ci: validate unmanaged dependency check in a few downstream repositor…

…ies (#2426)
googleapis · Jan 28, 2024 · 0d7303c · 0d7303c
1 parent acdde47
commit 0d7303c
Showing 1 changed file with 80 additions and 0 deletions.
diff --git a/.github/workflows/downstream_unmanaged_dependency_check.yaml b/.github/workflows/downstream_unmanaged_dependency_check.yaml
@@ -0,0 +1,80 @@
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - .github/workflows/downstream_unmanaged_dependency_check.yaml
+      - java-shared-dependencies/**
+
+name: Downstream Unmanaged Dependency Check
+jobs:
+  validate:
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        repo:
+          - java-bigtable
+          - java-firestore
+          - java-logging
+    steps:
+      - name: Checkout sdk-platform-java
+        uses: actions/checkout@v3
+        with:
+          path: sdk-platform-java
+      - name: Checkout the downstream repo
+        uses: actions/checkout@v4
+        with:
+          repository: googleapis/${{ matrix.repo }}
+          path: ${{ matrix.repo }}
+      - name: Check the environment
+        shell: bash
+        run: |
+          set -euxo pipefail
+          pwd
+          ls -alt
+      - uses: actions/setup-java@v3
+        with:
+          java-version: 11
+          distribution: temurin
+          cache: maven
+      - name: Install the modules of sdk-platform-java
+        shell: bash
+        working-directory: sdk-platform-java
+        run: |
+          set -euo pipefail
+          # gapic-generator-java is irrelevant
+          mvn -q -B -ntp install --projects '!gapic-generator-java' \
+            -Dcheckstyle.skip -Dfmt.skip -DskipTests -T 1C
+      - name: Build unmanaged dependency check
+        shell: bash
+        working-directory: sdk-platform-java/java-shared-dependencies/unmanaged-dependency-check
+        run: |
+          set -euo pipefail
+          echo "Install Unmanaged Dependency Check in $(pwd)"
+          mvn clean install -V --batch-mode --no-transfer-progress -DskipTests
+      - name: Install the modules of the downstream repository
+        shell: bash
+        working-directory: ${{ matrix.repo }}
+        run: |
+          # No argument to build.sh installs the modules in local Maven repository
+          .kokoro/build.sh
+      - name: Run unmanaged dependency check
+        shell: bash
+        run: |
+          set -euo pipefail
+          set -x
+          # java-bigtable has "-deps-bom" that declares its dependencies. It's not a good
+          # BOM to list the artifacts generated by that repository.
+          bom_dir=$(find ${{ matrix.repo }} -type d -name 'google-*-bom' ! -name '*-deps-bom')
+          bom_absolute_path=$(realpath "${bom_dir}/pom.xml")
+          cd sdk-platform-java/java-shared-dependencies/unmanaged-dependency-check
+          echo "Running Unmanaged Dependency Check against ${bom_absolute_path}"
+          unmanaged_dependencies=$(mvn exec:java -Dexec.args="../pom.xml ${bom_absolute_path}" -q)
+          if [[ "${unmanaged_dependencies}" != "[]" ]]; then
+            echo "With this change, the unmanaged dependencies check installed in ${{ matrix.repo }} will start to"
+            echo "fail due to ${unmanaged_dependencies}, among the artifacts listed in ${bom_absolute_path}."
+            exit 1
+          fi
+          echo "Unmanaged dependency check passed"