Hibernate/hibernate-orm
1
0
Fork 0
mirror of https://github.com/hibernate/hibernate-orm synced 2025-03-07 18:29:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
hibernate-orm/.github/workflows/atlas.yml
Gavin King 054aeff78b completely remove checkstyle and replace it with a simple regex check 
This is ~ 2 orders of magnitude faster on my machine, so it can be
executed as part of the compileJava task. Also, it actually logs the
failures, instead of making me go hunt for them in some generated
HTML-based report.
2024-09-30 13:10:09 -05:00

117 lines
4.9 KiB
YAML
Raw Blame History

# The main CI of Hibernate ORM is https://ci.hibernate.org/job/hibernate-orm-pipeline/.
# However, Hibernate ORM builds run on GitHub actions regularly
# to check that it still works and can be used in GitHub forks.
# See https://docs.github.com/en/free-pro-team@latest/actions
# for more information about GitHub actions.
name: Hibernate ORM build-Atlas
on:
push:
branches:
- 'main'
# WARNING: Using pull_request_target to access secrets, but we check out the PR head commit.
# See checkout action for details.
pull_request_target:
branches:
- 'main'
permissions: {} # none
# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting.
concurrency:
# Consider that two builds are in the same concurrency group (cannot run concurrently)
# if they use the same workflow and are about the same branch ("ref") or pull request.
group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}"
# Cancel previous builds in the same concurrency group even if they are in process
# for pull requests or pushes to forks (not the upstream repository).
cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-orm' }}
jobs:
build:
permissions:
contents: read
name: ORM
# runs-on: ubuntu-latest
runs-on: [self-hosted, Linux, X64, OCI]
strategy:
fail-fast: false
matrix:
include:
- rdbms: oracle_atps
- rdbms: oracle_db19c
- rdbms: oracle_db21c
- rdbms: oracle_db23c
steps:
- name: Check out commit already pushed to branch
if: "! github.event.pull_request.number"
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Check out PR head
uses: actions/checkout@v4
if: github.event.pull_request.number
with:
# WARNING: This is potentially dangerous since we're checking out unreviewed code,
# and since we're using the pull_request_target event we can use secrets.
# Thus, we must be extra careful to never expose secrets to steps that execute this code,
# and to strictly limit our of secrets to those that only pose minor security threats.
# This means in particular we won't expose Develocity credentials to the main gradle executions,
# but instead will execute gradle a second time just to push build scans to Develocity;
# see below.
ref: "refs/pull/${{ github.event.pull_request.number }}/head"
persist-credentials: false
- name: Reclaim Disk Space
run: .github/ci-prerequisites.sh
- name: Start database
env:
RDBMS: ${{ matrix.rdbms }}
RUNID: ${{ github.run_number }}
run: ci/database-start.sh
- name: Set up Java 17
uses: graalvm/setup-graalvm@v1
with:
distribution: 'graalvm'
java-version: '21'
- name: Get year/month for cache key
id: get-date
run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT
shell: bash
- name: Cache Maven local repository
uses: actions/cache@v4
id: cache-maven
with:
path: |
~/.m2/repository
~/.gradle/caches/
~/.gradle/wrapper/
# refresh cache every month to avoid unlimited growth
key: maven-localrepo-${{ steps.get-date.outputs.yearmonth }}
- name: Run build script
env:
RDBMS: ${{ matrix.rdbms }}
RUNID: ${{ github.run_number }}
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
# WARNING: As this runs on untrusted nodes, we use the same access key as for PRs:
# it has limited access, essentially it can only push build scans.
DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR || '' }}"
run: ./ci/build-github.sh
shell: bash
- name: Publish Develocity build scan for previous build
# Don't fail a build if publishing fails
continue-on-error: true
if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-orm' }}"
run: |
./gradlew buildScanPublishPrevious
env:
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
- name: Upload test reports (if Gradle failed)
uses: actions/upload-artifact@v4
if: failure()
with:
name: test-reports-java11-${{ matrix.rdbms }}
path: |
./**/target/reports/tests/
- name: Omit produced artifacts from build cache
run: ./ci/before-cache.sh
Reference in New Issue View Git Blame Copy Permalink