Skip to content

Commit

Permalink
Merge branch 'hibernate:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulc4
paulc4 authored Aug 24, 2024
2 parents 50adb95 + 4fd9a4f commit d9571f7
Show file tree
Hide file tree
Showing 7,745 changed files with 380,623 additions and 138,997 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
15 changes: 15 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<!--
If this is your first time contributing to the project, please consider reviewing https://github.com/hibernate/hibernate-orm/blob/main/CONTRIBUTING.md
-->

[Please describe here what your change is about]

<!--
Please read and do not remove the following lines:
-->
----------------------
By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0.txt)
and can be relicensed under the terms of the [LGPL v2.1 license](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) in the future at the maintainers' discretion.
For more information on licensing, please check [here](https://github.com/hibernate/hibernate-orm/blob/main/CONTRIBUTING.md#legal).

----------------------
56 changes: 56 additions & 0 deletions .github/hibernate-github-bot.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,59 @@
---
jira:
projectKey: "HHH"
insertLinksInPullRequests: true
ignoreFiles:
# Git
- ".git*"
- ".mailmap"
# Gradle
- "gradlew*"
- "gradle/"
- "local-build-plugins/"
- "build.gradle"
# NOT settings.gradle: contains dependency versions, changing those requires a Jira issue
- "utilities.gradle"
# CI
- ".github/"
- ".release/"
- "ci/"
- "databases/"
- "*.sh"
- "Jenkinsfile"
- "*/Jenkinsfile"
- "*.Jenkinsfile"
# In-repo documentation
- "design/"
- "README.adoc"
- "MAINTAINERS.md"
- "CONTRIBUTING.md"
# Misc. build files
- "checkerstubs/"
- "drivers/"
- "edb/"
- "etc/"
- "javadoc/"
- "patched-libs/"
- "release/"
- "rules/"
- "shared/"
develocity:
buildScan:
addCheck: true
tags:
- column: "OS"
pattern: "Linux"
- column: "OS"
pattern: "Windows.*"
replacement: "Windows"
- column: "Java"
pattern: "jdk-(.*)"
replacement: "$1"
- column: "Java"
pattern: "s390x"
replacement: "$0"
- column: "DB"
pattern: "((?:h2|postgres(?:ql)?|pgsql|mysql|mariadb|mssql|tidb|cockroach(?:db)?|oracle|db2|hsqldb|edb|sybase)(?:.*(?=_ci)|.*))(?:_ci)?"
replacement: "$1"
- pattern: "main|HEAD|\\d+.\\d+|PR-\\d+"
replacement: "" # Just remove these tags
118 changes: 118 additions & 0 deletions .github/workflows/atlas.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
# The main CI of Hibernate ORM is https://ci.hibernate.org/job/hibernate-orm-pipeline/.
# However, Hibernate ORM builds run on GitHub actions regularly
# to check that it still works and can be used in GitHub forks.
# See https://docs.github.com/en/free-pro-team@latest/actions
# for more information about GitHub actions.

name: Hibernate ORM build-Atlas

on:
push:
branches:
- 'main'
# WARNING: Using pull_request_target to access secrets, but we check out the PR head commit.
# See checkout action for details.
pull_request_target:
branches:
- 'main'

permissions: {} # none

# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting.
concurrency:
# Consider that two builds are in the same concurrency group (cannot run concurrently)
# if they use the same workflow and are about the same branch ("ref") or pull request.
group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}"
# Cancel previous builds in the same concurrency group even if they are in process
# for pull requests or pushes to forks (not the upstream repository).
cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-orm' }}

jobs:
build:
permissions:
contents: read
name: ORM
# runs-on: ubuntu-latest
runs-on: [self-hosted, Linux, X64, OCI]
strategy:
fail-fast: false
matrix:
include:
- rdbms: oracle_atps
- rdbms: oracle_db19c
- rdbms: oracle_db21c
- rdbms: oracle_db23c
steps:
- name: Check out commit already pushed to branch
if: "! github.event.pull_request.number"
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Check out PR head
uses: actions/checkout@v4
if: github.event.pull_request.number
with:
# WARNING: This is potentially dangerous since we're checking out unreviewed code,
# and since we're using the pull_request_target event we can use secrets.
# Thus, we must be extra careful to never expose secrets to steps that execute this code,
# and to strictly limit our of secrets to those that only pose minor security threats.
# This means in particular we won't expose Develocity credentials to the main gradle executions,
# but instead will execute gradle a second time just to push build scans to Develocity;
# see below.
ref: "refs/pull/${{ github.event.pull_request.number }}/head"
persist-credentials: false
- name: Reclaim Disk Space
run: .github/ci-prerequisites.sh
- name: Start database
env:
RDBMS: ${{ matrix.rdbms }}
RUNID: ${{ github.run_number }}
run: ci/database-start.sh
- name: Set up Java 17
uses: graalvm/setup-graalvm@v1
with:
distribution: 'graalvm'
java-version: '21'
- name: Get year/month for cache key
id: get-date
run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT
shell: bash
- name: Cache Maven local repository
uses: actions/cache@v4
id: cache-maven
with:
path: |
~/.m2/repository
~/.gradle/caches/
~/.gradle/wrapper/
# refresh cache every month to avoid unlimited growth
key: maven-localrepo-${{ steps.get-date.outputs.yearmonth }}
- name: Run build script
env:
RDBMS: ${{ matrix.rdbms }}
RUNID: ${{ github.run_number }}
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
# WARNING: As this runs on untrusted nodes, we use the same access key as for PRs:
# it has limited access, essentially it can only push build scans.
DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR || '' }}"
run: ./ci/build-github.sh
shell: bash
- name: Publish Develocity build scan for previous build
# Don't fail a build if publishing fails
continue-on-error: true
if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-orm' }}"
run: |
./gradlew buildScanPublishPrevious
env:
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
- name: Upload test reports (if Gradle failed)
uses: actions/upload-artifact@v4
if: failure()
with:
name: test-reports-java11-${{ matrix.rdbms }}
path: |
./**/target/reports/tests/
./**/target/reports/checkstyle/
- name: Omit produced artifacts from build cache
run: ./ci/before-cache.sh
24 changes: 20 additions & 4 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,15 @@ on:
schedule:
- cron: '34 11 * * 4'

# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting.
concurrency:
# Consider that two builds are in the same concurrency group (cannot run concurrently)
# if they use the same workflow and are about the same branch ("ref") or pull request.
group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}"
# Cancel previous builds in the same concurrency group even if they are in process
# for pull requests or pushes to forks (not the upstream repository).
cancel-in-progress: ${{ github.event_name == 'pull_request' || github.repository != 'hibernate/hibernate-orm' }}

jobs:
analyze:
name: Analyze
Expand All @@ -26,12 +35,19 @@ jobs:
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:

- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'

- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -45,7 +61,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -58,6 +74,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
52 changes: 41 additions & 11 deletions .github/workflows/contributor-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,13 @@ on:
push:
branches:
- 'main'
pull_request:
# WARNING: Using pull_request_target to access secrets, but we check out the PR head commit.
# See checkout action for details.
pull_request_target:
branches:
- 'main'



permissions: {} # none

# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting.
Expand All @@ -23,21 +26,20 @@ concurrency:
group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}"
# Cancel previous builds in the same concurrency group even if they are in process
# for pull requests or pushes to forks (not the upstream repository).
cancel-in-progress: ${{ github.event_name == 'pull_request' || github.repository != 'hibernate/hibernate-orm' }}
cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-orm' }}

jobs:
build:
permissions:
contents: read
name: Java 11
name: Java 17
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- rdbms: h2
- rdbms: hsqldb
- rdbms: derby
- rdbms: mysql
- rdbms: mariadb
- rdbms: postgresql
Expand All @@ -51,26 +53,41 @@ jobs:
# Running with HANA requires at least 8GB memory just for the database, which we don't have on GH Actions runners
# - rdbms: hana
steps:
- uses: actions/checkout@v3
- name: Check out commit already pushed to branch
if: "! github.event.pull_request.number"
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Check out PR head
uses: actions/checkout@v4
if: github.event.pull_request.number
with:
# WARNING: This is potentially dangerous since we're checking out unreviewed code,
# and since we're using the pull_request_target event we can use secrets.
# Thus, we must be extra careful to never expose secrets to steps that execute this code,
# and to strictly limit our of secrets to those that only pose minor security threats.
# This means in particular we won't expose Develocity credentials to the main gradle executions,
# but instead will execute gradle a second time just to push build scans to Develocity;
# see below.
ref: "refs/pull/${{ github.event.pull_request.number }}/head"
persist-credentials: false
- name: Reclaim Disk Space
run: .github/ci-prerequisites.sh
- name: Start database
env:
RDBMS: ${{ matrix.rdbms }}
run: ci/database-start.sh
- name: Set up Java 11
uses: actions/setup-java@v3
- name: Set up Java 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
java-version: '17'
- name: Get year/month for cache key
id: get-date
run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT
shell: bash
- name: Cache Maven local repository
uses: actions/cache@v3
uses: actions/cache@v4
id: cache-maven
with:
path: |
Expand All @@ -82,10 +99,23 @@ jobs:
- name: Run build script
env:
RDBMS: ${{ matrix.rdbms }}
# Don't populate Develocity cache in pull requests as that's potentially dangerous
POPULATE_REMOTE_GRADLE_CACHE: "${{ github.event_name == 'push' }}"
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY || '' }}"
run: ./ci/build-github.sh
shell: bash
- name: Publish Develocity build scan for previous build (pull request)
# Don't fail a build if publishing fails
continue-on-error: true
if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-orm' }}"
run: |
./gradlew buildScanPublishPrevious
env:
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
- name: Upload test reports (if Gradle failed)
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: failure()
with:
name: test-reports-java11-${{ matrix.rdbms }}
Expand Down
Loading

0 comments on commit d9571f7

Please sign in to comment.