d8ae9dfea3
This brings forward the build and release automation changes from 4.1 (#10879, #10883, #10884, #10886, #10888, #10889, #10893, #10900, #10933, #10945, #10966, #10968, #11002, and #11019) to 5.0. Details are as follows: * Use Github workflows for CI (#10879) Motivation: We should just use GitHub Actions for the CI Modifications: - Adjust docker / docker compose files - Add different workflows and jobs to deploy and build the project Result: Don't depend on external CI services * Fix non leak build condition * Only use build and deploy workflows for 4.1 for now * Add deploy job for cross compiled aarch64 (#10883) Motivation: We should also deploy snapshots for our cross compiled native jars. Modifications: - Add job and docker files for deploying cross compiled native jars - Ensure we map the maven cache into our docker containers Result: Deploy aarch64 jars and re-use cache * Use correct docker-compose file to deploy cross compiled artifacts * Use correct docker-compose task to deploy for cross compiled artifacts * Split pr and normal build (#10884) Motivation: We should better use seperate workflows for PR and normal builds Modifications: - Split workflows - Better cache reuse Result: Cleanup * Only deploy snapshots for one arch Motivation: We need to find a way to deploy SNAPSHOTS for different arch with the same timestamp. Otherwise it will cause problems. See https://github.com/netty/netty/issues/10887 Modification: Skip all other deploys then x86_64 Result: Users are able to use SNAPSHOTS for x86_6 * Use maven cachen when running analyze job (#10888) Motivation: To prevent failures to problems while downloading dependencies we shoud cache these Modifications: Add maven cache Result: No more failures due problems while downloading dependencies * Also include one PR job that uses boringssl (#10886) Motivation: When validating PRs we should also at least run one job that uses boringssl Modifications: - Add job that uses boringssl - Cleanup docker compose files - Fix buffer leak in test Result: Also run with boringssl when PRs are validated * Use matrix for job configurations (#10889) Motivation: We can use the matrix feature to define our jobs. This reduces a lot of config Modification: Use job matrix Result: Easier to maintain * Correctly deploy artifacts that are build on different archs (#10893) Motivation: We need to take special care when deploying snapshots as we need to generate the jars in multiple steps Modifications: - Use the nexus staging pluging to stage jars locally in multiple steps - Add extra job that will merge these staged jars and deploy these Result: Fixes https://github.com/netty/netty/issues/10887 * Dont use cron for PRs Motivation: It doesnt make sense to use cron for PRs Modifications: Remove cron config Result: Cleanup * We run all combinations when validate the PR, let's just use one type for normal push Motivation: Let us just only use one build config when building the 4.1 branch. Modifications: As we already do a full validation when doing the PR builds we can just only use one build config for pushes to the "main" branches Result: Faster build times * Update action-docker-layer-caching (#10900) Motivation: We are three releases behind. Modifications: Update to latest version Result: Use up-to-date action-docker-layer-caching version * Verify we can load native modules and add job that verifies on aarch64 as well (#10933) Motivation: As shown in the past we need to verify we actually can load the native as otherwise we may introduce regressions. Modifications: - Add new maven module which tests loading of native modules - Add job that will also test loading on aarch64 Result: Less likely to introduce regressions related to loading native code in the future * Let script fail if one command fail (#10945) Motivation: We should use `set -e` to ensure we fail the script if one command fails. Modifications: Add set -e to script Result: Fail fast * Use action to report unit test errors (#10966) Motivation: To make it easier to understand why the build fails lets use an action that will report which unit test failed Modifications: - Replace custom script with action-surefire-report Result: Easier to understand test failures * Use custom script to check for build failures (#10968) Motivation: It turns out we can't use the action to check for build failures as it can't be used when a PR is done from a fork. Let's just use our simple script. Modifications: - Replace action with custom script Result: Builds for PRs that are done via forks work again. * Publish test results after PR run (#11002) Motivation: To make it easier to understand why a build failed let us publish the rest results Modifications: Use a new workflow to be able to publish the test reports Result: Easier to understand why a PR did fail * Fix test reports name * Add workflow to cut releases (#11019) Motivation: Doing releases manually is error-prone, it would be better if we could do it via a workflow Modification: - Add workflow to cut releases - Add related scripts Result: Be able to easily cut a release via a workflow * Update build for master branch Motivation: The build changes were brought forward from 4.1, and contain many things specific to 4.1. Modification: Changed baseline Java version from 8 to 11, and changed branch references from "4.1" to "master". Result: Builds should now work for the master branch. Co-authored-by: Norman Maurer <norman_maurer@apple.com>
85 lines
3.0 KiB
YAML
85 lines
3.0 KiB
YAML
# For most projects, this workflow file will not need changing; you simply need
|
||
# to commit it to your repository.
|
||
#
|
||
# You may wish to alter this file to override the set of languages analyzed,
|
||
# or to provide custom queries or build logic.
|
||
name: "CodeQL"
|
||
|
||
on:
|
||
push:
|
||
branches: ["4.1", master]
|
||
pull_request:
|
||
# The branches below must be a subset of the branches above
|
||
branches: ["4.1", master]
|
||
schedule:
|
||
- cron: '0 13 * * 3'
|
||
|
||
jobs:
|
||
analyze:
|
||
name: Analyze
|
||
runs-on: ubuntu-latest
|
||
|
||
strategy:
|
||
fail-fast: false
|
||
matrix:
|
||
# Override automatic language detection by changing the below list
|
||
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
|
||
language: ['java', 'cpp' ]
|
||
# Learn more...
|
||
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
|
||
|
||
steps:
|
||
- name: Checkout repository
|
||
uses: actions/checkout@v2
|
||
with:
|
||
# We must fetch at least the immediate parents so that if this is
|
||
# a pull request then we can checkout the head.
|
||
fetch-depth: 2
|
||
|
||
# Cache .m2/repository
|
||
- uses: actions/cache@v2
|
||
env:
|
||
cache-name: verify-cache-m2-repository
|
||
with:
|
||
path: ~/.m2/repository
|
||
key: ${{ runner.os }}-pr-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
|
||
restore-keys: |
|
||
${{ runner.os }}-pr-${{ env.cache-name }}-
|
||
${{ runner.os }}-pr-
|
||
|
||
# If this run was triggered by a pull request event, then checkout
|
||
# the head of the pull request instead of the merge commit.
|
||
- run: git checkout HEAD^2
|
||
if: ${{ github.event_name == 'pull_request' }}
|
||
|
||
# Initializes the CodeQL tools for scanning.
|
||
- name: Initialize CodeQL
|
||
uses: github/codeql-action/init@v1
|
||
with:
|
||
languages: ${{ matrix.language }}
|
||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||
# By default, queries listed here will override any specified in a config file.
|
||
# Prefix the list here with "+" to use these queries and those in the config file.
|
||
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
||
|
||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||
# If this step fails, then you should remove it and run the build manually (see below)
|
||
# - name: Autobuild
|
||
# uses: github/codeql-action/autobuild@v1
|
||
|
||
# ℹ️ Command-line programs to run using the OS shell.
|
||
# 📚 https://git.io/JvXDl
|
||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
||
# and modify them (or add more) to build your code if your project
|
||
# uses a compiled language
|
||
- uses: actions/setup-java@v1
|
||
with:
|
||
java-version: '11' # The JDK version to make available on the path.
|
||
|
||
- run: ./mvnw clean package -DskipTests=true -ntp -B
|
||
|
||
- name: Perform CodeQL Analysis
|
||
uses: github/codeql-action/analyze@v1
|