chore: retrofit the GitHub Actions workflow #225
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow takes care of building, testing and publishing the project and | |
| # its artifacts. | |
| # | |
| # The whole process is split into jobs, each running on a different node. | |
| # Jobs are executed conditionally, only when required, in order to avoid wasting | |
| # build time on useless jobs. | |
| # Job dependencies also make longer and expensive tasks depend on the success | |
| # of previous, less expensive tasks. If upstream tasks fail, their dependencies | |
| # are not executed. | |
| # | |
| # This implies that, in order to avoid repeating tasks and start one job from | |
| # where previous ones have finished, intermediate artifacts are handed over | |
| # from one task to another. For this we use cache actions like actions/cache@v4. | |
| # Moreover, since we use Gradle and its powerful up-to-date checks, we also need | |
| # to propagate the Gradle cache across jobs. For this we use the Gradle remote | |
| # cache action burrunan/gradle-cache-action@v2. | |
| # | |
| # This way of modelling the workflow requires extra engineering but allows for | |
| # fine grained control over the pipeline as a whole. It also introduces some | |
| # overhead, but that comes with the benefit of controlling the workflow stage | |
| # by stage. | |
| # | |
| # Gradle is used so that we use the same build scripts locally on developers' | |
| # hosts and the CI/CD environment. Again, this improves portability and | |
| # consistency. | |
| # | |
| # CACHES | |
| # ------ | |
| # We use GitHub Actions caches in two different modes: | |
| # - by mean of actions/cache: we use different caches in order to narrow their size. The major issue | |
| # with this kind of cache is that each job can create a new one and store its contents but it cannot | |
| # update and store new contents for an existing cache. This is a limitation and since we need to | |
| # increment the contents of a cache across several jobs, we need to 'chain' caches so that we can | |
| # pull an existing one, change its contents, and then store it under a different name. For this reason | |
| # we disambiguate caches with a trailing identifier (represented by the job that stored the cache) | |
| # so that each cache 'instance' represents a specific 'stage' within the pipeline for that cache. | |
| # - by mean of burrunan/gradle-cache-action: this cache also uses actions/cache under the hood but is | |
| # specifically optimized for Gradle as it's layered and it hides the complexity of 'chaining' caches | |
| # so we define it the same way for each job. This cache leverages Gradle caching to run Gradle tasks | |
| # incrementally. | |
| # This cache is remote (to GitHub Actions) so jobs running on different workers share it. | |
| # See https://docs.gradle.org/current/userguide/build_cache.html for more on the Gradle Build Cache. | |
| # | |
| # Provided the above about 'chaining' caches for specific 'stages', we have several caches, each one | |
| # containing a specific set of files (the cache scope). | |
| # The first job that creates a certain cache only defines the cache 'key' and no 'restore-keys' | |
| # (as there is still no cache to restore) while subsequent ones define a new 'key' (adding the job ID | |
| # as a trailer in the cache ID) but also uses the 'key' generated for that cache from the job that | |
| # comes before in the 'chain'. | |
| # | |
| # We always create caches with identifiers containing the ${{ github.run_id }} in order to avoid | |
| # overlappings across multiple pipeline runs. | |
| # | |
| # MORE ON CACHES | |
| # -------------- | |
| # Remember that: | |
| # - the 'path' items within 'actions/cache' actions must be the same when storing and retrieving the cache | |
| # otherwise it won't work | |
| # - the above rules mean that a certain set of files/directories must always follow the same cache as | |
| # they can't be mixed up. On the other hand, each job may use/store multiple caches | |
| name: CI/CD Pipeline | |
| on: [push] | |
| # Avoid running multiple pipelines concurrently to avoid overlapping releases and tags | |
| concurrency: | |
| # Synch on the project to avoid conflicts when accessing remote resources | |
| # (i.e. when testing against remote services) | |
| group: project | |
| cancel-in-progress: false | |
| env: | |
| GO_VERSION: 1.22.4 | |
| JDK_VERSION: 20 | |
| jobs: | |
| initialize: | |
| name: Initialize | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set conditional flags based on files changed with the current commit | |
| uses: dorny/paths-filter@v3 | |
| id: changes | |
| with: | |
| base: ${{ github.ref }} | |
| filters: | | |
| dockerChanged: | |
| - 'modules/docker/**' | |
| goChanged: | |
| - 'modules/go/**' | |
| javaChanged: | |
| - 'modules/java/**' | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Infer the project version and initialize the Gradle remote cache | |
| run: ./gradlew nyxInfer --build-cache --stacktrace | |
| - name: Export Nyx values | |
| # By using the Nyx GitHub Action we are able to load its data that was stored | |
| # by the previous step into the build/.nyx-state.json and export it to other | |
| # jobs in the pipeline using this job's outputs. | |
| id: nyx | |
| uses: mooltiverse/nyx-github-action@main | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| outputs: | |
| # Expose the 'newRelease' flag computed by the mooltiverse/nyx-github-action | |
| # action to the next jobs so they can run conditionally. | |
| newRelease: ${{ steps.nyx.outputs.newRelease }} | |
| # Expose the conditional flags computed by the dorny/paths-filter action | |
| # to the next jobs so they can run conditionally. | |
| dockerChanged: ${{ steps.changes.outputs.dockerChanged }} | |
| goChanged: ${{ steps.changes.outputs.goChanged }} | |
| javaChanged: ${{ steps.changes.outputs.javaChanged }} | |
| ############################################################################# | |
| # BUILD | |
| # Here we have several parallel jobs to build artifacts, one for each | |
| # language/tech stack, and in the end one fan in job. | |
| ############################################################################# | |
| build-java: | |
| name: Build - Java | |
| needs: [initialize] | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.javaChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-build-java cache storing the Java files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/java/**/build/ | |
| key: pipeline-${{ github.run_id }}-build-java | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Build the Java code | |
| run: ./gradlew modules:java:assemble --build-cache --stacktrace | |
| - name: Scan with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Jar artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: jar | |
| path: 'modules/java/**/build/libs/' | |
| - name: Publish the Javadoc artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: javadoc | |
| path: 'modules/java/build/docs/javadoc/' | |
| build-go: | |
| name: Build - Go | |
| needs: [initialize] | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.dockerChanged == 'true' || needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-build-go cache storing the Go files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-build-go | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Build the Go code | |
| run: ./gradlew modules:go:assemble --build-cache --stacktrace | |
| - name: Scan with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Go binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bin | |
| path: 'modules/go/nyx/build/bin/*' | |
| build-docker: | |
| name: Build - Docker | |
| needs: build-go | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.dockerChanged == 'true' || needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-build-docker cache storing the Docker files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-build-docker | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-build-go | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Build the Docker images | |
| run: ./gradlew modules:docker:assemble --build-cache --stacktrace | |
| - name: Scan with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| build-merge: | |
| # This job acts as a connection from upstream jobs running build tasks. | |
| # Here we import the caches from specific language build jobs into one. | |
| name: Merge build artifacts | |
| needs: [build-java,build-go,build-docker] | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.dockerChanged == 'true' || needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.javaChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-build-go cache storing the Go files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-build-go | |
| - name: Set up the pipeline-${{ github.run_id }}-build-java cache storing the Java files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/java/**/build/ | |
| key: pipeline-${{ github.run_id }}-build-java | |
| #- name: Set up the pipeline-${{ github.run_id }}-build-docker cache storing the Docker files | |
| # uses: actions/cache@v4 | |
| # with: | |
| # path: | | |
| # modules/go/**/build/ | |
| # ~/.cache/go-build | |
| # ~/go/pkg/mod | |
| # key: pipeline-${{ github.run_id }}-build-docker | |
| # restore-keys: | | |
| # pipeline-${{ github.run_id }}-build-go | |
| - name: Set up the pipeline-${{ github.run_id }}-artifacts cache storing artifacts from all upstream jobs | |
| uses: actions/cache@v4 | |
| with: | |
| # These patchs are merged from the previous caches | |
| path: | | |
| modules/java/**/build/ | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-artifacts | |
| ############################################################################# | |
| # TEST | |
| # Here we have several parallel jobs to run tests at different maturity | |
| # levels, progressively, one for each language/tech stack | |
| ############################################################################# | |
| java-unit-test: | |
| name: Test (Unit) - Java ${{ matrix.java }} | |
| needs: build-java | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.javaChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| # The recommended JDK version is 17 or above but since we need to test for backward compatibility to JVMs 17 or newer we | |
| # need a matrix here. Depending on the JDK version the set of Gradle version that the tests run on will change, according | |
| # to the Gradle compatibility matrix. See CONTRIBUTING.md in the root directory or the Gradle functional test suites for more. | |
| strategy: | |
| matrix: | |
| java: [ '17', '20' ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-java-unit-test cache storing the Java files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/java/**/build/ | |
| key: pipeline-${{ github.run_id }}-java-unit-test | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-build-java | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Run Java Unit Tests | |
| run: ./gradlew modules:java:test --build-cache --stacktrace | |
| - name: Upload code coverage statistics to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| name: Nyx Java unit tests | |
| #token: // not required as it's an open source project, but the Codecov App must be installed for the repository (https://github.com/apps/codecov) | |
| files: ./modules/java/main/build/reports/jacoco/test/jacocoTestReport.xml,./modules/java/version/build/reports/jacoco/test/jacocoTestReport.xml | |
| flags: java,unit | |
| fail_ci_if_error: false # Codecov upload intermittently fails so setting this to false is the only way to avoid it breaking our builds. Codecov's bug is https://github.com/codecov/codecov-action/issues/557 | |
| verbose: true | |
| - name: Scan test reports and metrics with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Java unit test reports | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: java-${{ matrix.java }}-unit-test-reports | |
| path: | | |
| modules/java/**/build/jacoco/ | |
| modules/java/**/build/reports/jacoco | |
| modules/java/**/build/reports/tests/test/ | |
| modules/java/**/build/test-results/test/ | |
| java-integration-test: | |
| # These tests may take a very long time to complete and their cache may easily go over the 5GB | |
| # limit defined by GitHub Actions. This is why they are in a separate job and the output cache | |
| # may fail to store at the end (but this won't affect other jobs). | |
| name: Test (Integration) - Java ${{ matrix.java }} | |
| needs: java-unit-test | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.javaChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| # Avoid jobs invoking remote services to run in parallel to avoid throttling down by those services (with consequent test failures). | |
| # See https://github.com/mooltiverse/nyx/issues/206 for more | |
| concurrency: | |
| group: rate-limited-remote-services | |
| cancel-in-progress: false | |
| # The recommended JDK version is 17 or above but since we need to test for backward compatibility to JVMs 17 or newer we | |
| # need a matrix here. Depending on the JDK version the set of Gradle version that the tests run on will change, according | |
| # to the Gradle compatibility matrix. See CONTRIBUTING.md in the root directory or the Gradle functional test suites for more. | |
| strategy: | |
| matrix: | |
| java: [ '17', '20' ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-java-integration-test cache storing the Java files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/java/**/build/ | |
| key: pipeline-${{ github.run_id }}-java-integration-test | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-java-unit-test | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Run Java Integration Tests | |
| env: | |
| # See the top level https://github.com/mooltiverse/nyx/blob/main/CONTRIBUTING.md#contributing-code file for details about passing these values when testing locally | |
| ORG_GRADLE_PROJECT_gitHubTestUserToken: ${{ secrets.TEST_GITHUB_USER_TOKEN }} # The test user token to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPublicKey: ${{ secrets.TEST_GITHUB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITHUB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserToken: ${{ secrets.TEST_GITLAB_USER_TOKEN }} # The test user token to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPublicKey: ${{ secrets.TEST_GITLAB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITLAB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| run: ./gradlew modules:java:integrationTest --build-cache --stacktrace | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ always() }} | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Upload code coverage statistics to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| name: Nyx Java integration tests | |
| #token: // not required as it's an open source project, but the Codecov App must be installed for the repository (https://github.com/apps/codecov) | |
| files: ./modules/java/main/build/reports/jacoco/integrationTestCodeCoverageReport/integrationTestCodeCoverageReport.xml,./modules/java/version/build/reports/jacoco/integrationTestCodeCoverageReport/integrationTestCodeCoverageReport.xml | |
| flags: java,integration | |
| fail_ci_if_error: false # Codecov upload intermittently fails so setting this to false is the only way to avoid it breaking our builds. Codecov's bug is https://github.com/codecov/codecov-action/issues/557 | |
| verbose: true | |
| - name: Scan test reports and metrics with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Java integration test reports | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: java-${{ matrix.java }}-integration-test-reports | |
| path: | | |
| modules/java/**/build/jacoco/ | |
| modules/java/**/build/reports/jacoco | |
| modules/java/**/build/reports/tests/integrationTest/ | |
| modules/java/**/build/test-results/integrationTest/ | |
| java-functional-test: | |
| # These tests may take a very long time to complete and their cache may easily go over the 5GB | |
| # limit defined by GitHub Actions. This is why they are in a separate job and the output cache | |
| # may fail to store at the end (but this won't affect other jobs). | |
| name: Test (Functional) - Java ${{ matrix.java }} | |
| needs: java-integration-test | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.javaChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| # Avoid jobs invoking remote services to run in parallel to avoid throttling down by those services (with consequent test failures). | |
| # See https://github.com/mooltiverse/nyx/issues/206 for more | |
| concurrency: | |
| group: rate-limited-remote-services | |
| cancel-in-progress: false | |
| # The recommended JDK version is 17 or above but since we need to test for backward compatibility to JVMs 11 or newer we | |
| # need a matrix here. Depending on the JDK version the set of Gradle version that the tests run on will change, according | |
| # to the Gradle compatibility matrix. See CONTRIBUTING.md in the root directory or the Gradle functional test suites for more. | |
| strategy: | |
| matrix: | |
| java: [ '17', '20' ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-java-integration-test cache storing the Java files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/java/**/build/ | |
| key: pipeline-${{ github.run_id }}-java-integration-test | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-java-integration-test | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| # Add the -PquickTests=true option to the Gradle command line to narrow the number of tests | |
| - name: Run Java Functional Tests | |
| env: | |
| # See the top level https://github.com/mooltiverse/nyx/blob/main/CONTRIBUTING.md#contributing-code file for details about passing these values when testing locally | |
| ORG_GRADLE_PROJECT_gitHubTestUserToken: ${{ secrets.TEST_GITHUB_USER_TOKEN }} # The test user token to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPublicKey: ${{ secrets.TEST_GITHUB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITHUB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserToken: ${{ secrets.TEST_GITLAB_USER_TOKEN }} # The test user token to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPublicKey: ${{ secrets.TEST_GITLAB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITLAB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| run: ./gradlew modules:java:functionalTest --build-cache --stacktrace | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ always() }} | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Upload code coverage statistics to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| name: Nyx Java functional tests | |
| #token: // not required as it's an open source project, but the Codecov App must be installed for the repository (https://github.com/apps/codecov) | |
| files: ./modules/java/main/build/reports/jacoco/functionalTestCodeCoverageReport/functionalTestCodeCoverageReport.xml,./modules/java/version/build/reports/jacoco/functionalTestCodeCoverageReport/functionalTestCodeCoverageReport.xml | |
| flags: java,functional | |
| fail_ci_if_error: false # Codecov upload intermittently fails so setting this to false is the only way to avoid it breaking our builds. Codecov's bug is https://github.com/codecov/codecov-action/issues/557 | |
| verbose: true | |
| - name: Scan test reports and metrics with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Java functional test reports | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: java-${{ matrix.java }}-functional-test-reports | |
| path: | | |
| modules/java/**/build/jacoco/ | |
| modules/java/**/build/reports/jacoco | |
| modules/java/**/build/reports/tests/functionalTest/ | |
| modules/java/**/build/test-results/functionalTest/ | |
| go-unit-test: | |
| name: Test (Unit) - Go | |
| needs: build-go | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| strategy: | |
| matrix: | |
| os: [macos-latest, ubuntu-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-go-unit-test cache storing the Go files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-go-unit-test | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-build-go | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Run Go Unit Tests | |
| run: ./gradlew modules:go:test --build-cache --stacktrace | |
| - name: Upload code coverage statistics to Codecov | |
| uses: codecov/codecov-action@v3 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} # Avoid uploading the same code coverage metrix for all platforms as it's useless, just upload them from the Linux tests | |
| with: | |
| name: Nyx Go unit tests | |
| #token: // not required as it's an open source project, but the Codecov App must be installed for the repository (https://github.com/apps/codecov) | |
| files: ./modules/go/nyx/build/test-results/test/test-coverprofile.out,./modules/go/version/build/test-results/test/test-coverprofile.out,./modules/go/errors/build/test-results/test/test-coverprofile.out,./modules/go/utils/build/test-results/test/test-coverprofile.out | |
| flags: go,unit | |
| fail_ci_if_error: false # Codecov upload intermittently fails so setting this to false is the only way to avoid it breaking our builds. Codecov's bug is https://github.com/codecov/codecov-action/issues/557 | |
| verbose: true | |
| - name: Scan test reports and metrics with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Go unit test reports | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: go-${{ matrix.os }}-unit-test-reports | |
| path: | | |
| modules/go/**/build/reports/tests/test/ | |
| modules/go/**/build/test-results/test/ | |
| go-integration-test: | |
| # These tests may take a very long time to complete and their cache may easily go over the 5GB | |
| # limit defined by GitHub Actions. This is why they are in a separate job and the output cache | |
| # may fail to store at the end (but this won't affect other jobs). | |
| name: Test (Integration) - Go | |
| needs: go-unit-test | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| # Avoid jobs invoking remote services to run in parallel to avoid throttling down by those services (with consequent test failures). | |
| # See https://github.com/mooltiverse/nyx/issues/206 for more | |
| concurrency: | |
| group: rate-limited-remote-services | |
| cancel-in-progress: false | |
| strategy: | |
| matrix: | |
| os: [macos-latest, ubuntu-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-go-integration-test cache storing the Go files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-go-integration-test | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-go-unit-test | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} # This command is only supported on Linux | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Run Go Integration Tests | |
| env: | |
| # See the top level https://github.com/mooltiverse/nyx/blob/main/CONTRIBUTING.md#contributing-code file for details about passing these values when testing locally | |
| ORG_GRADLE_PROJECT_gitHubTestUserToken: ${{ secrets.TEST_GITHUB_USER_TOKEN }} # The test user token to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPublicKey: ${{ secrets.TEST_GITHUB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITHUB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserToken: ${{ secrets.TEST_GITLAB_USER_TOKEN }} # The test user token to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPublicKey: ${{ secrets.TEST_GITLAB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITLAB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| run: ./gradlew modules:go:integrationTest --build-cache --stacktrace | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ matrix.os == 'ubuntu-latest' && always() }} # This command is only supported on Linux and needs to run even if previous jobs have failed | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Upload code coverage statistics to Codecov | |
| uses: codecov/codecov-action@v3 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} # Avoid uploading the same code coverage metrix for all platforms as it's useless, just upload them from the Linux tests | |
| with: | |
| name: Nyx Go integration tests | |
| #token: // not required as it's an open source project, but the Codecov App must be installed for the repository (https://github.com/apps/codecov) | |
| files: ./modules/go/nyx/build/test-results/integrationTest/integrationTest-coverprofile.out,./modules/go/version/build/test-results/integrationTest/integrationTest-coverprofile.out,./modules/go/errors/build/test-results/integrationTest/integrationTest-coverprofile.out,./modules/go/utils/build/test-results/integrationTest/integrationTest-coverprofile.out | |
| flags: go,integration | |
| fail_ci_if_error: false # Codecov upload intermittently fails so setting this to false is the only way to avoid it breaking our builds. Codecov's bug is https://github.com/codecov/codecov-action/issues/557 | |
| verbose: true | |
| - name: Scan test reports and metrics with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Go integration test reports | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: go-${{ matrix.os }}-integration-test-reports | |
| path: | | |
| modules/go/**/build/reports/tests/integrationTest/ | |
| modules/go/**/build/test-results/integrationTest/ | |
| go-functional-test: | |
| # These tests may take a very long time to complete and their cache may easily go over the 5GB | |
| # limit defined by GitHub Actions. This is why they are in a separate job and the output cache | |
| # may fail to store at the end (but this won't affect other jobs). | |
| name: Test (Functional) - Go | |
| needs: go-integration-test | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| # Avoid jobs invoking remote services to run in parallel to avoid throttling down by those services (with consequent test failures). | |
| # See https://github.com/mooltiverse/nyx/issues/206 for more | |
| concurrency: | |
| group: rate-limited-remote-services | |
| cancel-in-progress: false | |
| strategy: | |
| matrix: | |
| os: [macos-latest, ubuntu-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-go-functional-test cache storing the Go files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-go-functional-test | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-go-integration-test | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} # This command is only supported on Linux | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| # Add the -PquickTests=true option to the Gradle command line to narrow the number of tests | |
| - name: Run Go Functional Tests | |
| env: | |
| # See the top level https://github.com/mooltiverse/nyx/blob/main/CONTRIBUTING.md#contributing-code file for details about passing these values when testing locally | |
| ORG_GRADLE_PROJECT_gitHubTestUserToken: ${{ secrets.TEST_GITHUB_USER_TOKEN }} # The test user token to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPublicKey: ${{ secrets.TEST_GITHUB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITHUB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserToken: ${{ secrets.TEST_GITLAB_USER_TOKEN }} # The test user token to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPublicKey: ${{ secrets.TEST_GITLAB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITLAB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| run: ./gradlew modules:go:functionalTest --build-cache --stacktrace | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ matrix.os == 'ubuntu-latest' && always() }} # This command is only supported on Linux and needs to run even if previous jobs have failed | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Upload code coverage statistics to Codecov | |
| uses: codecov/codecov-action@v3 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} # Avoid uploading the same code coverage metrix for all platforms as it's useless, just upload them from the Linux tests | |
| with: | |
| name: Nyx Go functional tests | |
| #token: // not required as it's an open source project, but the Codecov App must be installed for the repository (https://github.com/apps/codecov) | |
| files: ./modules/go/nyx/build/test-results/functionalTest/functionalTest-coverprofile.out,./modules/go/version/build/test-results/functionalTest/functionalTest-coverprofile.out,./modules/go/errors/build/test-results/functionalTest/functionalTest-coverprofile.out,./modules/go/utils/build/test-results/functionalTest/functionalTest-coverprofile.out | |
| flags: go,integration | |
| fail_ci_if_error: false # Codecov upload intermittently fails so setting this to false is the only way to avoid it breaking our builds. Codecov's bug is https://github.com/codecov/codecov-action/issues/557 | |
| verbose: true | |
| - name: Scan test reports and metrics with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| - name: Publish the Go functional test reports | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: go-${{ matrix.os }}-functional-test-reports | |
| path: | | |
| modules/go/**/build/reports/tests/functionalTest/ | |
| modules/go/**/build/test-results/functionalTest/ | |
| docker-functional-test: | |
| # These tests may take a very long time to complete and their cache may easily go over the 5GB | |
| # limit defined by GitHub Actions. This is why they are in a separate job and the output cache | |
| # may fail to store at the end (but this won't affect other jobs). | |
| name: Test (Functional) - Docker | |
| needs: build-docker | |
| # Run this job conditionally to avoid running needless tasks and useless resource consumption | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.dockerChanged == 'true' || needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| # Avoid jobs invoking remote services to run in parallel to avoid throttling down by those services (with consequent test failures). | |
| # See https://github.com/mooltiverse/nyx/issues/206 for more | |
| concurrency: | |
| group: rate-limited-remote-services | |
| cancel-in-progress: false | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-docker-functional-test cache storing the Docker files | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-docker-functional-test | |
| restore-keys: | | |
| pipeline-${{ github.run_id }}-build-docker | |
| - name: Set up the pipeline-${{ github.run_id }}-sonar cache storing SonarCloud files | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: pipeline-${{ github.run_id }}-sonar | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| # Add the -PquickTests=true option to the Gradle command line to narrow the number of tests | |
| - name: Run Docker Functional Tests | |
| env: | |
| # See the top level https://github.com/mooltiverse/nyx/blob/main/CONTRIBUTING.md#contributing-code file for details about passing these values when testing locally | |
| ORG_GRADLE_PROJECT_gitHubTestUserToken: ${{ secrets.TEST_GITHUB_USER_TOKEN }} # The test user token to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPublicKey: ${{ secrets.TEST_GITHUB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITHUB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitHubTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITHUB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserToken: ${{ secrets.TEST_GITLAB_USER_TOKEN }} # The test user token to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPublicKey: ${{ secrets.TEST_GITLAB_USER_PUBLIC_KEY }} # The test public key to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyPassphrase: ${{ secrets.TEST_GITLAB_USER_PASSPHRASE }} # The test private key passphrase to test Nyx GitLab features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITH_PASSPHRASE }} # The test password protected private key to test Nyx GitHub features | |
| ORG_GRADLE_PROJECT_gitLabTestUserPrivateKeyWithoutPassphrase: ${{ secrets.TEST_GITLAB_USER_PRIVATE_KEY_WITHOUT_PASSPHRASE }} # The test unprotected private key to test Nyx GitHub features | |
| run: ./gradlew modules:docker:functionalTest --build-cache --stacktrace | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ always() }} | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Upload code coverage statistics to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| name: Nyx Docker functional tests | |
| #token: // not required as it's an open source project, but the Codecov App must be installed for the repository (https://github.com/apps/codecov) | |
| files: ./modules/docker/build/test-results/functionalTest/functionalTest-coverprofile.out | |
| flags: docker,functional | |
| fail_ci_if_error: false # Codecov upload intermittently fails so setting this to false is the only way to avoid it breaking our builds. Codecov's bug is https://github.com/codecov/codecov-action/issues/557 | |
| verbose: true | |
| - name: Scan test reports and metrics with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew sonar --build-cache --stacktrace --info | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| ############################################################################# | |
| # FINAL JOBS | |
| # Here the serialized jobs to run when all of the above are succesful | |
| ############################################################################# | |
| publish: | |
| name: Publish | |
| needs: [build-merge,java-unit-test,java-integration-test,java-functional-test,go-unit-test,go-integration-test,go-functional-test,docker-functional-test] | |
| # Run this job only if: | |
| # - the Docker, Java or Go files have changed | |
| # - a new release must be issued (this flag is inferred by Nyx), in which case we rebuild and test everything | |
| # TODO: re-enable this conditional | |
| #if: needs.initialize.outputs.dockerChanged == 'true' || needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.javaChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-artifacts cache storing artifacts from all upstream jobs | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/java/**/build/ | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-artifacts | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Publish | |
| env: | |
| # The variables used here are automatically configured using Terraform by | |
| # the Infrastructure project. | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ORG_GRADLE_PROJECT_gitHubUser: ${{ github.actor }} | |
| ORG_GRADLE_PROJECT_gitHubToken: ${{ secrets.GITHUB_TOKEN }} | |
| ORG_GRADLE_PROJECT_dockerHubUser: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| ORG_GRADLE_PROJECT_dockerHubToken: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| ORG_GRADLE_PROJECT_ossrhUsername: ${{ secrets.MAVEN_USER }} | |
| ORG_GRADLE_PROJECT_ossrhPassword: ${{ secrets.MAVEN_PASSWORD }} | |
| ORG_GRADLE_PROJECT_signingKeyBase64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} | |
| ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPC_PASSPHRASE }} | |
| ORG_GRADLE_PROJECT_gradlePublishKey: ${{ secrets.GRADLE_PLUGIN_PUBLISH_KEY }} | |
| ORG_GRADLE_PROJECT_gradlePublishSecret: ${{ secrets.GRADLE_PLUGIN_PUBLISH_SECRET }} | |
| run: ./gradlew nyxMake nyxMark nyxPublish publish --build-cache --stacktrace | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ always() }} | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true | |
| release: | |
| name: Release | |
| needs: publish | |
| # Run this job only if: | |
| # - the Docker, Java or Go files have changed | |
| # - a new release must be issued (this flag is inferred by Nyx), in which case we rebuild and test everything | |
| if: needs.initialize.outputs.dockerChanged == 'true' || needs.initialize.outputs.goChanged == 'true' || needs.initialize.outputs.javaChanged == 'true' || needs.initialize.outputs.newRelease == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prepare the workspace | |
| - name: Git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Grant execute permission for the gradlew executable | |
| # We also need to make Git ignore execute permission changes to avoid | |
| # false positives in change detection | |
| run: | | |
| git config core.fileMode false | |
| chmod +x gradlew | |
| # Set up the languages and tools | |
| - name: Set up JDK ${{ env.JDK_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JDK_VERSION }} | |
| - name: Set up Go ${{ env.GO_VERSION }} | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| # Set up the distributed caches used to share data among jobs | |
| - name: Set up the pipeline-${{ github.run_id }}-nyx cache storing the Nyx state | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.nyx-summary.txt | |
| build/.nyx-state.json | |
| key: pipeline-${{ github.run_id }}-nyx | |
| - name: Set up the pipeline-${{ github.run_id }}-artifacts cache storing artifacts from all upstream jobs | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| modules/java/**/build/ | |
| modules/go/**/build/ | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: pipeline-${{ github.run_id }}-artifacts | |
| - name: Enable the Gradle remote cache for distributed UP TO DATE checks | |
| uses: burrunan/gradle-cache-action@v2 | |
| with: | |
| # Disable warning about missing distributionSha256Sum property in gradle-wrapper.properties | |
| gradle-distribution-sha-256-sum-warning: false | |
| # Run the actual tasks for this job | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| - name: Release | |
| env: | |
| # The variables used here are automatically configured using Terraform by | |
| # the Infrastructure project. | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ORG_GRADLE_PROJECT_gitHubUser: ${{ github.actor }} | |
| ORG_GRADLE_PROJECT_gitHubToken: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./gradlew release --build-cache --stacktrace | |
| - name: Show current GitHub rate limits for test user nyxtest20200701 | |
| if: ${{ always() }} | |
| run: curl -i https://api.github.com/users/nyxtest20200701 | grep ratelimit | |
| # Publish the job artifacts | |
| - name: Publish the Nyx state and summary as job artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ always() }} | |
| with: | |
| name: .nyx-state-${{ github.job }} | |
| path: build/.nyx-*.* | |
| include-hidden-files: true |