feat: Improve @CascadingUpdateShadowVariable logic #1282
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SonarCloud | |
| on: | |
| push: | |
| branches: | |
| - main | |
| # Enables the workflow to run on PRs from forks. | |
| # CI will only run for trusted users, to prevent stealing of secrets. | |
| pull_request_target: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - labeled | |
| jobs: | |
| # Check if the user is a member of the organization; if so, allow the PR to sail through. | |
| known_user: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is_member_of_org: ${{ steps.auth_check.outputs.authorized }} | |
| steps: | |
| - id: auth_check | |
| env: | |
| GH_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Release account is a Solver Gatekeeper. | |
| shell: bash | |
| run: | | |
| # -g to allow actors such as dependabot[bot] | |
| ORG_MEMBERSHIP=`curl -g -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` | |
| echo "authorized=$ORG_MEMBERSHIP" >> "$GITHUB_OUTPUT" | |
| - id: validation | |
| shell: bash | |
| run: | | |
| echo "Authorized user: ${{ steps.auth_check.outputs.authorized }}" | |
| # If the user is not a member, require a member to approve the PR. | |
| approval_required: | |
| needs: known_user | |
| environment: | |
| ${{ | |
| github.event_name == 'pull_request_target' && | |
| github.event.pull_request.head.repo.full_name != github.repository && | |
| (needs.known_user.outputs.is_member_of_org != 'true' || github.actor == 'dependabot[bot]') && | |
| 'external' || 'internal' | |
| }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: true | |
| build: | |
| needs: approval_required | |
| name: Build and analyze | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| ref: ${{ github.event.pull_request.head.sha }} # The GHA event will pull the main branch by default, and we must specify the PR reference version | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Python 3.10, Python 3.11, Python 3.12 Setup | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: | | |
| 3.10 | |
| 3.11 | |
| 3.12 | |
| cache: 'pip' | |
| cache-dependency-path: | | |
| **/setup.py | |
| - name: Install tox | |
| run: | |
| pip install tox coverage pytest pytest-cov | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Build with Maven to measure code coverage # The ENV variables are limited to the scope of the current step. Avoid adding sensitive ENV variables here as the tests could leak them. | |
| run: mvn -B clean install -Prun-code-coverage | |
| - name: Get JaCoCo Agent | |
| run: mvn org.apache.maven.plugins:maven-dependency-plugin:2.8:get -Dartifact=org.jacoco:org.jacoco.agent:0.8.11:jar:runtime -Ddest=target/jacocoagent.jar | |
| - name: Run tox to measure timefold solver python code coverage from Python tests | |
| run: python -m tox -- --cov=timefold --cov-report=xml:target/coverage.xml --cov-config=tox.ini --cov-branch --cov-append --jacoco-agent=./target/jacocoagent.jar | |
| - name: Run tox to measure jpyinterpreter code coverage from Python tests | |
| working-directory: ./python/jpyinterpreter | |
| run: python -m tox -- --cov=jpyinterpreter --cov-report=xml:target/coverage.xml --cov-config=tox.ini --cov-branch --cov-append --jacoco-agent=../../target/jacocoagent.jar --jacoco-output=../../target/jacoco.exec | |
| - name: Run analysis | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Needed to run the SonarCloud analysis | |
| run: mvn -B -Psonarcloud-analysis validate org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.organization=timefold -Dsonar.projectKey=ai.timefold:timefold-solver -Dsonar.host.url=https://sonarcloud.io -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} |