From f468d92c89ca2182422aec2e96aee3e9e13a389d Mon Sep 17 00:00:00 2001
From: Marco Belladelli <marcobladel@gmail.com>
Date: Wed, 30 Oct 2024 17:02:58 +0100
Subject: [PATCH] HHH-18678 Specific task for CI build and separate step for
 format checks

---
 .github/workflows/ci.yml  | 101 +++++++++++++++++++++++++++++++++++---
 ci/build.sh               |   2 +-
 gradle/java-module.gradle |  30 ++++++++++-
 3 files changed, 124 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index db2988192b..eaef3f8725 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,7 +8,7 @@ on:
     branches:
       - 'main'
 
-permissions: {} # none
+permissions: { } # none
 
 # See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting.
 concurrency:
@@ -41,10 +41,10 @@ jobs:
           - rdbms: db2
           - rdbms: mssql
           - rdbms: sybase
-# Running with CockroachDB requires at least 2-4 vCPUs, which we don't have on GH Actions runners
-#          - rdbms: cockroachdb
-# Running with HANA requires at least 8GB memory just for the database, which we don't have on GH Actions runners
-#          - rdbms: hana
+    # Running with CockroachDB requires at least 2-4 vCPUs, which we don't have on GH Actions runners
+    #          - rdbms: cockroachdb
+    # Running with HANA requires at least 8GB memory just for the database, which we don't have on GH Actions runners
+    #          - rdbms: hana
     steps:
       - uses: actions/checkout@v4
         with:
@@ -141,7 +141,7 @@ jobs:
       contents: read
     name: GraalVM 21 - ${{matrix.rdbms}}
     #    runs-on: ubuntu-latest
-    runs-on: [self-hosted, Linux, X64, OCI]
+    runs-on: [ self-hosted, Linux, X64, OCI ]
     strategy:
       fail-fast: false
       matrix:
@@ -233,5 +233,94 @@ jobs:
           name: test-reports-java11-${{ matrix.rdbms }}
           path: |
             ./**/target/reports/tests/
+      - name: Omit produced artifacts from build cache
+        run: ./ci/before-cache.sh
+
+  # Static code analysis check
+  format_checks:
+    permissions:
+      contents: read
+    name: Static code analysis
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Reclaim disk space and sanitize user home
+        run: .github/ci-prerequisites-atlas.sh
+      - name: Set up Java 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Generate cache key
+        id: cache-key
+        run: |
+          CURRENT_BRANCH="${{ github.repository != 'hibernate/hibernate-orm' && 'fork' || github.base_ref || github.ref_name }}"
+          CURRENT_MONTH=$(/bin/date -u "+%Y-%m")
+          CURRENT_DAY=$(/bin/date -u "+%d")
+          ROOT_CACHE_KEY="buildtool-cache-atlas"
+          echo "buildtool-monthly-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}" >> $GITHUB_OUTPUT
+          echo "buildtool-monthly-branch-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}" >> $GITHUB_OUTPUT
+          echo "buildtool-cache-key=${ROOT_CACHE_KEY}-${CURRENT_MONTH}-${CURRENT_BRANCH}-${CURRENT_DAY}" >> $GITHUB_OUTPUT
+      - name: Cache Maven/Gradle Dependency/Dist Caches
+        id: cache-maven
+        uses: actions/cache@v4
+        # if it's not a pull request, we restore and save the cache
+        if: github.event_name != 'pull_request'
+        with:
+          path: |
+            ~/.m2/repository/
+            ~/.m2/wrapper/
+            ~/.gradle/caches/modules-2
+            ~/.gradle/wrapper/
+          # A new cache will be stored daily. After that first store of the day, cache save actions will fail because the cache is immutable but it's not a problem.
+          # The whole cache is dropped monthly to prevent unlimited growth.
+          # The cache is per branch but in case we don't find a branch for a given branch, we will get a cache from another branch.
+          key: ${{ steps.cache-key.outputs.buildtool-cache-key }}
+          restore-keys: |
+            ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}-
+            ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}-
+      - name: Restore Maven/Gradle Dependency/Dist Caches
+        uses: actions/cache/restore@v4
+        # if it a pull request, we restore the cache but we don't save it
+        if: github.event_name == 'pull_request'
+        with:
+          path: |
+            ~/.m2/repository/
+            ~/.m2/wrapper/
+            ~/.gradle/caches/modules-2
+            ~/.gradle/wrapper/
+          key: ${{ steps.cache-key.outputs.buildtool-cache-key }}
+          restore-keys: |
+            ${{ steps.cache-key.outputs.buildtool-monthly-branch-cache-key }}-
+            ${{ steps.cache-key.outputs.buildtool-monthly-cache-key }}-    
+
+      - name: Run build script
+        run: ./gradlew formatChecks
+        env:
+          # For jobs running on 'push', publish build scan and cache immediately.
+          # This won't work for pull requests, since they don't have access to secrets.
+          POPULATE_REMOTE_GRADLE_CACHE: ${{ github.event_name == 'push' && github.repository == 'hibernate/hibernate-orm' && 'true' || 'false' }}
+          DEVELOCITY_ACCESS_KEY: "${{ secrets.DEVELOCITY_ACCESS_KEY }}"
+
+      # For jobs running on 'pull_request', upload build scan data.
+      # The actual publishing must be done in a separate job (see ci-report.yml).
+      # We don't write to the remote cache as that would be unsafe.
+      - name: Upload GitHub Actions artifact for the Develocity build scan
+        uses: actions/upload-artifact@v4
+        if: "${{ github.event_name == 'pull_request' && !cancelled() }}"
+        with:
+          name: build-scan-data-sca
+          path: ~/.gradle/build-scan-data
+
+      - name: Upload test reports (if Gradle failed)
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: test-reports-java11-sca
+          path: |
+            ./**/target/reports/tests/
       - name: Omit produced artifacts from build cache
         run: ./ci/before-cache.sh
\ No newline at end of file
diff --git a/ci/build.sh b/ci/build.sh
index deba1eb221..a9716a03a1 100755
--- a/ci/build.sh
+++ b/ci/build.sh
@@ -82,4 +82,4 @@ function logAndExec() {
   exec "${@}"
 }
 
-logAndExec ./gradlew check ${goal} "${@}" -Plog-test-progress=true --stacktrace
+logAndExec ./gradlew ciCheck ${goal} "${@}" -Plog-test-progress=true --stacktrace
diff --git a/gradle/java-module.gradle b/gradle/java-module.gradle
index 3cb648efaf..cacd9ef43f 100644
--- a/gradle/java-module.gradle
+++ b/gradle/java-module.gradle
@@ -447,7 +447,7 @@ tasks.copyResourcesToIntelliJOutFolder.mustRunAfter processTestResources
 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // Report configs
 
-task enforceRules {
+tasks.register('enforceRules') {
 	doLast {
 		def illegalImport = ~/^import (sun|java.awt|org.slf4j)/
 		def missingNewline = ~/^\s*}\s*(else|catch|finally)/
@@ -512,8 +512,34 @@ spotless {
 	}
 }
 
-tasks.spotlessApply.dependsOn enforceRules
+tasks.check.dependsOn enforceRules
 
+tasks.register( "ciCheck" ) {
+	// Task used by CI builds
+	group "verification"
+	description "Checks for CI environments"
+	dependsOn tasks.check
+
+	// These are already enforced by the formatChecks task
+	spotlessApply {
+		enabled = false
+	}
+	spotlessJavaApply {
+		enabled = false
+	}
+	enforceRules {
+		enabled = false
+	}
+}
+
+tasks.register( "formatChecks" ) {
+	// Only runs static code analysis, doesn't require compilation
+	group "verification"
+	description "Code style and formatting checks"
+
+	dependsOn tasks.spotlessCheck
+	dependsOn tasks.enforceRules
+}
 
 class CompilerStubsArgumentProvider implements CommandLineArgumentProvider {