diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000000..1e15d7b8f0 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,40 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +version: 2 +# Add Maven Central explicitly to work around: +# https://github.com/dependabot/dependabot-core/issues/8329 +registries: + maven-central: + type: maven-repository + url: https://repo.maven.apache.org/maven2 + +updates: + + - package-ecosystem: maven + directory: "/" + open-pull-requests-limit: 10 + schedule: + interval: "daily" + target-branch: "trunk" + registries: + - maven-central + +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: "daily" + target-branch: "trunk" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000000..fd51cee946 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,79 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: build + +on: + push: + branches: + - "trunk" + - "release/*" + paths-ignore: + - "**.adoc" + - "**.md" + - "**.txt" + pull_request: + paths-ignore: + - "**.adoc" + - "**.md" + - "**.txt" + +# If the branch is 'trunk' run once per commit. +# If the branch is 'release/*' allow only one concurrent run. +concurrency: + group: ${{ github.ref_name == 'trunk' && github.ref || github.ref_name }} + cancel-in-progress: true + +permissions: read-all + +jobs: + + build: + if: github.actor != 'dependabot[bot]' + uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + with: + java-version: 8 + + deploy-snapshot: + needs: build + if: github.repository == 'apache/flume' && github.ref == 'refs/heads/trunk' + uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + # Secrets for deployments + secrets: + NEXUS_USER: ${{ secrets.NEXUS_USER }} + NEXUS_PW: ${{ secrets.NEXUS_PW }} + with: + java-version: 8 + + deploy-release: + needs: build + if: github.repository == 'apache/flume' && startsWith(github.ref_name, 'release/') + uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + # Secrets for deployments + secrets: + GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }} + LOGGING_STAGE_DEPLOYER_USER: ${{ secrets.LOGGING_STAGE_DEPLOYER_USER }} + LOGGING_STAGE_DEPLOYER_PW: ${{ secrets.LOGGING_STAGE_DEPLOYER_PW }} + SVN_USERNAME: ${{ secrets.LOGGING_SVN_DEV_USERNAME }} + SVN_PASSWORD: ${{ secrets.LOGGING_SVN_DEV_PASSWORD }} + # Write permissions to allow the Maven `revision` property update, changelog release, etc. + permissions: + contents: write + with: + java-version: 8 + project-id: flume + site-enabled: true diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 686e1ed9f2..0000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,78 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache license, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the license for the specific language governing permissions and -# limitations under the license. - -name: build - -on: - push: - branches: - - trunk - - build-dev - pull_request: - -jobs: - build: - - runs-on: ${{ matrix.os }} - - strategy: - matrix: - os: [ ubuntu-latest, macos-latest ] - - steps: - - - name: Checkout repository - uses: actions/checkout@v2 - - # JDK 8 is needed for the build, and it is the primary bytecode target. - - name: Setup JDK 8 - uses: actions/setup-java@v2.3.0 - with: - distribution: temurin - java-version: 8 - java-package: jdk - architecture: x64 - cache: maven - - - name: Inspect environment (Linux) - if: runner.os == 'Linux' - run: env | grep '^JAVA' - - - name: Inspect environment (MacOS) - if: runner.os == 'macOS' - run: env | grep '^JAVA' - - - name: Show disk usage before - run: df -kh - - - name: Remove unwanted packages - run: | - sudo rm -rf /usr/share/dotnet - sudo rm -rf /usr/local/lib/android - - - name: Show disk usage before maven - run: df -kh - - - name: Build with Maven - timeout-minutes: 120 - shell: bash - run: | - ./mvnw clean verify -DredirectTestOutput=true \ - --show-version --batch-mode --errors --no-transfer-progress \ - -DtrimStackTrace=false \ - -Dsurefire.rerunFailingTestsCount=2 - - - name: Show disk usage after - run: df -kh diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml new file mode 100644 index 0000000000..2e076ec586 --- /dev/null +++ b/.github/workflows/codeql-analysis.yaml @@ -0,0 +1,41 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: codeql-analysis + +on: + push: + branches: [ 'trunk' ] + pull_request: + # The branches below must be a subset of the branches provided in `on.push.branches` + branches: [ 'trunk' ] + schedule: + - cron: '32 12 * * 5' + +permissions: read-all + +jobs: + + analyze: + uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + # Permissions required to publish Security Alerts + permissions: + actions: read + contents: read + security-events: write + with: + java-version: 8 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index b1490d04a9..0000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,70 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ trunk ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ trunk ] - schedule: - - cron: '15 0 * * 5' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'java', 'python' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # 2.1.37 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # 2.1.37 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # 2.1.37 diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml new file mode 100644 index 0000000000..b32d5060e6 --- /dev/null +++ b/.github/workflows/merge-dependabot.yaml @@ -0,0 +1,46 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: merge-dependabot + +on: + pull_request_target: + paths-ignore: + - "**.adoc" + - "**.md" + - "**.txt" + +permissions: read-all + +jobs: + + build: + if: github.repository == 'apache/flume' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]' + uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + with: + java-version: 8 + + merge-dependabot: + needs: build + uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + permissions: + contents: write # to push changelog commits + pull-requests: write # to close the PR + secrets: + GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }} # to sign commits + with: + java-version: 8 diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml new file mode 100644 index 0000000000..3f51e17b15 --- /dev/null +++ b/.github/workflows/scorecards-analysis.yaml @@ -0,0 +1,40 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: scorecards-analysis + +on: + branch_protection_rule: + schedule: + - cron: "30 1 * * 6" + push: + branches: [ main ] + +permissions: read-all + +jobs: + + analysis: + uses: apache/logging-parent/.github/workflows/scorecards-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + permissions: + # Needed to upload the results to the code-scanning dashboard. + security-events: write + actions: read + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + with: + java-version: 8