diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml deleted file mode 100644 index da88764351..0000000000 --- a/.github/workflows/build.yaml +++ /dev/null @@ -1,52 +0,0 @@ -name: Build and verify -on: - pull_request: - push: - branches: [ master ] -permissions: - contents: read -jobs: - build: - strategy: - matrix: - os: [ ubuntu-22.04 ] - jdk: [ 11.0.20, 17.0.8, 21.0.0 ] - distribution: [ temurin ] - experimental: [ false ] - include: - - os: macos-12 - jdk: 17.0.8 - distribution: temurin - experimental: false - - os: windows-2022 - jdk: 17.0.8 - distribution: temurin - experimental: false - runs-on: ${{ matrix.os }} - continue-on-error: ${{ matrix.experimental }} - steps: - # We run the build twice for each supported JDK: once against the - # original Error Prone release, using only Error Prone checks available - # on Maven Central, and once against the Picnic Error Prone fork, - # additionally enabling all checks defined in this project and any Error - # Prone checks available only from other artifact repositories. - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: ${{ matrix.jdk }} - distribution: ${{ matrix.distribution }} - cache: maven - - name: Display build environment details - run: mvn --version - - name: Build project against vanilla Error Prone, compile Javadoc - run: mvn -T1C install javadoc:jar - - name: Build project with self-check against Error Prone fork - run: mvn -T1C clean verify -Perror-prone-fork -Pnon-maven-central -Pself-check -s settings.xml - - name: Remove installed project artifacts - run: mvn build-helper:remove-project-artifact - -# XXX: Enable Codecov once we "go public". diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 03ef52a5ad..0000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,44 +0,0 @@ -# Analyzes the code using GitHub's default CodeQL query database. -# Identified issues are registered with GitHub's code scanning dashboard. When -# a pull request is analyzed, any offending lines are annotated. See -# https://codeql.github.com for details. -name: CodeQL analysis -on: - pull_request: - push: - branches: [ master ] - schedule: - - cron: '0 4 * * 1' -permissions: - contents: read -jobs: - analyze: - strategy: - matrix: - language: [ java, ruby ] - permissions: - contents: read - security-events: write - runs-on: ubuntu-22.04 - steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: 17.0.8 - distribution: temurin - cache: maven - - name: Initialize CodeQL - uses: github/codeql-action/init@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0 - with: - languages: ${{ matrix.language }} - - name: Perform minimal build - if: matrix.language == 'java' - run: mvn -T1C clean install -DskipTests -Dverification.skip - - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0 - with: - category: /language:${{ matrix.language }} diff --git a/.github/workflows/deploy-website.yaml b/.github/workflows/deploy-website.yaml deleted file mode 100644 index ce5be120b7..0000000000 --- a/.github/workflows/deploy-website.yaml +++ /dev/null @@ -1,51 +0,0 @@ -name: Update `error-prone.picnic.tech` website content -on: - pull_request: - push: - branches: [ master, website ] -permissions: - contents: read -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} -jobs: - build: - runs-on: ubuntu-22.04 - steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - - uses: ruby/setup-ruby@d37167af451eb51448db3354e1057b75c4b268f7 # v1.155.0 - with: - working-directory: ./website - bundler-cache: true - - name: Configure Github Pages - uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3.0.6 - - name: Generate documentation - run: ./generate-docs.sh - - name: Build website with Jekyll - working-directory: ./website - run: bundle exec jekyll build - - name: Validate HTML output - working-directory: ./website - # XXX: Drop `--disable_external true` once we fully adopted the - # "Refaster rules" terminology on our website and in the code. - run: bundle exec htmlproofer --disable_external true --check-external-hash false ./_site - - name: Upload website as artifact - uses: actions/upload-pages-artifact@a753861a5debcf57bf8b404356158c8e1e33150c # v2.0.0 - with: - path: ./website/_site - deploy: - if: github.ref == 'refs/heads/website' - needs: build - permissions: - id-token: write - pages: write - runs-on: ubuntu-22.04 - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@9dbe3824824f8a1377b8e298bafde1a50ede43e5 # v2.0.4 diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml deleted file mode 100644 index 65a96d597b..0000000000 --- a/.github/workflows/openssf-scorecard.yml +++ /dev/null @@ -1,36 +0,0 @@ -# Analyzes the code base and GitHub project configuration for adherence to -# security best practices for open source software. Identified issues are -# registered with GitHub's code scanning dashboard. When a pull request is -# analyzed, any offending lines are annotated. See -# https://securityscorecards.dev for details. -name: OpenSSF Scorecard update -on: - pull_request: - push: - branches: [ master ] - schedule: - - cron: '0 4 * * 1' -permissions: - contents: read -jobs: - analyze: - permissions: - contents: read - security-events: write - id-token: write - runs-on: ubuntu-22.04 - steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - - name: Run OpenSSF Scorecard analysis - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 - with: - results_file: results.sarif - results_format: sarif - publish_results: ${{ github.ref == 'refs/heads/master' }} - - name: Update GitHub's code scanning dashboard - uses: github/codeql-action/upload-sarif@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0 - with: - sarif_file: results.sarif diff --git a/.github/workflows/pitest-analyze-pr.yml b/.github/workflows/pitest-analyze-pr.yml deleted file mode 100644 index 4ded8ed954..0000000000 --- a/.github/workflows/pitest-analyze-pr.yml +++ /dev/null @@ -1,38 +0,0 @@ -# Performs mutation testing analysis on the files changed by a pull request and -# uploads the results. The associated PR is subsequently updated by the -# `pitest-update-pr.yml` workflow. See https://blog.pitest.org/oss-pitest-pr/ -# for details. -name: "Mutation testing" -on: - pull_request: -permissions: - contents: read -jobs: - analyze-pr: - runs-on: ubuntu-22.04 - steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 2 - persist-credentials: false - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: 17.0.8 - distribution: temurin - cache: maven - - name: Run Pitest - # By running with features `+GIT(from[HEAD~1]), +gitci`, Pitest only - # analyzes lines changed in the associated pull request, as GitHub - # exposes the changes unique to the PR as a single commit on top of the - # target branch. See https://blog.pitest.org/pitest-pr-setup for - # details. - run: mvn test pitest:mutationCoverage -DargLine.xmx=2048m -Dverification.skip -Dfeatures="+GIT(from[HEAD~1]), +gitci" - - name: Aggregate Pitest reports - run: mvn pitest-git:aggregate -DkilledEmoji=":tada:" -DmutantEmoji=":zombie:" -DtrailingText="Mutation testing report by [Pitest](https://pitest.org/). Review any surviving mutants by inspecting the line comments under [_Files changed_](${{ github.event.number }}/files)." - - name: Upload Pitest reports as artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: pitest-reports - path: ./target/pit-reports-ci diff --git a/.github/workflows/pitest-update-pr.yml b/.github/workflows/pitest-update-pr.yml deleted file mode 100644 index bc7b1ef632..0000000000 --- a/.github/workflows/pitest-update-pr.yml +++ /dev/null @@ -1,39 +0,0 @@ -# Updates a pull request based on the corresponding mutation testing analysis -# performed by the `pitest-analyze-pr.yml` workflow. See -# https://blog.pitest.org/oss-pitest-pr/ for details. -name: "Mutation testing: post results" -on: - workflow_run: - workflows: ["Mutation testing"] - types: - - completed -permissions: - actions: read -jobs: - update-pr: - if: ${{ github.event.workflow_run.conclusion == 'success' }} - permissions: - actions: read - checks: write - contents: read - pull-requests: write - runs-on: ubuntu-22.04 - steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: 17.0.8 - distribution: temurin - cache: maven - - name: Download Pitest analysis artifact - uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2.28.0 - with: - workflow: ${{ github.event.workflow_run.workflow_id }} - name: pitest-reports - path: ./target/pit-reports-ci - - name: Update PR - run: mvn -DrepoToken="${{ secrets.GITHUB_TOKEN }}" pitest-github:updatePR diff --git a/.github/workflows/run-integration-tests.yml b/.github/workflows/run-integration-tests.yml index a51bba2706..e59ed57a77 100644 --- a/.github/workflows/run-integration-tests.yml +++ b/.github/workflows/run-integration-tests.yml @@ -9,20 +9,24 @@ name: "Integration tests" on: issue_comment: types: [ created ] + # XXX: Drop. + pull_request: permissions: contents: read jobs: run-integration-tests: name: On-demand integration test - if: | - github.event.issue.pull_request && contains(github.event.comment.body, '/integration-test') + # XXX: Enable. + #if: | + # github.event.issue.pull_request && contains(github.event.comment.body, '/integration-test') runs-on: ubuntu-22.04 steps: - name: Check out code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - ref: refs/pull/${{ github.event.issue.number }}/head + # XXX: Enable. + #ref: refs/pull/${{ github.event.issue.number }}/head - name: Set up JDK uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml deleted file mode 100644 index feaedba873..0000000000 --- a/.github/workflows/sonarcloud.yml +++ /dev/null @@ -1,36 +0,0 @@ -# Analyzes the code base using SonarCloud. See -# https://sonarcloud.io/project/overview?id=PicnicSupermarket_error-prone-support. -name: SonarCloud analysis -on: - pull_request: - push: - branches: [ master ] - schedule: - - cron: '0 4 * * 1' -permissions: - contents: read -jobs: - analyze: - permissions: - contents: read - runs-on: ubuntu-22.04 - steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - persist-credentials: false - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: 17.0.8 - distribution: temurin - cache: maven - - name: Create missing `test` directory - # XXX: Drop this step in favour of actually having a test. - run: mkdir refaster-compiler/src/test - - name: Perform SonarCloud analysis - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: mvn -T1C jacoco:prepare-agent verify jacoco:report sonar:sonar -Dverification.skip -Dsonar.projectKey=PicnicSupermarket_error-prone-support