From 7ff2c81f360aaf247ce387f08804adf14b4d340e Mon Sep 17 00:00:00 2001 From: Aakash Nayak Date: Fri, 30 Aug 2024 16:24:43 +0530 Subject: [PATCH] Run build with unit tests without elevated permissions --- .github/workflows/build-report.yml | 51 ++++++++++++++++++++++++++++++ .github/workflows/build.yml | 38 +++++++++++----------- .github/workflows/trigger.yml | 47 --------------------------- 3 files changed, 70 insertions(+), 66 deletions(-) create mode 100644 .github/workflows/build-report.yml delete mode 100644 .github/workflows/trigger.yml diff --git a/.github/workflows/build-report.yml b/.github/workflows/build-report.yml new file mode 100644 index 0000000..b3e8ef1 --- /dev/null +++ b/.github/workflows/build-report.yml @@ -0,0 +1,51 @@ +# Copyright © 2024 Cask Data, Inc. +#  Licensed under the Apache License, Version 2.0 (the "License"); you may not +#  use this file except in compliance with the License. You may obtain a copy of +#  the License at +#  http://www.apache.org/licenses/LICENSE-2.0 +#  Unless required by applicable law or agreed to in writing, software +#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +#  License for the specific language governing permissions and limitations under +#  the License. + +# This workflow will build a Java project with Maven +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven +# Note: Any changes to this workflow would be used only after merging into develop +name: Build Unit Tests Report + +on: +  workflow_run: +    workflows: +    - Build with unit tests +    types: +    - completed + +jobs: +  build: +    runs-on: ubuntu-latest + +    if: ${{ github.event.workflow_run.conclusion != 'skipped' }} + +    steps: +    # Pinned 1.0.0 version +    - uses: marocchino/action-workflow_run-status@54b6e87d6cb552fc5f36dbe9a722a6048725917a + +    - name: Download artifact +      uses: actions/download-artifact@v4 +      with: +        github-token: ${{ secrets.GITHUB_TOKEN }} +        run-id: ${{ github.event.workflow_run.id }} +        path: artifacts/ + +    - name: Surefire Report +      # Pinned 3.5.2 version +      uses: mikepenz/action-junit-report@16a9560bd02f11e7e3bf6b3e2ef6bba6c9d07c32 +      if: always() +      with: +        report_paths: '**/target/surefire-reports/TEST-*.xml' +        github_token: ${{ secrets.GITHUB_TOKEN }} +        detailed_summary: true +        commit: ${{ github.event.workflow_run.head_sha }} +        check_name: Build Test Report + diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e4a07f7..c37580b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,21 +15,28 @@ name: Build with unit tests on: - workflow_run: - workflows: - - Trigger build - types: - - completed + push: + branches: [ develop, release/** ] + pull_request: + branches: [ develop, release/** ] + types: [opened, synchronize, reopened, labeled] jobs: build: runs-on: k8s-runner-build - if: ${{ github.event.workflow_run.conclusion != 'skipped' }} - + # We allow builds: + # 1) When it's a merge into a branch + # 2) For PRs that are labeled as build and + # - It's a code change + # - A build label was just added + # A bit complex, but prevents builds when other labels are manipulated + if: > + github.event_name == 'push' + || (contains(github.event.pull_request.labels.*.name, 'build') + && (github.event.action != 'labeled' || github.event.label.name == 'build') + ) steps: - # Pinned 1.0.0 version - - uses: marocchino/action-workflow_run-status@54b6e87d6cb552fc5f36dbe9a722a6048725917a - uses: actions/checkout@v3 with: ref: ${{ github.event.workflow_run.head_sha }} @@ -43,18 +50,11 @@ jobs: - name: Build with Maven run: mvn clean test -fae -T 2 -B -V -DcloudBuild -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=25 - name: Archive build artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: - name: Build debug files + name: reports-${{ github.run_id }} path: | **/target/rat.txt **/target/surefire-reports/* - - name: Surefire Report - # Pinned 1.0.5 version - uses: ScaCap/action-surefire-report@ad808943e6bfbd2e6acba7c53fdb5c89534da533 - if: always() - with: - # GITHUB_TOKEN - github_token: ${{ secrets.GITHUB_TOKEN }} - commit: ${{ github.event.workflow_run.head_sha }} + diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml deleted file mode 100644 index e5693af..0000000 --- a/.github/workflows/trigger.yml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright © 2021 Cask Data, Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# This workflow will trigger build.yml only when needed. -# This way we don't flood main workflow run list -# Note that build.yml from develop will be used even for PR builds -# Also it will have access to the proper GITHUB_SECRET - -name: Trigger build - -on: - push: - branches: [ develop, release/** ] - pull_request: - branches: [ develop, release/** ] - types: [opened, synchronize, reopened, labeled] - workflow_dispatch: - -jobs: - trigger: - runs-on: ubuntu-latest - - # We allow builds: - # 1) When triggered manually - # 2) When it's a merge into a branch - # 3) For PRs that are labeled as build and - # - It's a code change - # - A build label was just added - # A bit complex, but prevents builds when other labels are manipulated - if: > - github.event_name == 'workflow_dispatch' - || github.event_name == 'push' - || (contains(github.event.pull_request.labels.*.name, 'build') - && (github.event.action != 'labeled' || github.event.label.name == 'build') - ) - - steps: - - name: Trigger build - run: echo Maven build will be triggered now