diff --git a/.github/workflows/build-reusable.yaml b/.github/workflows/build-reusable.yaml new file mode 100644 index 0000000..be4b186 --- /dev/null +++ b/.github/workflows/build-reusable.yaml @@ -0,0 +1,92 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: build-reusable + +on: + workflow_call: + +jobs: + + build: + + runs-on: ${{ matrix.os }} + + strategy: + fail-fast: false + matrix: + os: [ macos-latest, ubuntu-latest, windows-latest ] + + steps: + + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1 + with: + # When running on `pull_request` use the PR branch, not the target branch + ref: ${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }} + + - name: Set up Java + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # 3.7.0 + with: + distribution: temurin + java-version: ${{ inputs.java-version }} + java-package: jdk + architecture: x64 + cache: maven + + # We could have used `verify`, but `clean install` is required while generating the build reproducibility report, which is performed in the next step. + # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility + - name: Build + id: build + shell: bash + run: | + ./mvnw \ + --show-version --batch-mode --errors --no-transfer-progress \ + -DtrimStackTrace=false \ + -DinstallAtEnd=true \ + clean install + + # We upload tests results if the build fails. + - name: Upload test results + if: failure() && steps.build.conclusion == 'failure' + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # 3.1.3 + with: + name: surefire-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}} + path: | + **/target/surefire-reports + **/target/logs + + # `clean verify artifact:compare` is required to generate the build reproducibility report. + # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility + - name: Verify build reproducibility + id: reproducibility + shell: bash + run: | + ./mvnw \ + --show-version --batch-mode --errors --no-transfer-progress \ + -DskipTests=true \ + clean verify artifact:compare + + # We reproducibility results if the build fails. + - name: Upload reproducibility results + if: failure() && steps.reproducibility.conclusion == 'failure' + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # 3.1.3 + with: + name: reproducibility-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}} + path: | + **/target/bom.xml + **/target/*.buildcompare + **/target/*.jar + **/target/*.zip + **/target/reference/* diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..46edbbe --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,28 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +name: build + +on: + push: + branches: + - main + pull_request: + +permissions: read-all + +jobs: + + build: + if: github.actor != 'dependabot[bot]' + uses: copernik-eu/log4j-plugins/.github/workflows/build-reusable.yaml@main diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 022f0be..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,71 +0,0 @@ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -name: build - -on: - push: - branches: - - main - pull_request: - -permissions: read-all - -jobs: - - build: - - runs-on: ${{ matrix.os }} - - strategy: - matrix: - os: [ ubuntu-latest, windows-latest, macos-latest ] - - steps: - - - name: Checkout repository - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # 3.0.2 - - # JDK 11 is needed for the build. - # Search `maven-toolchains-plugin` usages for details. - - name: Setup JDK 11 - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # 3.13.0 - with: - distribution: temurin - java-version: 11 - java-package: jdk - architecture: x64 - cache: maven - - - name: Inspect environment (Linux) - if: runner.os == 'Linux' - run: env | grep '^JAVA' - - - name: Inspect environment (Windows) - if: runner.os == 'Windows' - run: set java - - - name: Inspect environment (MacOS) - if: runner.os == 'macOS' - run: env | grep '^JAVA' - - - name: Maven "verify" - timeout-minutes: 10 - shell: bash - run: | - ./mvnw \ - --show-version --batch-mode --errors --no-transfer-progress \ - -DtrimStackTrace=false \ - -Dsurefire.rerunFailingTestsCount=2 \ - -Dgpg.skip=true \ - verify diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yaml similarity index 100% rename from .github/workflows/codeql-analysis.yml rename to .github/workflows/codeql-analysis.yaml diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml new file mode 100644 index 0000000..7e2f035 --- /dev/null +++ b/.github/workflows/merge-dependabot.yaml @@ -0,0 +1,40 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +name: build + +on: + pull_request_target: + +permissions: read-all + +jobs: + + build: + if: github.repository == 'copernik-eu/log4j-plugins' && github.actor == 'dependabot[bot]' + uses: copernik-eu/log4j-plugins/.github/workflows/build-reusable.yaml@main + + merge: + needs: build + + steps: + + - name: Fetch metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 # 1.6.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Automatically merge + run: | + gh pr merge --autor "$PR_URL"