Optimize CI a bit #574
Optimize CI a bit #574
Conversation
|
CC @JLLeitschuh |
|
@JLLeitschuh CC |
This will unblock #574 Signed-off-by: Jonathan Leitschuh <[email protected]>
This will unblock #574 Signed-off-by: Jonathan Leitschuh <[email protected]>
|
You can update to Gradle 8 or 7.6 to support Java 19. |
That's the plan. But things are breaking, and I don't have the time to figure out what's going on right now: #660 |
|
Validation job now only be executed after wrapper files are changed, it could be removed from required status checks. |
| restore-keys: | | ||
| ${{ runner.os }}-gradle-cache- | ||
| # Inspired by https://github.com/actions/cache/issues/432#issuecomment-740376179 | ||
| - name: Restore TestKit cache |
There was a problem hiding this comment.
Does this now get handled by the Gradle Action?
There was a problem hiding this comment.
Nope, if we still need to cache testKit dir, can we store them to ~/.gradle/.gradle-test-kit?
There was a problem hiding this comment.
Can you make sure this action is being run with no credentials?
| runs-on: ubuntu-latest | ||
|
|
||
| if: github.repository == 'JLLeitschuh/ktlint-gradle' |
There was a problem hiding this comment.
Why? What value does this if check add?
There was a problem hiding this comment.
No much necessary to run these jobs in forked repos.
| @@ -1,12 +1,18 @@ | |||
| name: "Validate Gradle Wrapper" | |||
| on: [push, pull_request] | |||
There was a problem hiding this comment.
I'd prefer to keep these. And I don't know if the filtering adds much value. It actual adds additional risk, as it completely misses the second Gradle wrapper in the plugins directory
| GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | ||
| GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | ||
| GITHUB_KEY: ${{ secrets.GithubKey }} |
There was a problem hiding this comment.
Why move these to the top when they are only needed for 2 steps. I don't see value in exposing these env variables to other action steps.
There was a problem hiding this comment.
Just reuse them for steps.
| @@ -32,7 +33,7 @@ jobs: | |||
|
|
|||
| steps: | |||
| - name: "Checkout code" | |||
| uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 | |||
| uses: actions/checkout@4 | |||
There was a problem hiding this comment.
Using the exact commit hash is done intentionally.
It's a suggested security measure, advised by security scorecard.
There was a problem hiding this comment.
We can pin them to hash, but there would be better to enable @renovate-bot for this repo to keep thing up to date.
There was a problem hiding this comment.
Dependabot can assist here as well I believe
Mainly for using
gradle-build-actionto speed up build on CI, and bump action versions by the way.