-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Publish Maven Build Scan composite action
- Loading branch information
Showing
10 changed files
with
363 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
name: TEST - Publish Maven Build Scans | ||
|
||
on: | ||
pull_request: | ||
|
||
jobs: | ||
create-and-save-build-scan: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout current repository | ||
uses: actions/checkout@v4 | ||
- name: Checkout Maven sample project | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: 'gradle/gradle-enterprise-build-config-samples' | ||
path: 'sample' | ||
ref: 'main' | ||
- name: Set up JDK 8 | ||
uses: actions/setup-java@v3 | ||
with: | ||
java-version: '8' | ||
distribution: 'temurin' | ||
- name: Run Maven Build | ||
working-directory: ./sample/common-gradle-enterprise-maven-configuration | ||
run: mvn clean -B | ||
- name: Save Maven Build Scan | ||
uses: ./maven/build-scan/save | ||
|
||
load-metadata: | ||
runs-on: ubuntu-latest | ||
needs: check-tos-approval | ||
outputs: | ||
extension-versions: ${{ steps.load.outputs.extension-versions }} | ||
steps: | ||
- name: Load Gradle Enterprise extension versions to publish Build Scans for | ||
id: load | ||
uses: ./maven/build-scan/load-metadata | ||
|
||
publish-build-scan: | ||
runs-on: ubuntu-latest | ||
needs: load-metadata | ||
strategy: | ||
matrix: | ||
version: ${{ fromJson(needs.load-metadata.outputs.extension-versions) }} | ||
steps: | ||
- name: Publish Maven Build Scans | ||
uses: ./maven/build-scan/publish | ||
with: | ||
gradle-enterprise-url: 'https://foo.bar' | ||
gradle-enterprise-extension-version: ${{ matrix.version }} | ||
gradle-enterprise-access-key: 'foo' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,11 +2,12 @@ | |
|
||
A collection of composite Github Actions | ||
|
||
## gradle-check-tos | ||
## terms-of-service/verify | ||
|
||
A composite action to check that Gradle Terms of Service have been approved. | ||
A composite action to verify that Gradle Terms of Service have been approved. | ||
|
||
The action succeeds if the pull-request contributors are recorded in the signature file, fails otherwise. | ||
Contributors can approve the Terms of Service by commenting the pull-request, explore the [cla-assistant-lite documentation](https://github.com/marketplace/actions/cla-assistant-lite) for more details. | ||
|
||
**Dependencies**: | ||
|
||
|
@@ -42,7 +43,7 @@ on: | |
pull_request_target: | ||
|
||
jobs: | ||
gradle-check-tos: | ||
check-terms-of-service-approval: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
# required to update signature file | ||
|
@@ -54,7 +55,7 @@ jobs: | |
statuses: write | ||
steps: | ||
- name: Gradle - Terms of Service approval verification | ||
uses: gradle/github-actions/check-tos@v1.0 | ||
uses: gradle/github-actions/terms-of-service/verify@v1.0 | ||
with: | ||
# tos-location can also point to a file in a Github repository with this syntax: /<owner>/<repo>/blob/<branch>/tos.html | ||
tos-location: 'https://foo.bar/tos.html' | ||
|
@@ -68,10 +69,11 @@ jobs: | |
#github-token: ${{ secrets.MY_PAT }} | ||
``` | ||
|
||
## maven/build-scan-save | ||
## maven/build-scan/save | ||
A Composite action to save an unpublished Maven Build Scan®. | ||
|
||
The action saves unpublished Build Scan® data as a workflow artifact with name `maven-build-scan-data`, which can then be published in a dependent workflow. | ||
To simplify the Build Scan® publication process later on, a file containing the Gradle Enterprise Maven extension version(s) is saved as an additional workflow artifact with name `maven-build-scan-metadata`. | ||
|
||
Use this action in your existing pull-request workflows to allow Build Scan® to be published. Since these workflows are running in an untrusted context, they do not have access to the required secrets to publish the Build Scan® directly. | ||
|
||
|
@@ -98,5 +100,86 @@ Insert the `Save Build Scan` step after each Maven execution step in the Github | |
- name: Build with Maven | ||
run: mvn clean package | ||
- name: Save Build Scan | ||
uses: gradle/github-actions/maven/[email protected] | ||
[...]``` | ||
uses: gradle/github-actions/maven/build-scan/[email protected] | ||
[...] | ||
``` | ||
|
||
## maven/build-scan/publish | ||
|
||
A composite action to publish all Maven Build Scans® saved as workflow artifacts when validating a pull-request (by the `maven/build-scan/save` action). | ||
|
||
This action is called from a new workflow with a `workflow_run` event trigger in order to run just after the existing pull-request workflow has completed. | ||
This event allows access to the repository secrets (_Gradle Enterprise Access Key_) which is required to publish Build Scans® to Gradle Enterprise when authentication is enabled. | ||
|
||
The Build Scan® publication requires the Gradle Terms of Service to be approved, this can be achieved by adding a workflow using the `terms-of-service/verify` action. | ||
The `pull-request-check/verify` action is used to ensure this workflow passed successfully. | ||
|
||
`dawidd6/action-download-artifact` action is used to download Artifacts uploaded by a different workflow. | ||
|
||
**Dependencies**: | ||
|
||
- [dawidd6/action-download-artifact](https://github.com/marketplace/actions/download-workflow-artifact) | ||
|
||
**Event Trigger**: | ||
- `workflow_run` | ||
|
||
**Action inputs**: | ||
|
||
| Name | Description | Default | | ||
|---------------------------------------|----------------------------------------------------|---------| | ||
| `gradle-enterprise-url` | Gradle Enterprise URL | | | ||
| `gradle-enterprise-extension-version` | Gradle Enterprise Maven extension version | | | ||
| `gradle-enterprise-access-key` | *Optional*: Gradle Enterprise access key | | | ||
| `gradle-enterprise-allow-untrusted` | *Optional*: Gradle Enterprise allow-untrusted flag | `false` | | ||
|
||
**Usage**: | ||
|
||
_Note:_ | ||
Some parameters need to be adjusted here: | ||
- The workflow name (here `PR Check`) has to be adjusted to the `name` used in the workflow run to validate pull-requests | ||
- The workflow-job-name (here `check-terms-of-service-approval`) has to be adjusted to the job `name` used in the workflow to verify the Terms of Service approval. | ||
- The Gradle Enterprise URL (here `https://<MY_GE_URL>`) | ||
- The secret name holding the Gradle Enterprise access key (here `<GE_ACCESS_KEY>`) | ||
|
||
```yaml | ||
name: Publish Maven Build Scans | ||
|
||
on: | ||
workflow_run: | ||
workflows: [ "PR Check" ] | ||
types: [ completed ] | ||
|
||
jobs: | ||
|
||
verify-terms-of-service-approval: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Verify check terms of service approval job passed | ||
uses: gradle/github-actions/pull-request-check/[email protected] | ||
with: | ||
workflow-job-name: 'check-terms-of-service-approval' | ||
|
||
load-metadata: | ||
runs-on: ubuntu-latest | ||
needs: verify-terms-of-service-approval | ||
outputs: | ||
extension-versions: ${{ steps.load.outputs.extension-versions }} | ||
steps: | ||
- name: Load Gradle Enterprise extension versions to publish Build Scans for | ||
id: load | ||
uses: gradle/github-actions/maven/build-scan/[email protected] | ||
|
||
publish-build-scan: | ||
runs-on: ubuntu-latest | ||
needs: load-metadata | ||
strategy: | ||
matrix: | ||
version: ${{ fromJson(needs.load-metadata.outputs.extension-versions) }} | ||
steps: | ||
- name: Publish Maven Build Scans | ||
uses: gradle/github-actions/maven/build-scan/[email protected] | ||
with: | ||
gradle-enterprise-url: 'https://<MY_GE_URL>' | ||
gradle-enterprise-extension-version: ${{ matrix.version }} | ||
gradle-enterprise-access-key: ${{ secrets.<GE_ACCESS_KEY> }} | ||
``` |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Collect Gradle Enterprise extension versions from Build Metadata | ||
description: Collect Gradle Enterprise extension versions from Build Metadata | ||
|
||
outputs: | ||
extension-versions: | ||
description: 'Array of Gradle Enterprise Maven Extension versions to publish Build Scans for' | ||
value: ${{ steps.collect-versions.outputs.VERSIONS }} | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: Download Build Scan metadata | ||
uses: dawidd6/action-download-artifact@v2 | ||
env: | ||
METADATA_ARTIFACT_NAME: 'maven-build-scan-metadata' | ||
with: | ||
run_id: ${{ github.event.workflow_run.id }} | ||
name: ${{ env.METADATA_ARTIFACT_NAME }} | ||
path: ${{ env.METADATA_ARTIFACT_NAME }} | ||
- name: Collect Gradle Enterprise extension versions | ||
env: | ||
METADATA_ARTIFACT_NAME: 'maven-build-scan-metadata' | ||
METADATA_FILE_NAME: 'ge-extension-versions.txt' | ||
id: collect-versions | ||
run: | | ||
# concatenate all metadata files in one single file | ||
find ${{ env.METADATA_ARTIFACT_NAME }}/ -type f -name '*-${{ env.METADATA_FILE_NAME }}' -exec cat {} \; > ${{ env.METADATA_FILE_NAME }} | ||
# create json array from unified file | ||
VERSIONS=$(jq -R -s -c 'split("\n") | unique | map(select(length > 0))' < ${{ env.METADATA_FILE_NAME }}) | ||
# add as output | ||
echo "VERSIONS=$VERSIONS" >> $GITHUB_OUTPUT | ||
shell: bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
name: Publish Maven Build Scans | ||
description: Publish Maven Build Scans | ||
|
||
inputs: | ||
gradle-enterprise-url: | ||
description: 'Gradle Enterprise URL' | ||
required: true | ||
gradle-enterprise-access-key: | ||
description: 'Gradle Enterprise access key' | ||
required: false | ||
gradle-enterprise-extension-version: | ||
description: 'Gradle Enterprise extension version' | ||
required: true | ||
gradle-enterprise-allow-untrusted: | ||
description: 'Gradle Enterprise allow-untrusted flag' | ||
default: 'false' | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: Download Build Scans | ||
uses: dawidd6/action-download-artifact@v2 | ||
env: | ||
ARTIFACT_NAME: 'maven-build-scan-data' | ||
with: | ||
run_id: ${{ github.event.workflow_run.id }} | ||
name: ${{ env.ARTIFACT_NAME }} | ||
path: ${{ env.ARTIFACT_NAME }} | ||
- name: Restore Build Scans | ||
env: | ||
ARTIFACT_NAME: 'maven-build-scan-data' | ||
BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
run: | | ||
mkdir -p ${{ env.BUILD_SCAN_DIR }} | ||
cp -r ${{ env.ARTIFACT_NAME }}/* ${{ env.BUILD_SCAN_DIR }} | ||
shell: bash | ||
- name: Create Maven Project Structure | ||
env: | ||
PROJECT_DIR: 'maven-build-scan-publisher' | ||
run: | | ||
mkdir -p ${{ env.PROJECT_DIR }}/.mvn | ||
cat > ${{ env.PROJECT_DIR }}/pom.xml << EOF | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<groupId>com.gradle</groupId> | ||
<artifactId>${{ env.PROJECT_DIR }}</artifactId> | ||
<version>1.0</version> | ||
<name>Maven Build Scan Publisher</name> | ||
</project> | ||
EOF | ||
cat > ${{ env.PROJECT_DIR }}/.mvn/extensions.xml << EOF | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<extensions> | ||
<extension> | ||
<groupId>com.gradle</groupId> | ||
<artifactId>gradle-enterprise-maven-extension</artifactId> | ||
<version>${{ inputs.gradle-enterprise-extension-version }}</version> | ||
</extension> | ||
</extensions> | ||
EOF | ||
cat > ${{ env.PROJECT_DIR }}/.mvn/gradle-enterprise.xml << EOF | ||
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?> | ||
<gradleEnterprise | ||
xmlns="https://www.gradle.com/gradle-enterprise-maven" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://www.gradle.com/gradle-enterprise-maven https://www.gradle.com/schema/gradle-enterprise-maven.xsd"> | ||
<server> | ||
<url>${{ inputs.gradle-enterprise-url }}</url> | ||
<allowUntrusted>${{ inputs.gradle-enterprise-allow-untrusted }}</allowUntrusted> | ||
</server> | ||
</gradleEnterprise> | ||
EOF | ||
shell: bash | ||
- name: Set up JDK 17 | ||
uses: actions/setup-java@v3 | ||
with: | ||
java-version: '17' | ||
distribution: 'temurin' | ||
- name: Publish build scan | ||
env: | ||
BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ inputs.gradle-enterprise-access-key }} | ||
PROJECT_DIR: 'maven-build-scan-publisher' | ||
working-directory: ${{ env.PROJECT_DIR }} | ||
run: | | ||
set +e | ||
nbScans=$(find ${{ env.BUILD_SCAN_DIR }}${{ inputs.gradle-enterprise-extension-version }}/previous/* -type d | wc -l) | ||
for ((i=1; i <= $nbScans; i++)) | ||
do | ||
echo "BUILD SCAN PUBLICATION $i/$nbScans" | ||
mvn gradle-enterprise:build-scan-publish-previous | ||
done | ||
shell: bash |
Oops, something went wrong.