Skip to content

Commit

Permalink
chore: various ci job fixups
Browse files Browse the repository at this point in the history
- fix: publish failed test reports as artifact
- fix: coverage reporting
- fix: separate jobs for dependency graph and build
- fix: warnings yielded by detekt job

Signed-off-by: Sam Gammon <sam@elide.ventures>
  • Loading branch information
sgammon committed Feb 22, 2024
1 parent 3348ff8 commit 7bd65d4
Show file tree
Hide file tree
Showing 8 changed files with 209 additions and 88 deletions.
7 changes: 0 additions & 7 deletions .github/codeql/codeql-config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,3 @@ languages:

queries:
- uses: security-and-quality

paths:
- packages

paths-ignore:
- .codebase
- build
4 changes: 4 additions & 0 deletions .github/workflows/checks.codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ name: "CodeQL"
schedule:
- cron: "0 0-23/2 * * *"

push:
branches:
- main

permissions:
contents: read

Expand Down
113 changes: 113 additions & 0 deletions .github/workflows/job.build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
name: "Build"

"on":
workflow_dispatch: {}
workflow_call:
inputs: {}
secrets:
GRADLE_CONFIGURATION_KEY:
description: "Gradle cache key"
required: false
BUILDLESS_APIKEY:
description: "Buildless key"
required: false

permissions:
contents: read

jobs:
##
## Job: Build
##
gradle:
strategy:
fail-fast: false
matrix:
os: [Ubuntu]
mode: ["Strict"]
machine:
- "ubuntu-latest"

name: "Build (${{ matrix.os }})"
runs-on: ${{ matrix.machine }}
continue-on-error: ${{ matrix.mode != 'Strict' }}

defaults:
run:
shell: bash

outputs:
hashes: ${{ steps.hash.outputs.hashes }}

steps:
- name: "Setup: Harden Runner"
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
persist-credentials: false
- name: "Setup: Cache Restore (Build)"
id: cache-restore-build
uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
key: pkl-v1-build-${{ hashFiles('gradle/libs.versions.toml') }}
restore-keys: |
pkl-v1-build-${{ hashFiles('gradle/libs.versions.toml') }}
pkl-v1-build-
pkl-v1-
pkl-
path: |
.gradle/
build/
.codebase/
.kotlin/
./*/build/bin
./*/build/classes
./*/build/kotlin
./*/build/klib
./*/build/generated
./*/build/generated-sources
- name: "Setup: Java 21"
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'adopt'
java-version: '21'
- name: "Setup: GraalVM (Java 21)"
uses: graalvm/setup-graalvm@d72e3dbf5f44eb0b78c4f8ec61a262d8bf9b94af # v1.1.7
with:
distribution: "graalvm"
java-version: 21
check-for-updates: false
github-token: ${{ secrets.GITHUB_TOKEN }}
set-java-home: 'false'
- name: "🛠️ Build"
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
id: gradlebuild
env:
CI: true
with:
cache-read-only: true
cache-encryption-key: ${{ secrets.GRADLE_CONFIGURATION_KEY }}
gradle-home-cache-cleanup: true
arguments: build -x test -x check
build-scan-publish: true
build-scan-terms-of-service-url: "https://gradle.com/terms-of-service"
build-scan-terms-of-service-agree: "yes"
- name: "Artifact: Caches"
uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
key: ${{ steps.cache-restore.outputs.cache-primary-key }}
path: |
.gradle/
build/
.codebase/
.kotlin/
./*/build/bin
./*/build/classes
./*/build/kotlin
./*/build/klib
./*/build/generated
./*/build/generated-sources
46 changes: 2 additions & 44 deletions .github/workflows/job.dependency-graph.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,8 @@ jobs:
## Job: Build+Submit Dependency Graph
##
gradle:
strategy:
fail-fast: false
matrix:
os: [Ubuntu]
mode: ["Strict"]
machine:
- "ubuntu-latest"

name: "Build (${{ matrix.os }})"
runs-on: ${{ matrix.machine }}
continue-on-error: ${{ matrix.mode != 'Strict' }}
name: "Dependency Graph"
runs-on: "ubuntu-latest"

permissions:
## Needed for submission of dependency graphs
Expand Down Expand Up @@ -79,39 +70,6 @@ jobs:
with:
distribution: 'adopt'
java-version: '21'
- name: "Setup: GraalVM (Java 21)"
uses: graalvm/setup-graalvm@d72e3dbf5f44eb0b78c4f8ec61a262d8bf9b94af # v1.1.7
with:
distribution: "graalvm"
java-version: 21
check-for-updates: false
github-token: ${{ secrets.GITHUB_TOKEN }}
set-java-home: 'false'
- name: "🛠️ Build"
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
id: gradlebuild
env:
CI: true
with:
cache-read-only: true
cache-encryption-key: ${{ secrets.GRADLE_CONFIGURATION_KEY }}
gradle-home-cache-cleanup: true
arguments: dependencies build -x test -x check --scan
- name: "🛠️ Dependency Graph"
uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
continue-on-error: true
- name: "Artifact: Caches"
uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
key: ${{ steps.cache-restore.outputs.cache-primary-key }}
path: |
.gradle/
build/
.codebase/
.kotlin/
./*/build/bin
./*/build/classes
./*/build/kotlin
./*/build/klib
./*/build/generated
./*/build/generated-sources
65 changes: 55 additions & 10 deletions .github/workflows/job.native-build.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,51 @@
name: "Native Build"

"on":
workflow_dispatch: {}
workflow_dispatch:
inputs:
release:
type: boolean
default: false
description: "Release build"
macos:
type: boolean
default: true
description: "macOS"
linux:
type: boolean
default: true
description: "Linux"
windows:
type: boolean
default: false
description: "Windows"
artifact:
type: string
default: ""
description: "Artifact prefix"

workflow_call:
inputs:
release:
type: boolean
default: false
description: "Release build"
macos:
type: boolean
default: true
description: "macOS"
linux:
type: boolean
default: true
description: "Linux"
windows:
type: boolean
default: false
description: "Windows"
artifact:
type: string
default: ""
description: "Artifact prefix"

secrets:
GRADLE_CONFIGURATION_KEY:
Expand All @@ -30,18 +68,23 @@ jobs:
matrix:
os: [Ubuntu]
mode: ["Strict"]
tag: ["linux-amd64"]
tag: ["linux-amd64-${{ fromJson(inputs.release) && 'opt' || 'dev' }}"]
machine: ["ubuntu-latest"]
target: [":pkl-cli:linuxExecutableAmd64"]
enabled:
- ${{ fromJson(inputs.linux) }}
include:
- os: macOS x64
tag: macos-x64
tag: macos-x64-${{ fromJson(inputs.release) && 'opt' || 'dev' }}
machine: macos-13
target: :pkl-cli:macExecutableAmd64
enabled: ${{ fromJson(inputs.macos) }}
- os: macOS aarch64
tag: macos-aarch64
tag: macos-aarch64-${{ fromJson(inputs.release) && 'opt' || 'dev' }}
machine: macos-13-xlarge
target: :pkl-cli:macExecutableAarch64
enabled: ${{ fromJson(inputs.macos) }}

# Windows build is currently broken.
#
# - os: Windows
Expand All @@ -51,6 +94,7 @@ jobs:

name: "Native CLI (${{ matrix.os }})"
runs-on: ${{ matrix.machine }}
if: ${{ matrix.enabled }}

defaults:
run:
Expand Down Expand Up @@ -119,13 +163,14 @@ jobs:
${{ matrix.target || ':pkl-cli:assembleNative' }}
-PnativeRelease=${{ inputs.release }}
- name: "Artifact: Native CLI"
if: success()
uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
key: pkl-native-${{ matrix.tag }}
path: |
./pkl-cli/build/distributions/pkl-*.zip
./pkl-cli/build/distributions/pkl-*.tar
name: "${{ inputs.artifact || 'pkl-cli-latest' }}-${{ matrix.tag }}"
path: ./pkl-cli/build/distributions/pkl*.*
if-no-files-found: warn
retention-days: 14
compression-level: 1
overwrite: true
- name: "Artifact: Caches"
uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
Expand Down
13 changes: 12 additions & 1 deletion .github/workflows/job.tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -98,10 +98,21 @@ jobs:
build-scan-publish: true
build-scan-terms-of-service-url: "https://gradle.com/terms-of-service"
build-scan-terms-of-service-agree: "yes"
arguments: test koverVerify reports -x check
arguments: test koverVerify koverXmlReport koverHtmlReport koverBinaryReport reports -x check
- name: "Artifact: Test Reports"
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
if: success() || failure()
with:
name: "pkl-test-reports-${{ github.ref }}"
path: "./build/reports/**/*.*"
if-no-files-found: warn
retention-days: 7
compression-level: 4
overwrite: true
- name: "Reporting: Coverage"
uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1
continue-on-error: true
if: success()
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: elide-dev/pkl
Expand Down
37 changes: 23 additions & 14 deletions .github/workflows/on.pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,44 +68,53 @@ jobs:
tasks
##
## Job: Build + Submit Dependency Graph
## Job: Build
##
dependency-graph:
build:
name: "Build"
uses: ./.github/workflows/job.dependency-graph.yml
uses: ./.github/workflows/job.build.yml
needs: [preflight-checks]
secrets:
GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }}
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}

##
## Job: Native Build
##
native-build:
name: "Build"
uses: ./.github/workflows/job.native-build.yml
needs: [preflight-checks, build]
secrets:
GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }}
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
permissions:
## Needed for build graph publishing
contents: "write"
contents: "read"

##
## Job: Tests
##
pr-tests:
name: "Tests"
uses: ./.github/workflows/job.tests.yml
needs: [preflight-checks, dependency-graph]
needs: [preflight-checks, build]
secrets:
GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }}
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
with:
native: false

##
## Job: Native Build
## Job: Submit Dependency Graph
##
native-build:
name: "Build"
uses: ./.github/workflows/job.native-build.yml
needs: [preflight-checks, dependency-graph]
dependency-graph:
name: "Checks"
uses: ./.github/workflows/job.dependency-graph.yml
needs: [preflight-checks]
secrets:
GRADLE_CONFIGURATION_KEY: ${{ secrets.GRADLE_CONFIGURATION_KEY }}
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
permissions:
contents: "read"
## Needed for build graph publishing
contents: "write"

##
## Job: API Check
Expand Down
Loading

0 comments on commit 7bd65d4

Please sign in to comment.