From ee57dbcf07728eb36fe79a98c38cdeb127810b8b Mon Sep 17 00:00:00 2001 From: Alexey Illarionov Date: Fri, 12 Jan 2024 01:05:23 +0300 Subject: [PATCH] Add Github Actions (#1) * Add Github Actions --- .github/dependabot.yml | 10 ++ .github/workflows/Build.yml | 149 ++++++++++++++++++ .github/workflows/GradleWrapper.yml | 20 +++ .github/workflows/Publish.yml | 65 ++++++++ .../workflows/SubmitDependencySnapshot.yml | 18 +++ gradle/verification-keyring.keys | 26 +++ gradle/verification-metadata.xml | 8 + 7 files changed, 296 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/Build.yml create mode 100644 .github/workflows/GradleWrapper.yml create mode 100644 .github/workflows/Publish.yml create mode 100644 .github/workflows/SubmitDependencySnapshot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f770db0 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "gradle" + directory: "/" + schedule: + interval: "monthly" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/Build.yml b/.github/workflows/Build.yml new file mode 100644 index 0000000..86610d8 --- /dev/null +++ b/.github/workflows/Build.yml @@ -0,0 +1,149 @@ +name: build + +on: + pull_request: + paths-ignore: + - '**/*.md' + push: + branches: + - 'main' + paths-ignore: + - '**/*.md' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +env: + CI: true + TERM: dumb + GRADLE_OPTS: >- + -Dorg.gradle.jvmargs="-Xmx3G -XX:MaxMetaspaceSize=1g -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1" + -Dorg.gradle.workers.max=2 + -Dorg.gradle.dependency.verification.console=verbose + KOTLIN_DAEMON_JVMARGS: >- + -Xmx2G -XX:MaxMetaspaceSize=320M -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1 + +permissions: + checks: write + pull-requests: write + +jobs: + assemble: + name: Assemble, run tests + runs-on: ubuntu-latest + timeout-minutes: 60 + if: ${{ !contains(github.event.head_commit.message, '[ci skip]') }} + + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + with: + dependency-graph: generate + + - name: Assemble debug build, run tests + run: > + ./gradlew --scan -Pkotlin.daemon.jvmargs="${{ env.KOTLIN_DAEMON_JVMARGS }}" + build --stacktrace + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + if: failure() + with: + name: build-outputs + path: '**/build/outputs' + + - name: Publish test results + uses: EnricoMi/publish-unit-test-result-action/composite@v2 + if: ${{ !cancelled() && (github.actor != 'dependabot[bot]') }} + with: + comment_mode: off + junit_files: '**/build/test-results/**/*.xml' + check_name: "Test results" + + - name: Bundle the test reports + if: failure() + run: > + find . \( + -name .idea -o -path '*build/intermediates' -o -path '*build/.transforms' -o -path '*build/generated' + \) -prune -o + -type d -name 'reports' -print0 + | xargs -0 tar -c -I 'zstd -19 -T0' -f test-reports.tar.zst + + - name: Upload test reports + uses: actions/upload-artifact@v4 + if: failure() + with: + name: test-reports + path: test-reports.tar.zst + + static-analysis: + name: Style check + runs-on: ubuntu-latest + permissions: + security-events: write + timeout-minutes: 60 + if: >- + !contains(github.event.head_commit.message, '[ci skip]') + && github.actor != 'dependabot[bot]' + + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Validate Gradle wrapper + uses: gradle/wrapper-validation-action@v1 + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + with: + dependency-graph: generate + + - name: Run static code analyzers + run: > + ./gradlew -Pkotlin.daemon.jvmargs="${{ env.KOTLIN_DAEMON_JVMARGS }}" + styleCheck --continue + + - name: Uploads Detekt .sarif files to GitHub + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: ./build/reports/detekt/report.sarif + category: detekt + + - name: Uploads Diktat .sarif files to GitHub + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: ./build/reports/diktat/diktat.sarif + category: diktat + + - name: Bundle the build report + if: ${{ !cancelled() }} + run: > + tar -c -I 'zstd -19 -T0' -f lint-outputs.tar.zst build/reports + + - name: Upload lint outputs + if: ${{ !cancelled() }} + uses: actions/upload-artifact@v4 + with: + name: lint-outputs + path: lint-outputs.tar.zst diff --git a/.github/workflows/GradleWrapper.yml b/.github/workflows/GradleWrapper.yml new file mode 100644 index 0000000..62e9c1d --- /dev/null +++ b/.github/workflows/GradleWrapper.yml @@ -0,0 +1,20 @@ +name: gradle-wrapper + +on: + pull_request: + paths: + - 'gradlew' + - 'gradlew.bat' + - 'gradle/wrapper/' + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Validate Gradle wrapper + uses: gradle/wrapper-validation-action@v1 diff --git a/.github/workflows/Publish.yml b/.github/workflows/Publish.yml new file mode 100644 index 0000000..d6f44c5 --- /dev/null +++ b/.github/workflows/Publish.yml @@ -0,0 +1,65 @@ +name: publish + +on: + workflow_dispatch: + +env: + CI: true + TERM: dumb + GRADLE_OPTS: >- + -Dorg.gradle.jvmargs="-Xmx3G -XX:MaxMetaspaceSize=1g -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1" + -Dorg.gradle.workers.max=2 + -Dorg.gradle.dependency.verification.console=verbose + KOTLIN_DAEMON_JVMARGS: >- + -Xmx2G -XX:MaxMetaspaceSize=320M -XX:SoftRefLRUPolicyMSPerMB=10 -XX:+UseParallelGC -XX:NewRatio=1 + +jobs: + publish: + name: Assemble, publish to S3 + runs-on: ubuntu-latest + timeout-minutes: 60 + + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Validate Gradle wrapper + uses: gradle/wrapper-validation-action@v1 + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + with: + dependency-graph: generate + + - name: Restore Kotlin Native Cache + uses: actions/cache/restore@v3 + with: + path: ~/.konan + key: ${{ runner.os }}-konan-${{ hashFiles('**/*.gradle.kts', 'buildSrc') }} + restore-keys: ${{ runner.os }}-konan- + + - name: Assemble, run tests, publish + env: + YANDEX_S3_ACCESS_KEY_ID: ${{ secrets.YANDEX_S3_ACCESS_KEY_ID }} + YANDEX_S3_SECRET_ACCESS_KEY: ${{ secrets.YANDEX_S3_SECRET_ACCESS_KEY }} + ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_IN_MEMORY_KEY }} + ORG_GRADLE_PROJECT_signingInMemoryKeyId: FCF62075 + ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_IN_MEMORY_KEY_PASSWORD }} + run: > + ./gradlew --scan -Pkotlin.daemon.jvmargs="${{ env.KOTLIN_DAEMON_JVMARGS }}" + build publishAllPublicationsToPixnewsS3Repository --stacktrace + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + if: ${{ failure() }} + with: + name: build-outputs + path: '**/build/outputs' diff --git a/.github/workflows/SubmitDependencySnapshot.yml b/.github/workflows/SubmitDependencySnapshot.yml new file mode 100644 index 0000000..214a19b --- /dev/null +++ b/.github/workflows/SubmitDependencySnapshot.yml @@ -0,0 +1,18 @@ +name: submit-dependency-snapshot + +on: + workflow_run: + workflows: ['build'] + types: [completed] + +permissions: + contents: write + +jobs: + submit-snapshots: + runs-on: ubuntu-latest + steps: + - name: Retrieve dependency graph artifact and submit + uses: gradle/gradle-build-action@v2 + with: + dependency-graph: download-and-submit diff --git a/gradle/verification-keyring.keys b/gradle/verification-keyring.keys index 8965728..2a9ecfc 100644 --- a/gradle/verification-keyring.keys +++ b/gradle/verification-keyring.keys @@ -1252,6 +1252,32 @@ JueDZDlMr6EtCGBWFMRVAQugNmWmXbzteaqt =Fyk1 -----END PGP PUBLIC KEY BLOCK----- +pub 5208812E1E4A6DB0 +sub 33AEBC1F01C98081 +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.68 + +mQENBFxaxWYBCADI4/gRCJYfXwZYdUoEGlAlCfRgABy90rvebzcs8MKtolAbPVkG +iqnjftXd28sZhEDx9YJrUfmzspdrYmU7hy1kgV1/WGIcWyTExTH3bqlnaIWnnTxA +HD0x4NJ2AzmX5VO8LxhqGID+BErrv7uGZvVmJT6trqUIcKeNEq7mzdDJKqTBY4cw +q+Dm8P0vs4IFTD8q5f1Vr78FmUth2srIBmsIH1wNV1nAUTmQppNBFlCmcvnWTYI1 +0UMcsFFrJ2pFT1yP2AEGUNl4Lgj4hmVHZwX38/lu9pQ7iWtHSLOwZsfuC34/goS+ +ldFt63JqDV7ZaqwAgk7Iq6jbr4pSVsB4VdglABEBAAG5AQ0EXFrFZgEIAN7XqOmH +9d5gMZ1uDZaEBlOmjFrXEwG2Lb24sxdBNEnHqarYXBW6LuBRjfvmEFNI83+xLXNI +Zh/4MZs0WEnQO9pUpufIVtSJL5GNSUFJ/lU//TQrAD/750nwW+S+SZAvoLX4NuqS +ASXZgEDQCvyGFNguIAyqfFoiT+w7+zOiLhDp40ZpDLx8HchYzCr0yZZ0spXabHOh +HF5Reec0J+MTdHMw/23tNYh/AdUmxVCyRtXb15h00Afp01QZGPq20VCAVas/WaHL +k3yXi2ehw5XMX26Yz19jTyVaoQygFZp7obpHruah0zIFAKcQN6iAqc8ZKdDYi8BK +ZnxB5v/NmkmTFwkAEQEAAYkBNgQYAQgAIAIbDBYhBDFP6C5aTFN3vKLt7FIIgS4e +Sm2wBQJcWsavAAoJEFIIgS4eSm2wRd0H/2b0a60QAMy2GT2RCL9l3dE23bup1gMa +UZf2Igt6g0lczyb2mI3MT3aQ2EhbaTZi6m6Hr06ko/XUTUTMZt051vAHbIoiEI4n +E1vZCJmjGKR1wPi8TafR7lKBKrQfakO3i/0PLSlY63LKLea6j4/byT8iBjidF3cN +HYVoGJdeXzreSk+3xzVpOjnLa7WoNZ800+2mR+ZBwE06KBP+OurMeOB5NGq1I9am +k+XQfRsSV6sFxMErv4BfvAuRe2UKAVnt9azfb6AyEoldWGx5/CCMB8oEhFLug6Zm +2aVYDqALYdeleRyfjEM5CjXBz9lswWPKSUsECbVYRMGKpH6Tm7BeYnw= +=uBzQ +-----END PGP PUBLIC KEY BLOCK----- + pub 55C7E5E701832382 uid Andrey Somov (SnakeYAML) diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml index 51ace14..fb96fb6 100644 --- a/gradle/verification-metadata.xml +++ b/gradle/verification-metadata.xml @@ -19,10 +19,18 @@ + + + + + + + +