GH Actions CI reporting #352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| # Copyright Red Hat Inc. and Hibernate Authors | |
| name: GH Actions CI reporting | |
| on: | |
| workflow_run: | |
| workflows: [ "GH Actions CI" ] | |
| types: [ completed ] | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| MAVEN_ARGS: "-e -B --settings .github/mvn-settings.xml --fail-at-end -Pci-build --no-transfer-progress" | |
| permissions: | |
| contents: read | |
| jobs: | |
| publish-build-scans: | |
| name: Publish Develocity build scans | |
| if: github.repository == 'hibernate/hibernate-validator' && github.event.workflow_run.conclusion != 'cancelled' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Different branches might have different versions of Develocity, and we want to make sure | |
| # that we publish with the one that we built the scan with in the first place: | |
| - name: Determine the Branch Reference for which the original action was triggered | |
| id: determine_branch_ref | |
| run: | | |
| if [ -n "${{ github.event.workflow_run.pull_requests[0].base.ref }}" ]; then | |
| BRANCH_REF="${{ github.event.workflow_run.pull_requests[0].base.ref }}" | |
| else | |
| BRANCH_REF="${{ github.event.workflow_run.head_branch }}" | |
| fi | |
| echo "original_branch_ref=$BRANCH_REF" >> "$GITHUB_OUTPUT" | |
| # Checkout target branch which has trusted code | |
| - name: Check out target branch | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ steps.determine_branch_ref.outputs.original_branch_ref }} | |
| - name: Set up Java 21 | |
| uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1 | |
| with: | |
| java-version: 21 | |
| distribution: temurin | |
| # https://github.com/actions/cache/blob/main/examples.md#java---maven | |
| - name: Cache local Maven repository | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3 | |
| with: | |
| path: ~/.m2/repository | |
| # use a different key than workflows running untrusted code | |
| key: trusted-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| trusted-${{ runner.os }}-maven- | |
| - name: Set up Maven | |
| run: ./mvnw -v | |
| - name: Download GitHub Actions artifacts for the Develocity build scans | |
| id: downloadBuildScan | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0 | |
| with: | |
| pattern: build-scan-data-* | |
| github-token: ${{ github.token }} | |
| repository: ${{ github.repository }} | |
| run-id: ${{ github.event.workflow_run.id }} | |
| path: /tmp/downloaded-build-scan-data/ | |
| # Don't fail the build if there are no matching artifacts | |
| continue-on-error: true | |
| - name: Publish Develocity build scans for previous builds | |
| if: ${{ steps.downloadBuildScan.outcome != 'failure'}} | |
| run: | | |
| shopt -s nullglob # Don't run the loop below if there are no artifacts | |
| status=0 | |
| mkdir -p ~/.m2/.develocity/ | |
| for build_scan_data_directory in /tmp/downloaded-build-scan-data/* | |
| do | |
| rm -rf ~/.m2/.develocity/build-scan-data | |
| mv "$build_scan_data_directory" ~/.m2/.develocity/build-scan-data \ | |
| && ./mvnw $MAVEN_ARGS develocity:build-scan-publish-previous || status=1 | |
| done | |
| exit $status | |
| env: | |
| DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY_PR }} |