From f1fa7732a688c682e56b6734d4921b1a1791add5 Mon Sep 17 00:00:00 2001 From: Steve Todorov Date: Mon, 10 Jul 2023 18:39:23 +0300 Subject: [PATCH] build: Allow builds from external contributors (#729) --- .github/workflows/build.yml | 115 ++++------------------------- .github/workflows/clear-cache.yaml | 18 +++++ .github/workflows/deploy-tag.yaml | 2 +- .github/workflows/docs.yaml | 3 + 4 files changed, 35 insertions(+), 103 deletions(-) create mode 100644 .github/workflows/clear-cache.yaml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7b66e5a2..d1f18a8e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,8 @@ name: Build and test on: # Build PRs - pull_request: + pull_request_target: + types: [ opened, synchronize, reopened ] paths-ignore: - 'docs/**' - '*.md' @@ -10,6 +11,7 @@ on: - '.github/workflows/docs.yaml' - '.github/workflows/codeql*.yaml' - '.github/workflows/command-*.yaml' + - '.github/workflows/clear-cache.yaml' - '.github/workflows/deploy-tag.yaml' - '.github/workflows/prepare-release.yaml' @@ -28,6 +30,7 @@ on: - '.github/workflows/docs.yaml' - '.github/workflows/codeql*.yaml' - '.github/workflows/command-*.yaml' + - '.github/workflows/clear-cache.yaml' - '.github/workflows/deploy-tag.yaml' - '.github/workflows/prepare-release.yaml' @@ -45,6 +48,7 @@ env: jobs: build-and-test: + environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != vars.CURRENT_REPO && 'external-collaborators' || '' }} runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -55,11 +59,12 @@ jobs: #java: [ 11 ] steps: - name: Show GitHub context - run: echo "$EVENT_NAME $REPOSITORY $PR_HEAD_LABEL $IS_PR $IS_FORK" + run: echo "$EVENT_NAME $REPOSITORY $PR_HEAD_LABEL $IS_PR $IS_FORK ${{ github.event.pull_request.head.sha || github.sha }}" - name: Checkout uses: actions/checkout@v3 with: + ref: ${{ github.event.pull_request.head.sha || github.sha }} fetch-depth: '1' - name: Setup Java ${{ matrix.java }} @@ -94,10 +99,11 @@ jobs: "is_snapshot": manifest["."].toLowerCase().includes("snapshot"), "matrix": "${{ matrix.os }}", "jdk": "${{ matrix.java }}", - "is_fork": "${{ env.IS_FORK }}" + "is_fork": "${{ env.IS_FORK }}", + "branch" : "${{ github.head_ref || github.ref_name }}" } - const is_deployable = data.matrix == "ubuntu-latest" && data.jdk == "11" && data.is_fork == "false" && data.is_snapshot == true + const is_deployable = data.matrix == "ubuntu-latest" && data.jdk == "11" && data.is_fork == "false" && data.branch == "master" && data.is_snapshot == true console.log("Data: ", data); console.log("Is deployable: " + is_deployable); @@ -112,8 +118,8 @@ jobs: uses: crazy-max/ghaction-import-gpg@v5 if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }} with: + fingerprint: ${{ vars.GPG_FINGERPRINT }} gpg_private_key: ${{ secrets.GPG_KEY }} - fingerprint: ${{ secrets.GPG_KEY_ID }} passphrase: ${{ secrets.GPG_PASS }} trust_level: 5 @@ -131,7 +137,7 @@ jobs: # it from October 2020. Please update to at least Java 11. # [WARNING] No analysis for external contributors - sorry. # Check https://github.com/carlspring/s3fs-nio/pull/77#issuecomment-686804207 - if: ${{ matrix.os == 'ubuntu-latest' && matrix.java == '11' && env.IS_FORK == 'false' }} + if: ${{ matrix.os == 'ubuntu-latest' && matrix.java == '11' }} env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -150,104 +156,9 @@ jobs: # Publish snapshot only when on master branch, version is actually snapshot and from just one of the matrix jobs. - name: Publish snapshot (only on master branch) - if: ${{ github.ref_name == 'master' && fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }} + if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }} env: S3FS_PUBLISH_SONATYPE_USER: "${{ secrets.S3FS_PUBLISH_SONATYPE_USER }}" S3FS_PUBLISH_SONATYPE_PASS: "${{ secrets.S3FS_PUBLISH_SONATYPE_PASS }}" run: | ./gradlew publish - -# run-it-minio: -# runs-on: ${{ matrix.os }} -# needs: [build-matrix] -# strategy: -# fail-fast: false -# matrix: -# os: [ubuntu-latest] -# java: [ 8, 11.0.3 ] -# steps: -# - name: Checkout -# uses: actions/checkout@v2 -# - name: Setup Java ${{ matrix.java }} -# uses: actions/setup-java@v1 -# with: -# java-version: ${{ matrix.java }} -# - name: Cache local Maven repository -# uses: actions/cache@v2 -# with: -# path: ~/.m2/repository -# # https://github.com/actions/cache/issues/2#issuecomment-673493515 -# # Example: unix timestamp -# key: ${{ runner.os }}-maven-${{ secrets.MVN_CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }} -# restore-keys: | -# ${{ runner.os }}-maven-${{ secrets.MVN_CACHE_VERSION }}- -# - name: Cache Docker images -# id: docker-cache -# uses: actions/cache@v2 -# with: -# path: ${{ github.workspace }}/docker-image-cache.tar -# # https://github.com/actions/cache/issues/2#issuecomment-673493515 -# # Example: unix timestamp -# key: ${{ runner.os }}-docker-${{ secrets.DOCKER_CACHE_VERSION }}-${{ hashFiles('${{ github.workspace }}/docker-image-cache.tar') }} -# restore-keys: | -# ${{ runner.os }}-docker-${{ secrets.DOCKER_CACHE_VERSION }}- -# - name: Load docker image cache -# if: steps.docker-cache.outputs.cache-hit == 'true' -# run: | -# cat ${{ github.workspace }}/docker-image-cache.tar | docker load -# docker images | grep -iE "minio|testcontainers" -# - name: Docker info -# run: docker info -# - name: Maven Version -# run: mvn --version -# - name: MinIO integration tests. -# run: mvn clean install -Pit-minio -# env: -# S3FS_BUCKET_NAME: "s3fs-nio-minio" -# # access key must be >= 3 chars or authentication will fail. -# S3FS_ACCESS_KEY: "access_key" -# # secret key must be >= 8 chars or authentication will fail. -# S3FS_SECRET_KEY: "secret_key" -# S3FS_PROTOCOL: "http" -# # TODO: These are necessary since the current logic in EnvironmentBuilder assumes we are using S3. -# S3FS_REGION: "local" -# # TODO: Adding this env var in advance, we might or might not need it after the test containers task is completed. -# # https://github.com/carlspring/s3fs-nio/issues/60 -# S3FS_PORT: 9000 -# - name: Save docker images -# run: docker save minio/minio testcontainers/ryuk > ${{ github.workspace }}/docker-image-cache.tar - -# run-it-s3: -# runs-on: ${{ matrix.os }} -# strategy: -# fail-fast: true -# matrix: -# # TODO: We should, at some point, have the same matrix as `build-matrix`. -# os: [ubuntu-latest, windows-latest] -# java: [ 8 ] -# steps: -# - name: Checkout -# uses: actions/checkout@v2 -# - name: Setup Java ${{ matrix.java }} -# uses: actions/setup-java@v1 -# with: -# java-version: ${{ matrix.java }} -# - name: Cache local Maven repository -# uses: actions/cache@v2 -# with: -# path: ~/.m2/repository -# # https://github.com/actions/cache/issues/2#issuecomment-673493515 -# # Example: unix timestamp -# key: ${{ runner.os }}-maven-${{ secrets.MVN_CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }} -# restore-keys: | -# ${{ runner.os }}-maven-${{ secrets.MVN_CACHE_VERSION }}- -# - name: Maven Version -# run: mvn --version -# - name: S3 integration tests. -# run: mvn clean install -Pit-s3 -# env: -# S3FS_BUCKET_NAME: ${{ secrets.S3FS_BUCKET_NAME }} -# S3FS_ACCESS_KEY: ${{ secrets.S3FS_ACCESS_KEY }} -# S3FS_SECRET_KEY: ${{ secrets.S3FS_SECRET_KEY }} -# S3FS_REGION: ${{ secrets.S3FS_REGION }} -# S3FS_PROTOCOL: "https" diff --git a/.github/workflows/clear-cache.yaml b/.github/workflows/clear-cache.yaml new file mode 100644 index 00000000..a0d713d1 --- /dev/null +++ b/.github/workflows/clear-cache.yaml @@ -0,0 +1,18 @@ +name: Clear Cache + +on: + workflow_dispatch: +# schedule: +# - cron: '0 0 * * *' # Runs once a day (https://crontab.guru/once-a-day) + +permissions: + actions: write + +jobs: + clear: + name: Clear cache + runs-on: ubuntu-latest + steps: + - uses: MyAlbum/purge-cache@v1 + with: + max-age: 1 diff --git a/.github/workflows/deploy-tag.yaml b/.github/workflows/deploy-tag.yaml index 19af0e47..9fc30538 100644 --- a/.github/workflows/deploy-tag.yaml +++ b/.github/workflows/deploy-tag.yaml @@ -41,8 +41,8 @@ jobs: - name: Setup key uses: crazy-max/ghaction-import-gpg@v5 with: + fingerprint: ${{ vars.GPG_FINGERPRINT }} gpg_private_key: ${{ secrets.GPG_KEY }} - fingerprint: ${{ secrets.GPG_KEY_ID }} passphrase: ${{ secrets.GPG_PASS }} trust_level: 5 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 673325f8..5f635a24 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -25,11 +25,14 @@ env: jobs: docs: + environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != vars.CURRENT_REPO && 'external-collaborators' || '' }} runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha || github.sha }} - name: Build docks working-directory: docs