CI: use the gradle-build action and improve test report handling

gesellix · Oct 1, 2023 · c3952a3 · c3952a3
1 parent fa8350c
commit c3952a3
Show file tree

Hide file tree

Showing 4 changed files with 116 additions and 50 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -5,8 +5,27 @@ on:
     branches:
       - main
 jobs:
-  publish:
+  event-file:
+    # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
+    name: "Event File"
     runs-on: ubuntu-latest
+    steps:
+      - name: Upload
+        uses: actions/upload-artifact@v3
+        with:
+          name: event-file
+          path: ${{ github.event_path }}
+  publish:
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+        #          - windows-latest
+        #          - macos-latest
+        java:
+          - 8
+    #          - 17
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 20
     steps:
       - uses: actions/checkout@v4
@@ -16,18 +35,23 @@ jobs:
         uses: actions/setup-java@v3.13.0
         with:
           distribution: 'zulu'
-          java-version: 8
-          cache: 'gradle'
+          java-version: ${{ matrix.java }}
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+#      - name: Install Docker on macOS
+#        uses: douglascamata/setup-docker-macos-action@v1-alpha
       - name: build publish
         run: ./gradlew clean build publish --info --stacktrace
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_SIGNING_KEY }}
           ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_SIGNING_PASSWORD }}
-      - name: Publish Test Report
-        if: ${{ always() }}
-        uses: scacap/action-surefire-report@v1
+      - name: Upload Test Results
+        # see publish-test-results.yml for workflow that publishes test results without security issues for forks
+        # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
+        if: always()
+        uses: actions/upload-artifact@v3
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          report_paths: '**/build/test-results/test/TEST-*.xml'
+          name: Test Results (Java ${{ matrix.java }} on ${{ matrix.os }})
+          path: '**/build/test-results/test/TEST-*.xml'
 ...
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,11 +6,26 @@ on:
     branches-ignore:
       - main
 jobs:
+  event-file:
+    # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
+    name: "Event File"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Upload
+        uses: actions/upload-artifact@v3
+        with:
+          name: event-file
+          path: ${{ github.event_path }}
   ci-build:
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
-        java: [ 8, 17 ]
+        os:
+          - ubuntu-latest
+          - windows-latest
+          - macos-latest
+        java:
+          - 8
+          - 17
     runs-on: ${{ matrix.os }}
     timeout-minutes: 20
     steps:
@@ -22,10 +37,11 @@ jobs:
         with:
           distribution: 'zulu'
           java-version: ${{ matrix.java }}
-          cache: 'gradle'
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
       - name: Install Docker on macOS
         if: matrix.os == 'macos-latest'
-        uses: ./.github/actions/docker-install-macos
+        uses: douglascamata/setup-docker-macos-action@v1-alpha
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
@@ -43,9 +59,10 @@ jobs:
         run: ./gradlew clean build --info --stacktrace
       - name: Upload Test Results
         # see publish-test-results.yml for workflow that publishes test results without security issues for forks
+        # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
+        if: always()
         uses: actions/upload-artifact@v3
-        if: ${{ always() }}
         with:
-          name: test-results
+          name: Test Results (Java ${{ matrix.java }} on ${{ matrix.os }})
           path: '**/build/test-results/test/TEST-*.xml'
 ...
diff --git a/.github/workflows/publish-test-results.yml b/.github/workflows/publish-test-results.yml
@@ -10,41 +10,42 @@ on:
   workflow_run:
     workflows:
       - CI
+      - Publish
+      - Release
     types:
       - completed
+permissions: {}
 
 jobs:
-  # Job based on https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  # Job based on
+  # - https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  # - https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
   publish-test-results:
     runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: github.event.workflow_run.conclusion != 'skipped'
+
+    permissions:
+      checks: write
+      # needed unless run with comment_mode: off
+      pull-requests: write
+      # only needed for private repository
+      #contents: read
+      # only needed for private repository
+      #issues: read
+      # required by download step to access artifacts API
+      actions: read
+
     steps:
-      # Unfortunately, the official actions/download-artifact action is very limited in scope.
-      # Can't use it yet in this context, https://github.com/actions/download-artifact/issues/60
-      - name: Download artifact
-        uses: actions/github-script@v6
+      - name: Download and Extract Artifacts
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e
         with:
-          script: |
-            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: ${{ github.event.workflow_run.id }},
-            });
-            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "test-results"
-            })[0];
-            var download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            var fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/test-results.zip', Buffer.from(download.data));
-      - run: unzip test-results.zip
+          run_id: ${{ github.event.workflow_run.id }}
+          path: artifacts
       - name: Publish Test Results
-        uses: scacap/action-surefire-report@v1
+        uses: EnricoMi/publish-unit-test-result-action@v2
         with:
-          commit: ${{ github.event.workflow_run.head_commit.id }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          report_paths: '**/build/test-results/test/TEST-*.xml'
+          commit: ${{ github.event.workflow_run.head_sha }}
+          event_file: artifacts/event-file/event.json
+          event_name: ${{ github.event.workflow_run.event }}
+          files: "artifacts/**/build/test-results/test/TEST-*.xml"
+...
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,8 +7,27 @@ on:
 #      - published
 
 jobs:
-  release:
+  event-file:
+    # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
+    name: "Event File"
     runs-on: ubuntu-latest
+    steps:
+      - name: Upload
+        uses: actions/upload-artifact@v3
+        with:
+          name: event-file
+          path: ${{ github.event_path }}
+  release:
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+        #          - windows-latest
+        #          - macos-latest
+        java:
+          - 8
+    #          - 17
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 20
     steps:
       - uses: actions/checkout@v4
@@ -18,8 +37,11 @@ jobs:
         uses: actions/setup-java@v3.13.0
         with:
           distribution: 'zulu'
-          java-version: 8
-          cache: 'gradle'
+          java-version: ${{ matrix.java }}
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+#      - name: Install Docker on macOS
+#        uses: douglascamata/setup-docker-macos-action@v1-alpha
       - name: Set artifact version
         run: |
           echo "RELEASE_VERSION=$(echo '${{ github.event.release.tag_name }}' | sed -e s/^v//)" >> $GITHUB_ENV
@@ -32,10 +54,12 @@ jobs:
           SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }}
           SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
           SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
-      - name: Publish Test Report
-        if: ${{ always() }}
-        uses: scacap/action-surefire-report@v1
+      - name: Upload Test Results
+        # see publish-test-results.yml for workflow that publishes test results without security issues for forks
+        # https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
+        if: always()
+        uses: actions/upload-artifact@v3
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          report_paths: '**/build/test-results/test/TEST-*.xml'
+          name: Test Results (Java ${{ matrix.java }} on ${{ matrix.os }})
+          path: '**/build/test-results/test/TEST-*.xml'
 ...