Skip to content

Commit

Permalink
ci(GitHub): update workflows setup, support fast-forward merges from …
Browse files Browse the repository at this point in the history 
…PR comment command

Signed-off-by: Artyom Shendrik <[email protected]>
  • Loading branch information
@amal
amal committed Dec 24, 2023
1 parent d313685 commit b3e90b7
Show file tree
Hide file tree
Showing 5 changed files with 126 additions and 26 deletions.
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* [email protected]
38 changes: 26 additions & 12 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,39 +3,43 @@ name: Build
on:
pull_request:
paths-ignore:
- '**-check.yml'
- '**-submission.yml'
- '**-validation.yml'
- '**.*ignore'
- '**.md'
- '**.txt'
- '**benchmark.yml'
- '**/pr-**.yml'
- '**dependabot.yml'
push:
paths-ignore:
- '**-check.yml'
- '**-submission.yml'
- '**-validation.yml'
- '**.*ignore'
- '**.md'
- '**.txt'
- '**benchmark.yml'
- '**/pr-**.yml'
- '**dependabot.yml'

env:
CI: true
BUILD_NUMBER: ${{ github.run_number }}
SCM_TAG: ${{ github.sha }}
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
#GRADLE_OPTS: "-Dorg.gradle.daemon=false"
GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: "^(?!(classpath)).*"
DEPENDENCY_GRAPH_INCLUDE_PROJECTS: "^:(?!(buildSrc|test-)).*"

jobs:
buildAndCheck:
name: 'Build and check'
timeout-minutes: 25
runs-on: 'ubuntu-latest'
if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}
permissions: # The Dependency Submission API requires write permission
permissions:
contents: write
security-events: write
# We appear to need write permission for both pull-requests and
# issues in order to post a comment to a pull request.
pull-requests: write
issues: write

steps:
- name: Harden Runner
Expand All @@ -47,25 +51,35 @@ jobs:
- name: Checkout
uses: actions/checkout@v4

- name: 'Set up JDK 17'
- name: 'Set up JDK 21'
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
java-version: '21'

- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
gradle-home-cache-cleanup: true
cache-read-only: ${{ (github.ref != 'refs/heads/main' && github.ref != 'refs/heads/dev') }}
dependency-graph: generate-and-submit
cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/dev' }}
dependency-graph: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && 'generate-and-submit' || 'disabled'}}

- name: 'Build and check plugin itself'
run: ./gradlew build assemble check --continue --stacktrace --scan

- name: Upload sarif report (Detekt)
if: (success() || failure()) && (github.event_name == 'pull_request' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')
uses: github/codeql-action/upload-sarif@v2
continue-on-error: true
with:
sarif_file: build/detekt-merged.sarif
category: detekt

- name: 'Check "latest" setup example'
working-directory: checks/latest
run: ./gradlew check --continue --stacktrace --scan
env:
GITHUB_DEPENDENCY_GRAPH_ENABLED: false

- name: 'Check "js-only" setup example'
working-directory: checks/js-only
Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/pr-check.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: PR Check

on:
pull_request:
types: [ opened, reopened, synchronize ]

jobs:
check-fast-forward:
runs-on: ubuntu-latest

permissions:
contents: read
# We appear to need write permission for both pull-requests and
# issues in order to post a comment to a pull request.
pull-requests: write
issues: write

steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
- name: Checking if fast forwarding is possible
uses: sequoia-pgp/fast-forward@v1
with:
merge: false
# To reduce the workflow's verbosity, use 'on-error'
# to only post a comment when an error occurs, or 'never' to
# never post a comment.
# (Information is always available in the step's summary.)
comment: on-error
41 changes: 41 additions & 0 deletions .github/workflows/pr-fast-forward.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: PR Fast-Forward Merge

on:
issue_comment:
types: [ created ]
#types: [ created, edited ]

jobs:
fast-forward:
# Only run if the comment contains the '/fast-forward' command or equals a '/ff' command.
if: github.event.issue.pull_request && (contains(github.event.comment.body, '/fast-forward') || github.event.comment.body == '/ff')
runs-on: ubuntu-latest

permissions:
contents: write
# We appear to need write permission for both pull-requests and
# issues in order to post a comment to a pull request.
pull-requests: write
issues: write

steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
# TODO: Add thumbs-up reaction to the comment before the fast-forward to quickly indicate the command was received.

- name: Fast-forwarding and pushing
uses: sequoia-pgp/fast-forward@v1
with:
merge: true
# To reduce the workflow's verbosity, use 'on-error'
# to only post a comment when an error occurs, or 'never' to
# never post a comment.
# (Information is always available in the step's summary.)
comment: always
37 changes: 23 additions & 14 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,20 @@ env:
CI: true
BUILD_NUMBER: ${{ github.run_number }}
SCM_TAG: ${{ github.sha }}
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
GRADLE_OPTS: |
-Dorg.gradle.caching=false
-Dorg.gradle.configuration-cache=false
-Dorg.gradle.daemon=false
-Dorg.gradle.unsafe.watch-fs=false
-Dorg.gradle.vfs.watch=false
jobs:
release:
runs-on: ubuntu-latest
permissions:
# allows the action to create a release
contents: write

steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
Expand All @@ -38,28 +47,17 @@ jobs:
echo "RELEASE_PRE=$RELEASE_PRE" >> $GITHUB_ENV
echo "RELEASE_SUFFIX=$RELEASE_SUFFIX" >> $GITHUB_ENV
- name: Set up JDK 17
- name: 'Set up JDK 21'
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
java-version: '21'

- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
cache-read-only: true

- name: Check and publish plugin
if: github.repository == 'fluxo-kt/fluxo-bcv-js'
env:
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
RELEASE: true
run: ./gradlew build assemble check publishPlugins --no-build-cache --stacktrace --scan
-Pgradle.publish.key="${{ secrets.GRADLE_PUBLISH_KEY }}"
-Pgradle.publish.secret="${{ secrets.GRADLE_PUBLISH_SECRET }}"
continue-on-error: true

- name: GitHub Release
# https://github.com/anton-yurchenko/git-release#readme
uses: docker://antonyurchenko/git-release:latest
Expand All @@ -71,5 +69,16 @@ jobs:
CHANGELOG_FILE: "CHANGELOG.md"
ALLOW_EMPTY_CHANGELOG: "false"

- name: Publish plugin
if: github.repository == 'fluxo-kt/fluxo-bcv-js'
env:
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
RELEASE: true
run: >
./gradlew publishPlugins --no-build-cache --no-configuration-cache --stacktrace --scan
-Pgradle.publish.key="${{ secrets.GRADLE_PUBLISH_KEY }}"
-Pgradle.publish.secret="${{ secrets.GRADLE_PUBLISH_SECRET }}"
# References
# https://github.com/studiometa/vue-mapbox-gl/blob/8c3ca5a/.github/workflows/release.yml#L26

0 comments on commit b3e90b7

Please sign in to comment.