secrets: + GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }} + BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} permissions: - ## Needed for build graph publishing - contents: "write" + contents: "read" ## ## Job: Tests @@ -87,25 +97,24 @@ jobs: pr-tests: name: "Tests" uses: ./.github/workflows/job.tests.yml - needs: [preflight-checks, dependency-graph] + needs: [preflight-checks, build] secrets: GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }} BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} - with: - native: false ## - ## Job: Native Build + ## Job: Submit Dependency Graph ## - native-build: - name: "Build" - uses: ./.github/workflows/job.native-build.yml - needs: [preflight-checks, dependency-graph] + dependency-graph: + name: "Checks" + uses: ./.github/workflows/job.dependency-graph.yml + needs: [preflight-checks] secrets: GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }} BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} permissions: - contents: "read" + ## Needed for build graph publishing + contents: "write" ## ## Job: API Check diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml index bd830eeba..2b1a3770c 100644 --- a/.github/workflows/on.push.yml +++ b/.github/workflows/on.push.yml @@ -32,18 +32,6 @@ jobs: permissions: contents: "read" - ## - ## Job: Checks with CodeQL - ## - check-codeql: - name: "Checks" - uses: ./.github/workflows/checks.codeql.yml - needs: [build] - permissions: - actions: "read" - contents: "read" - security-events: "write" - ## ## Job: Checks with Detekt ##