Add Github Actions (#1)

* Add Github Actions
illarionov · Jan 11, 2024 · ee57dbc · ee57dbc
1 parent 0648704
commit ee57dbc
Show file tree

Hide file tree

Showing 7 changed files with 296 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/Build.yml b/.github/workflows/Build.yml
@@ -0,0 +1,149 @@
+name: build
+
+on:
+  pull_request:
+    paths-ignore:
+      - '**/*.md'
+  push:
+    branches:
+      - 'main'
+    paths-ignore:
+      - '**/*.md'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+env:
+  CI: true
+  TERM: dumb
+  GRADLE_OPTS: >-
+    -Dorg.gradle.jvmargs="-Xmx3G -XX:MaxMetaspaceSize=1g -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1"
+    -Dorg.gradle.workers.max=2
+    -Dorg.gradle.dependency.verification.console=verbose
+  KOTLIN_DAEMON_JVMARGS: >-
+    -Xmx2G -XX:MaxMetaspaceSize=320M -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1
+
+permissions:
+  checks: write
+  pull-requests: write
+
+jobs:
+  assemble:
+    name: Assemble, run tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    if: ${{ !contains(github.event.head_commit.message, '[ci skip]') }}
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        with:
+          dependency-graph: generate
+
+      - name: Assemble debug build, run tests
+        run: >
+          ./gradlew --scan -Pkotlin.daemon.jvmargs="${{ env.KOTLIN_DAEMON_JVMARGS }}"
+          build --stacktrace
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: build-outputs
+          path: '**/build/outputs'
+
+      - name: Publish test results
+        uses: EnricoMi/publish-unit-test-result-action/composite@v2
+        if: ${{ !cancelled() && (github.actor != 'dependabot[bot]') }}
+        with:
+          comment_mode: off
+          junit_files: '**/build/test-results/**/*.xml'
+          check_name: "Test results"
+
+      - name: Bundle the test reports
+        if: failure()
+        run: >
+          find . \(
+          -name .idea -o -path '*build/intermediates' -o -path '*build/.transforms' -o -path '*build/generated'
+          \) -prune -o
+          -type d -name 'reports' -print0
+          | xargs -0 tar -c -I 'zstd -19 -T0' -f test-reports.tar.zst
+
+      - name: Upload test reports
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: test-reports
+          path: test-reports.tar.zst
+
+  static-analysis:
+    name: Style check
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    timeout-minutes: 60
+    if: >-
+      !contains(github.event.head_commit.message, '[ci skip]')
+      && github.actor != 'dependabot[bot]'
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v1
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        with:
+          dependency-graph: generate
+
+      - name: Run static code analyzers
+        run: >
+          ./gradlew -Pkotlin.daemon.jvmargs="${{ env.KOTLIN_DAEMON_JVMARGS }}"
+          styleCheck --continue
+
+      - name: Uploads Detekt .sarif files to GitHub
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ./build/reports/detekt/report.sarif
+          category: detekt
+
+      - name: Uploads Diktat .sarif files to GitHub
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ./build/reports/diktat/diktat.sarif
+          category: diktat
+
+      - name: Bundle the build report
+        if: ${{ !cancelled() }}
+        run: >
+          tar -c -I 'zstd -19 -T0' -f lint-outputs.tar.zst build/reports
+
+      - name: Upload lint outputs
+        if: ${{ !cancelled() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: lint-outputs
+          path: lint-outputs.tar.zst
diff --git a/.github/workflows/GradleWrapper.yml b/.github/workflows/GradleWrapper.yml
@@ -0,0 +1,20 @@
+name: gradle-wrapper
+
+on:
+  pull_request:
+    paths:
+      - 'gradlew'
+      - 'gradlew.bat'
+      - 'gradle/wrapper/'
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v1
diff --git a/.github/workflows/Publish.yml b/.github/workflows/Publish.yml
@@ -0,0 +1,65 @@
+name: publish
+
+on:
+  workflow_dispatch:
+
+env:
+  CI: true
+  TERM: dumb
+  GRADLE_OPTS: >-
+    -Dorg.gradle.jvmargs="-Xmx3G -XX:MaxMetaspaceSize=1g -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1"
+    -Dorg.gradle.workers.max=2
+    -Dorg.gradle.dependency.verification.console=verbose
+  KOTLIN_DAEMON_JVMARGS: >-
+    -Xmx2G -XX:MaxMetaspaceSize=320M -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1
+
+jobs:
+  publish:
+    name: Assemble, publish to S3
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v1
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        with:
+          dependency-graph: generate
+
+      - name: Restore Kotlin Native Cache
+        uses: actions/cache/restore@v3
+        with:
+          path: ~/.konan
+          key: ${{ runner.os }}-konan-${{ hashFiles('**/*.gradle.kts', 'buildSrc') }}
+          restore-keys: ${{ runner.os }}-konan-
+
+      - name: Assemble, run tests, publish
+        env:
+          YANDEX_S3_ACCESS_KEY_ID: ${{ secrets.YANDEX_S3_ACCESS_KEY_ID }}
+          YANDEX_S3_SECRET_ACCESS_KEY: ${{ secrets.YANDEX_S3_SECRET_ACCESS_KEY }}
+          ORG_GRADLE_PROJECT_signingInMemoryKey:  ${{ secrets.SIGNING_IN_MEMORY_KEY }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyId: FCF62075
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_IN_MEMORY_KEY_PASSWORD }}
+        run: >
+          ./gradlew --scan -Pkotlin.daemon.jvmargs="${{ env.KOTLIN_DAEMON_JVMARGS }}"
+          build publishAllPublicationsToPixnewsS3Repository --stacktrace
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        with:
+          name: build-outputs
+          path: '**/build/outputs'
diff --git a/.github/workflows/SubmitDependencySnapshot.yml b/.github/workflows/SubmitDependencySnapshot.yml
@@ -0,0 +1,18 @@
+name: submit-dependency-snapshot
+
+on:
+  workflow_run:
+    workflows: ['build']
+    types: [completed]
+
+permissions:
+  contents: write
+
+jobs:
+  submit-snapshots:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Retrieve dependency graph artifact and submit
+        uses: gradle/gradle-build-action@v2
+        with:
+          dependency-graph: download-and-submit
diff --git a/gradle/verification-keyring.keys b/gradle/verification-keyring.keys
@@ -1252,6 +1252,32 @@ JueDZDlMr6EtCGBWFMRVAQugNmWmXbzteaqt
 =Fyk1
 -----END PGP PUBLIC KEY BLOCK-----
 
+pub    5208812E1E4A6DB0
+sub    33AEBC1F01C98081
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: BCPG v1.68
+
+mQENBFxaxWYBCADI4/gRCJYfXwZYdUoEGlAlCfRgABy90rvebzcs8MKtolAbPVkG
+iqnjftXd28sZhEDx9YJrUfmzspdrYmU7hy1kgV1/WGIcWyTExTH3bqlnaIWnnTxA
+HD0x4NJ2AzmX5VO8LxhqGID+BErrv7uGZvVmJT6trqUIcKeNEq7mzdDJKqTBY4cw
+q+Dm8P0vs4IFTD8q5f1Vr78FmUth2srIBmsIH1wNV1nAUTmQppNBFlCmcvnWTYI1
+0UMcsFFrJ2pFT1yP2AEGUNl4Lgj4hmVHZwX38/lu9pQ7iWtHSLOwZsfuC34/goS+
+ldFt63JqDV7ZaqwAgk7Iq6jbr4pSVsB4VdglABEBAAG5AQ0EXFrFZgEIAN7XqOmH
+9d5gMZ1uDZaEBlOmjFrXEwG2Lb24sxdBNEnHqarYXBW6LuBRjfvmEFNI83+xLXNI
+Zh/4MZs0WEnQO9pUpufIVtSJL5GNSUFJ/lU//TQrAD/750nwW+S+SZAvoLX4NuqS
+ASXZgEDQCvyGFNguIAyqfFoiT+w7+zOiLhDp40ZpDLx8HchYzCr0yZZ0spXabHOh
+HF5Reec0J+MTdHMw/23tNYh/AdUmxVCyRtXb15h00Afp01QZGPq20VCAVas/WaHL
+k3yXi2ehw5XMX26Yz19jTyVaoQygFZp7obpHruah0zIFAKcQN6iAqc8ZKdDYi8BK
+ZnxB5v/NmkmTFwkAEQEAAYkBNgQYAQgAIAIbDBYhBDFP6C5aTFN3vKLt7FIIgS4e
+Sm2wBQJcWsavAAoJEFIIgS4eSm2wRd0H/2b0a60QAMy2GT2RCL9l3dE23bup1gMa
+UZf2Igt6g0lczyb2mI3MT3aQ2EhbaTZi6m6Hr06ko/XUTUTMZt051vAHbIoiEI4n
+E1vZCJmjGKR1wPi8TafR7lKBKrQfakO3i/0PLSlY63LKLea6j4/byT8iBjidF3cN
+HYVoGJdeXzreSk+3xzVpOjnLa7WoNZ800+2mR+ZBwE06KBP+OurMeOB5NGq1I9am
+k+XQfRsSV6sFxMErv4BfvAuRe2UKAVnt9azfb6AyEoldWGx5/CCMB8oEhFLug6Zm
+2aVYDqALYdeleRyfjEM5CjXBz9lswWPKSUsECbVYRMGKpH6Tm7BeYnw=
+=uBzQ
+-----END PGP PUBLIC KEY BLOCK-----
+
 pub    55C7E5E701832382
 uid    Andrey Somov (SnakeYAML) <[email protected]>
 

diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
@@ -19,10 +19,18 @@
          <trust group="com.google.testing.platform" regex="true" reason="not signed"/>
       </trusted-artifacts>
       <trusted-keys>
+         <trusted-key id="314FE82E5A4C5377BCA2EDEC5208812E1E4A6DB0">
+            <trusting group="com.gradle" name="gradle-enterprise-gradle-plugin"/>
+            <trusting group="org.gradle" name="github-dependency-graph-gradle-plugin"/>
+         </trusted-key>
          <trusted-key id="4797B4F5DCC46CEA61059071A1AE06236CA2BA62" group="^com[.]diffplug($|([.].*))" regex="true"/>
          <trusted-key id="5F6C2148AD4911FE308110E5F0D0AE433308B042" group="io.gitlab.arturbosch.detekt"/>
          <trusted-key id="6F538074CCEBF35F28AF9B066A0975F8B1127B83" group="org.jetbrains.kotlin"/>
          <trusted-key id="7B72C18D9C362314BF8E981B0CAEBC0883C5BB65" group="com.vanniktech"/>
+         <trusted-key id="7B79ADD11F8A779FE90FD3D0893A028475557671">
+            <trusting group="com.gradle" name="gradle-enterprise-gradle-plugin"/>
+            <trusting group="org.gradle" name="github-dependency-graph-gradle-plugin"/>
+         </trusted-key>
          <trusted-key id="837B2CBB1D966C80643A2D6527F164F945828C4C" group="^com[.]willowtreeapps($|([.].*))" regex="true"/>
          <trusted-key id="8756C4F765C9AC3CB6B85D62379CE192D401AB61" group="com.diffplug.durian"/>
          <trusted-key id="90EE19787A7BCF6FD37A1E9180C08B1C29100955" group="com.squareup.retrofit2"/>