From 5b838ab693a250b9fc4c6edfd00076504f791a4a Mon Sep 17 00:00:00 2001 From: Sergio del Amo Date: Thu, 23 Mar 2023 10:15:01 +0100 Subject: [PATCH 1/2] build: Micronaut Framework M1 --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 233d1aac..d2bfa373 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,6 +1,6 @@ [versions] micronaut-docs = "2.0.0" -micronaut = "4.0.0-SNAPSHOT" +micronaut = "4.0.0-M1" micronaut-test = "4.0.0-SNAPSHOT" groovy = "4.0.10" spock = "2.3-groovy-4.0" From 37fb375df240f665b07b44ea81c90e7bdb418ce6 Mon Sep 17 00:00:00 2001 From: Sergio del Amo Date: Thu, 23 Mar 2023 10:16:33 +0100 Subject: [PATCH 2/2] ci: Github Actions Sync --- .github/renovate.json | 2 +- .github/workflows/graalvm.yml | 65 ----------------- .github/workflows/gradle.yml | 79 ++++++++++++--------- .github/workflows/release-notes.yml | 50 ------------- .github/workflows/release.yml | 34 ++++----- .github/workflows/sonarqube.yml | 58 --------------- .github/workflows/update-gradle-wrapper.yml | 6 +- 7 files changed, 69 insertions(+), 225 deletions(-) delete mode 100644 .github/workflows/graalvm.yml delete mode 100644 .github/workflows/release-notes.yml delete mode 100644 .github/workflows/sonarqube.yml diff --git a/.github/renovate.json b/.github/renovate.json index aaa729b5..ccd88d42 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -2,7 +2,7 @@ "extends": [ "config:base" ], - "addLabels": ["dependency-upgrade"], + "addLabels": ["type: dependency-upgrade"], "schedule": [ "every weekend" ], diff --git a/.github/workflows/graalvm.yml b/.github/workflows/graalvm.yml deleted file mode 100644 index 5b000faf..00000000 --- a/.github/workflows/graalvm.yml +++ /dev/null @@ -1,65 +0,0 @@ -# WARNING: Do not edit this file directly. Instead, go to: -# -# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows -# -# and edit them there. Note that it will be sync'ed to all the Micronaut repos -name: GraalVM CE CI -on: - push: - branches: - - master - - '[1-9]+.[0-9]+.x' - pull_request: - branches: - - master - - '[1-9]+.[0-9]+.x' -jobs: - build: - if: github.repository != 'micronaut-projects/micronaut-project-template' - runs-on: ubuntu-latest - strategy: - matrix: - java: ['17'] - graalvm: ['latest'] - steps: - # https://github.com/actions/virtual-environments/issues/709 - - name: Free disk space - run: | - sudo rm -rf "/usr/local/share/boost" - sudo rm -rf "$AGENT_TOOLSDIRECTORY" - sudo apt-get clean - df -h - - uses: actions/checkout@v3 - - uses: actions/cache@v3 - with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: | - ${{ runner.os }}-gradle- - - name: Setup GraalVM CE - uses: graalvm/setup-graalvm@v1 - with: - version: ${{ matrix.graalvm }} - java-version: ${{ matrix.java }} - components: 'native-image' - - name: Build with Gradle - run: | - if ./gradlew tasks --no-daemon --all | grep -w "testNativeImage" - then - ./gradlew check testNativeImage --continue --no-daemon - else - ./gradlew check --continue --no-daemon - fi - env: - TESTCONTAINERS_RYUK_DISABLED: true - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}" - - name: Publish Test Report - if: always() - uses: mikepenz/action-junit-report@v3.5.2 - with: - check_name: GraalVM CE CI / Test Report (Java ${{ matrix.java }}) - report_paths: '**/build/test-results/test/TEST-*.xml' - check_retries: 'true' diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index be9c116a..1397b677 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -19,75 +19,88 @@ jobs: runs-on: ubuntu-latest strategy: matrix: + graalvm: [ 'latest'] java: ['17'] + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }} + GH_USERNAME: ${{ secrets.GH_USERNAME }} + TESTCONTAINERS_RYUK_DISABLED: true + PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}" + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: # https://github.com/actions/virtual-environments/issues/709 - - name: Free disk space + - name: "🗑 Free disk space" run: | sudo rm -rf "/usr/local/share/boost" sudo rm -rf "$AGENT_TOOLSDIRECTORY" sudo apt-get clean df -h - - uses: actions/checkout@v3 - - uses: actions/cache@v3 + + - name: "📥 Checkout repository" + uses: actions/checkout@v3 with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: | - ${{ runner.os }}-gradle- - - name: Set up JDK - uses: actions/setup-java@v3 + fetch-depth: 0 + + - name: "🔧 Setup GraalVM CE" + uses: graalvm/setup-graalvm@v1 with: - distribution: 'temurin' + version: ${{ matrix.graalvm }} java-version: ${{ matrix.java }} - - name: Optional setup step - env: - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} + components: 'native-image' + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: "🔧 Setup Gradle" + uses: gradle/gradle-build-action@v2 + + - name: "❓ Optional setup step" run: | - [ -f ./setup.sh ] && ./setup.sh || true - - name: Build with Gradle + [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ] + + - name: "🛠 Build with Gradle" + id: gradle run: | - # Awful hack for kapt and JDK 16. See https://youtrack.jetbrains.com/issue/KT-45545 - if [ ${{ matrix.java }} == 16 ]; then export GRADLE_OPTS="-Dorg.gradle.jvmargs=--illegal-access=permit"; fi ./gradlew check --no-daemon --parallel --continue - env: - TESTCONTAINERS_RYUK_DISABLED: true - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}" - - name: Publish Test Report + + - name: "🔎 Run static analysis" + if: env.SONAR_TOKEN != '' + run: | + ./gradlew sonar + + - name: "📊 Publish Test Report" if: always() - uses: mikepenz/action-junit-report@v3.5.2 + uses: mikepenz/action-junit-report@v3 with: check_name: Java CI / Test Report (${{ matrix.java }}) report_paths: '**/build/test-results/test/TEST-*.xml' check_retries: 'true' + - name: "📜 Upload binary compatibility check results" if: always() uses: actions/upload-artifact@v3 with: name: binary-compatibility-reports path: "**/build/reports/binary-compatibility-*.html" - - name: Publish to Sonatype Snapshots + + - name: "📦 Publish to Sonatype Snapshots" if: success() && github.event_name == 'push' && matrix.java == '17' env: SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} run: ./gradlew publishToSonatype docs --no-daemon - - name: Determine docs target repository + + - name: "❓ Determine docs target repository" uses: haya14busa/action-cond@v1 id: docs_target with: cond: ${{ github.repository == 'micronaut-projects/micronaut-core' }} if_true: "micronaut-projects/micronaut-docs" if_false: ${{ github.repository }} - - name: Publish to Github Pages + + - name: "📑 Publish to Github Pages" if: success() && github.event_name == 'push' && matrix.java == '17' uses: micronaut-projects/github-pages-deploy-action@master env: diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml deleted file mode 100644 index 35c3bf7a..00000000 --- a/.github/workflows/release-notes.yml +++ /dev/null @@ -1,50 +0,0 @@ -# WARNING: Do not edit this file directly. Instead, go to: -# -# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows -# -# and edit them there. Note that it will be sync'ed to all the Micronaut repos -name: Changelog -on: - issues: - types: [closed,reopened] - push: - branches: - - master - - '[1-9]+.[0-9]+.x' -jobs: - release_notes: - if: github.repository != 'micronaut-projects/micronaut-project-template' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Check if it has release drafter config file - id: check_release_drafter - run: | - has_release_drafter=$([ -f .github/release-drafter.yml ] && echo "true" || echo "false") - echo ::set-output name=has_release_drafter::${has_release_drafter} - - # If it has release drafter: - - uses: release-drafter/release-drafter@v5 - if: steps.check_release_drafter.outputs.has_release_drafter == 'true' - env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - - # Otherwise: - - name: Export Gradle Properties - if: steps.check_release_drafter.outputs.has_release_drafter == 'false' - uses: micronaut-projects/github-actions/export-gradle-properties@master - - uses: micronaut-projects/github-actions/release-notes@master - if: steps.check_release_drafter.outputs.has_release_drafter == 'false' - id: release_notes - with: - token: ${{ secrets.GH_TOKEN }} - - uses: ncipollo/release-action@v1 - if: steps.check_release_drafter.outputs.has_release_drafter == 'false' && steps.release_notes.outputs.generated_changelog == 'true' - with: - allowUpdates: true - commit: ${{ steps.release_notes.outputs.current_branch }} - draft: true - name: ${{ env.title }} ${{ steps.release_notes.outputs.next_version }} - tag: v${{ steps.release_notes.outputs.next_version }} - bodyFile: CHANGELOG.md - token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 65cec61e..3eb1a55d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: java-version: '17' - name: Set the current release version id: release_version - run: echo ::set-output name=release_version::${GITHUB_REF:11} + run: echo "release_version=${GITHUB_REF:11}" >> $GITHUB_OUTPUT - name: Run pre-release uses: micronaut-projects/github-actions/pre-release@master env: @@ -66,23 +66,25 @@ jobs: # Store the hash in a file, which is uploaded as a workflow artifact. echo $(sha256sum $ARTIFACTS | base64 -w0) > artifacts-sha256 - name: Upload build artifacts - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@v3 with: name: gradle-build-outputs path: build/repo/${{ steps.publish.outputs.group }}/*/${{ steps.publish.outputs.version }}/* retention-days: 5 - name: Upload artifacts-sha256 - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@v3 with: name: artifacts-sha256 path: artifacts-sha256 retention-days: 5 - name: Generate docs + run: ./gradlew docs env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - run: ./gradlew docs + GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }} + GH_USERNAME: ${{ secrets.GH_USERNAME }} - name: Export Gradle Properties uses: micronaut-projects/github-actions/export-gradle-properties@master - name: Publish to Github Pages @@ -128,7 +130,7 @@ jobs: artifacts-sha256: ${{ steps.set-hash.outputs.artifacts-sha256 }} steps: - name: Download artifacts-sha256 - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 + uses: actions/download-artifact@v3 with: name: artifacts-sha256 # The SLSA provenance generator expects the hash digest of artifacts to be passed as a job @@ -147,7 +149,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.2 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0 with: base64-subjects: "${{ needs.provenance-subject.outputs.artifacts-sha256 }}" upload-assets: true # Upload to a new release. @@ -159,18 +161,18 @@ jobs: if: startsWith(github.ref, 'refs/tags/') steps: - name: Checkout repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Download artifacts - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: gradle-build-outputs path: build/repo + - name: Create artifacts archive + shell: bash + run: find build/repo -regextype sed -regex '\(.*\.jar\|.*\.pom\|.*\.module\|.*\.toml\)' | xargs zip artifacts.zip - name: Upload assets - # Upload the artifacts and SLSA L3 provenance as assets to the existing - # release. Note that the provenance will attest to each artifact file and - # not the aggregated ZIP file. - run: | - find build/repo -regextype sed -regex '\(.*\.jar\|.*\.pom\|.*\.module\|.*\.toml\)' | xargs zip artifacts.zip - gh release upload ${{ github.ref_name }} artifacts.zip - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Upload the artifacts to the existing release. Note that the SLSA provenance will + # attest to each artifact file and not the aggregated ZIP file. + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 + with: + files: artifacts.zip diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml deleted file mode 100644 index d238115f..00000000 --- a/.github/workflows/sonarqube.yml +++ /dev/null @@ -1,58 +0,0 @@ -# WARNING: Do not edit this file directly. Instead, go to: -# -# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows -# -# and edit them there. Note that it will be sync'ed to all the Micronaut repos -name: Static Analysis -on: - push: - branches: - - master - - '[1-9]+.[0-9]+.x' - pull_request: - branches: - - master - - '[1-9]+.[0-9]+.x' -jobs: - build: - if: github.repository != 'micronaut-projects/micronaut-project-template' - runs-on: ubuntu-latest - steps: - # https://github.com/actions/virtual-environments/issues/709 - - name: Free disk space - run: | - sudo rm -rf "/usr/local/share/boost" - sudo rm -rf "$AGENT_TOOLSDIRECTORY" - sudo apt-get clean - df -h - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - uses: actions/cache@v3 - with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: | - ${{ runner.os }}-gradle- - - name: Set up JDK - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 17 - - name: Optional setup step - env: - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - run: | - [ -f ./setup.sh ] && ./setup.sh || true - - name: Analyse with Gradle - run: | - ./gradlew check sonarqube --no-daemon --parallel --continue - env: - TESTCONTAINERS_RYUK_DISABLED: true - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} - GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-gradle-wrapper.yml b/.github/workflows/update-gradle-wrapper.yml index 7404c2d7..8a897279 100644 --- a/.github/workflows/update-gradle-wrapper.yml +++ b/.github/workflows/update-gradle-wrapper.yml @@ -19,12 +19,14 @@ jobs: id: update env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }} + GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} run: | latest=`curl -s https://services.gradle.org/versions/current | jq -cr ".version"` - echo ::set-output name=latest_version::${latest} + echo "latest_version=${latest}" >> $GITHUB_OUTPUT ./gradlew wrapper --gradle-version $latest - uses: gradle/wrapper-validation-action@v1 - - uses: stefanzweifel/git-auto-commit-action@v4.15.3 + - uses: stefanzweifel/git-auto-commit-action@v4 with: commit_message: Upgrade Gradle Wrapper to ${{ steps.update.outputs.latest_version }} commit_user_name: micronaut-build