From dc46b1adca7ae09dcdef5bfcdab122c7096e6edf Mon Sep 17 00:00:00 2001 From: An Phi Date: Mon, 30 Oct 2023 20:44:37 -0400 Subject: [PATCH] fix CI build on master (#2417) --- .github/workflows/build.yml | 25 +++++++--- .github/workflows/code-quality.yml | 80 ++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/code-quality.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f220c8d77eb..c1a32c07ded 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,7 +17,6 @@ name: Build CI env: CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }} CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} MAVEN_OPTS: "-Xmx6g" on: [push, pull_request] @@ -40,7 +39,19 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 + + - name: Cache Maven dependencies + uses: actions/cache@v3 + env: + cache-name: cache-mvn-deps + with: + path: ~/.m2/repository + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-build-${{ env.cache-name }}- + ${{ runner.os }}-build- + ${{ runner.os }}- - name: Set up JDK uses: actions/setup-java@v1 @@ -68,13 +79,12 @@ jobs: with: theme: dark - - name: Build + Test + - name: Build (PR) if: github.ref != 'refs/heads/master' run: | mvn -B -e -DskipTests=true install - mvn -B -e surefire:test -DargLine="-XX:MaxRAMPercentage=70.0" -Dsurefire.reports.directory=${GITHUB_WORKSPACE}/surefire-reports-aggregate - - name: Build + Test + Maven Deploy + Sonar + Docker Snapshot + - name: Build (with Maven Deploy + Docker Snapshot) if: github.ref == 'refs/heads/master' env: DOCKER_USERNAME: finos @@ -86,7 +96,10 @@ jobs: # and can cause problem with some code generators # See https://github.com/finos/legend-engine/pull/924 run: | - mvn -B -e -DskipTests=true deploy -P docker-snapshot,sonar + mvn -B -e -DskipTests=true deploy -P docker-snapshot + + - name: Test + run: | mvn -B -e surefire:test -DargLine="-XX:MaxRAMPercentage=70.0" -Dsurefire.reports.directory=${GITHUB_WORKSPACE}/surefire-reports-aggregate - name: Upload Test Results diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml new file mode 100644 index 00000000000..617cf73fea4 --- /dev/null +++ b/.github/workflows/code-quality.yml @@ -0,0 +1,80 @@ +# Copyright 2022 Goldman Sachs +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Code Quality Check + +on: + # Analysis done to check for security and quality are often taken care of by vendor tools, such as SonarCloud, CodeQL, etc. + # We will not run these in PR pipelins for the following reasons: + # 1. In terms of quality checks, these analysis are often already covered by code checks (e.g. eslint) already set to run + # for PRs + # 2. Security checks are included meaning that these checks will have to go through a huge libraries of vulnerability checks + # from vendor, which could take up huge amount of time to run, which is not suitable to have in PR unless absolutely necessary. + # However, most of the problems detected by these checks are often security warnings and some other niche problems that we might + # or might not necessarily have to deal with (false positive, or belongs to test-only codepath) + push: + branches: + - master + +env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + MAVEN_OPTS: "-Xmx6g" + +# Cancel running jobs from previous pipelines of the same workflow on PR to save resource when commits are pushed quickly +# NOTE: we don't want this behavior on default branch +# See https://stackoverflow.com/a/68422069 +concurrency: + group: ${{ github.ref == 'refs/heads/master' && format('ci-default-branch-{0}-{1}', github.sha, github.workflow) || format('ci-pr-{0}-{1}', github.ref, github.workflow) }} + cancel-in-progress: true + +jobs: + sonar-code-check: + name: Sonar Code Quality Check + # NOTE: we cannot run this action in PR anyway because secrets are not accessible from forks + # See https://portal.productboard.com/sonarsource/1-sonarcloud/c/50-sonarcloud-analyzes-external-pull-request + # See https://community.sonarsource.com/t/github-action-ci-build-fail-with-set-the-sonar-token-env-variable/38997 + if: github.repository == 'finos/legend-engine' + # NOTE: larger runner is required to run this build + runs-on: ubuntu-latest-4-cores + + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Cache Maven dependencies + uses: actions/cache@v3 + env: + cache-name: cache-mvn-deps + with: + path: ~/.m2/repository + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-build-${{ env.cache-name }}- + ${{ runner.os }}-build- + ${{ runner.os }}- + + - name: Set up JDK + uses: actions/setup-java@v1 + with: + java-version: 11 + + - name: Check Java version + run: java -version + + - name: Download deps and plugins + run: mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies + + - name: Check Code Quality + run: | + mvn -B -e -DskipTests=true install -P sonar