Add static-checks Github Action (#13347)

* Adds static-checks github action * bug fixes * bug fixes * adds maven install step * update permissions on scripts folder * fix license check errors * attempt for parallelization * fix concurrency * fix naming * remove intellij inspections to add in different CI pipeline * minimize naming, add new lines * setting hadoop profile through matrix * also runs on push triggers to master and release branches * changes on review
2022-11-17 17:20:16 +05:30 · 2022-11-17 17:20:16 +05:30 · 8e9e46b519
parent 78d0b0abce
commit 8e9e46b519
3 changed files with 246 additions and 0 deletions
--- a/.github/scripts/display_dependency_analysis_error_message.sh
+++ b/.github/scripts/display_dependency_analysis_error_message.sh
@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{ echo "
+    The dependency analysis has found a dependency that is either:
+
+    1) Used and undeclared: These are available as a transitive dependency but should be explicitly
+    added to the POM to ensure the dependency version. The XML to add the dependencies to the POM is
+    shown above.
+
+    2) Unused and declared: These are not needed and removing them from the POM will speed up the build
+    and reduce the artifact size. The dependencies to remove are shown above.
+
+    If there are false positive dependency analysis warnings, they can be suppressed:
+    https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html#usedDependencies
+    https://maven.apache.org/plugins/maven-dependency-plugin/examples/exclude-dependencies-from-dependency-analysis.html
+
+    For more information, refer to:
+    https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html
+
+    " && false; }
--- a/.github/scripts/setup_generate_license.sh
+++ b/.github/scripts/setup_generate_license.sh
@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+sudo apt-get update && sudo apt-get install python3 -y
+curl https://bootstrap.pypa.io/pip/3.5/get-pip.py | sudo -H python3
+pip3 install wheel  # install wheel first explicitly
+pip3 install --upgrade pyyaml
--- a/.github/workflows/static-checks.yml
+++ b/.github/workflows/static-checks.yml
@ -0,0 +1,194 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Static Checks CI
+on:
+  push:
+    branches:
+      - master
+      - /^\d+\.\d+\.\d+(-\S*)?$/ # release branches
+  pull_request:
+    branches:
+      - master
+      - /^\d+\.\d+\.\d+(-\S*)?$/ # release branches
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+env:
+  MVN: mvn -B
+  MAVEN_SKIP: -P skip-static-checks -Dweb.console.skip=true -Dmaven.javadoc.skip=true
+  MAVEN_SKIP_TESTS: -P skip-tests
+  MAVEN_OPTS: -Xmx3000m
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: |
+          echo 'Running Maven install...' &&
+          ${MVN} clean install -q -ff -pl '!distribution,!:druid-it-image,!:druid-it-cases' ${MAVEN_SKIP} ${MAVEN_SKIP_TESTS} -T1C &&
+          ${MVN} install -q -ff -pl 'distribution' ${MAVEN_SKIP} ${MAVEN_SKIP_TESTS}
+
+  animal_sniffer_checks:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: ${MVN} animal-sniffer:check --fail-at-end
+
+  checkstyle:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: ${MVN} checkstyle:checkstyle --fail-at-end
+
+  enforcer_checks:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: ${MVN} enforcer:enforce --fail-at-end
+
+  forbidden_api_checks:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: ${MVN} forbiddenapis:check forbiddenapis:testCheck --fail-at-end
+
+  pmd_checks:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: ${MVN} pmd:check --fail-at-end  # TODO: consider adding pmd:cpd-check
+
+  spotbugs_checks:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: ${MVN} spotbugs:check --fail-at-end -pl '!benchmarks'
+
+  license_checks:
+    runs-on: ubuntu-latest
+    needs: [build]
+    strategy:
+      matrix:
+        HADOOP_PROFILE: ['', '-Phadoop3']
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: |
+          ./.github/scripts/setup_generate_license.sh
+          ${MVN} apache-rat:check -Prat --fail-at-end \
+          -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
+          -Drat.consoleOutput=true ${{ matrix.HADOOP_PROFILE }}
+          # Generate dependency reports and checks they are valid.
+          mkdir -p target
+          distribution/bin/generate-license-dependency-reports.py . target --clean-maven-artifact-transfer --parallel 2
+          distribution/bin/check-licenses.py licenses.yaml target/license-reports
+
+  script_checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        # who watches the watchers?
+      - run: ./check_test_suite_test.py
+
+  analyze_dependencies:
+    runs-on: ubuntu-latest
+    needs: [build]
+    strategy:
+      matrix:
+        HADOOP_PROFILE: [ '', '-Phadoop3' ]
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '8'
+          cache: 'maven'
+      - run: |-
+          ${MVN} ${MAVEN_SKIP} dependency:analyze -DoutputXML=true -DignoreNonCompile=true -DfailOnWarning=true ${{ matrix.HADOOP_PROFILE }} ||
+          ./.github/scripts/display_dependency_analysis_error_message.sh
+
+  openjdk11_strict_compilation:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup java 11
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '11'
+          cache: 'maven'
+
+        # errorprone requires JDK 11
+        # Strict compilation requires more than 2 GB
+      - run: |
+          ${MVN} clean -DstrictCompile compile test-compile --fail-at-end ${MAVEN_SKIP} ${MAVEN_SKIP_TESTS}