Merge pull request #36 from jflo/gha_permmissioned

Gha permmissioned
jflo · Jan 24, 2024 · d89d1c9 · d89d1c9
2 parents 4ac32c6 + 2190ad8
commit d89d1c9
Show file tree

Hide file tree

Showing 20 changed files with 845 additions and 146 deletions.
diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml
@@ -0,0 +1,114 @@
+name: acceptance-tests
+on:
+  pull_request:
+  pull_request_review:
+    types: [submitted]
+
+env:
+  GRADLE_OPTS: "-Xmx6g -Dorg.gradle.daemon=false"
+  total-runners: 16
+
+jobs:
+  shouldRun:
+    name: checks to ensure we should run
+    # necessary because there is no single PR approved event, need to check all comments/approvals/denials
+    runs-on: ubuntu-22.04
+    outputs:
+      shouldRun: ${{steps.shouldRun.outputs.result}}
+    steps:
+      - name: required check
+        id: shouldRun
+        uses: actions/[email protected]
+        env:
+          # fun fact, this changes based on incoming event, it will be different when we run this on pushes to main
+          RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
+        with:
+          script: |
+            const { RELEVANT_SHA } = process.env;
+            const { data: { statuses } } = await github.rest.repos.getCombinedStatusForRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: RELEVANT_SHA,
+            });
+            const acceptanceTested = statuses && statuses.filter(({ context }) => context === 'acceptance-tests');
+            const alreadyRun = acceptanceTested && acceptanceTested.find(({ state }) => state === 'success') > 0;
+            const { data: reviews } = await github.rest.pulls.listReviews({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+            });
+            const approvingReviews = reviews && reviews.filter(review => review.state === 'APPROVED');
+            const shouldRun = !alreadyRun && github.actor != 'dependabot[bot]' &&  (approvingReviews.length > 0);
+            
+              console.log("tests should be run = %j", shouldRun);
+              console.log("alreadyRun = %j", alreadyRun);
+              console.log("approvingReviews = %j", approvingReviews.length);
+            
+            return shouldRun;
+  acceptanceTestEthereum:
+    runs-on: ubuntu-22.04
+    name: "Acceptance Runner"
+    needs: shouldRun
+    permissions:
+      statuses: write
+      checks: write
+    if: ${{ needs.shouldRun.outputs.shouldRun == 'true'}}
+    strategy:
+      fail-fast: true
+      matrix:
+        runner_index: [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+      - name: Set up Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+      - name: get acceptance test report
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          branch: main
+          name_is_regexp: true
+          name: 'acceptance-node-\d*\d-test-results'
+          path: tmp/junit-xml-reports-downloaded
+          if_no_artifact_found: true
+      - name: setup gradle
+        uses: gradle/[email protected]
+      - name: Split tests
+        id: split-tests
+        uses: r7kamura/split-tests-by-timings@v0
+        with:
+          reports: tmp/junit-xml-reports-downloaded
+          glob: 'acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/**/*Test.java'
+          total: ${{env.total-runners}}
+          index: ${{ matrix.runner_index }}
+      - name: write out test list
+        run: echo "${{ steps.split-tests.outputs.paths }}" >> testList.txt
+      - name: format gradle args
+        #regex means: first truncate file paths to align with package name, then swap path delimiter with package delimiter,
+        #then drop file extension, then insert --tests option between each.
+        run: cat testList.txt | sed -e 's@acceptance-tests/tests/src/test/java/@--tests\ @g;s@/@.@g;s/\.java//g'  > gradleArgs.txt
+      - name: run acceptance tests
+        run: ./gradlew acceptanceTest `cat gradleArgs.txt` -Dorg.gradle.parallel=true -Dorg.gradle.caching=true
+      - name: cleanup tempfiles
+        run: rm testList.txt gradleArgs.txt
+      - name: Upload Acceptance Test Results
+        uses: actions/[email protected]
+        with:
+          name: acceptance-node-${{matrix.runner_index}}-test-results
+          path: 'acceptance-tests/tests/build/test-results/acceptanceTest/TEST-*.xml'
+      - name: Publish Test Report
+        uses: mikepenz/action-junit-report@v4
+        if: (success() || failure()) # always run even if the build step fails
+        with:
+          report_paths: 'acceptance-tests/tests/build/test-results/acceptanceTest/TEST-*.xml'
+  acceptance-tests:
+    runs-on: ubuntu-22.04
+    needs: [ acceptanceTestEthereum ]
+    permissions:
+      checks: write
+      statuses: write
+    steps:
+      - name: consolidation
+        run: echo "consolidating statuses"
diff --git a/.github/workflows/artifacts.yml b/.github/workflows/artifacts.yml
@@ -0,0 +1,72 @@
+
+name: artifacts
+
+on:
+  release:
+    types:
+      - prereleased
+
+jobs:
+  artifacts:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+      - name: setup gradle
+        uses: gradle/[email protected]
+      - name: assemble distributions
+        run:
+          ./gradlew -Prelease.releaseVersion=${{github.ref_name}} assemble -Dorg.gradle.parallel=true -Dorg.gradle.caching=true
+      - name: hashes
+        id: hashes
+        run: |
+          cd build/distributions
+          echo "zipSha=$(shasum -a 256 besu*.zip)" >> $GITHUB_OUTPUT
+          echo "tarSha=$(shasum -a 256 besu*.tar.gz)" >> $GITHUB_OUTPUT
+      - name: upload tarball
+        uses: actions/upload-artifact@v3
+        with:
+          path: 'build/distributions/besu*.tar.gz'
+      - name: upload zipfile
+        uses: actions/upload-artifact@v3
+        with:
+          path: 'build/distributions/besu*.zip'
+      - name: Upload Release assets
+        uses: softprops/action-gh-release@v1
+        with:
+          append_body: true
+          files: |
+            build/distributions/besu*.tar.gz
+            build/distributions/besu*.zip
+          body: |
+            ${{steps.hashes.outputs.tarSha}}
+            ${{steps.hashes.outputs.zipSha}}
+  testWindows:
+    runs-on: windows-2022
+    needs: assemble
+    timeout-minutes: 10
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Set up Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: adopt
+          java-version: 17
+      - name: Download zip
+        uses: actions/download-artifact@v3
+        with:
+          name: besu*.zip
+      - name: test Besu
+        run: |
+          unzip besu-*.zip -d besu-tmp
+          cd besu-tmp
+          mv besu-* ../besu
+          cd ..
+          besu\bin\besu.bat --help
+          besu\bin\besu.bat --version
+
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -14,40 +14,29 @@ name: "CodeQL"
 on:
   push:
     branches: [ main ]
-  pull_request:
-    branches: [ main ]
-    paths-ignore:
-      - '**/*.json'
-      - '**/*.md'
-      - '**/*.properties'
-      - '**/*.txt'
+    pull_request:
+      branches: [ main ]
+      paths-ignore:
+        - '**/*.json'
+        - '**/*.md'
+        - '**/*.properties'
+        - '**/*.txt'
 jobs:
   analyze:
     name: Analyze
-    runs-on: [besu-research-ubuntu-16]
+    runs-on: ubuntu-22.04
     permissions:
       actions: read
       contents: read
       security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'java' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
-
     - name: Set up Java
       uses: actions/setup-java@v4
       with:
         distribution: 'temurin'
         java-version: 17
-        cache: gradle
-
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
@@ -58,10 +47,10 @@ jobs:
         # Prefix the list here with "+" to use these queries and those in the config file.
         queries: security-and-quality,security-extended
 
-    # Autobuild failed (OOM)
-    # Hence, supply memory args for gradle build
-    - run: |
-        JAVA_OPTS="-Xmx1000M" ./gradlew --no-scan compileJava
-
+    - name: setup gradle
+      uses: gradle/gradle-build[email protected]
+    - name: compileJava noscan
+      run: |
+        JAVA_OPTS="-Xmx2048M" ./gradlew --no-scan compileJava
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/dco-merge-group.yml b/.github/workflows/dco-merge-group.yml
diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml