This is an automated email from the ASF dual-hosted git repository.
DaanHoogland pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 583a1e0dfb0 Refactor github actions (#12774)
583a1e0dfb0 is described below
commit 583a1e0dfb04501b2d81413016cfee8d1300f6a2
Author: Vishesh <[email protected]>
AuthorDate: Tue May 26 16:23:19 2026 +0530
Refactor github actions (#12774)
---
.../install-nonoss/action.yml} | 45 +++------
.github/actions/setup-env/action.yml | 58 +++++++++++
.github/workflows/build.yml | 40 +++-----
.github/workflows/ci.yml | 109 +++++++++++----------
.github/workflows/codecov.yml | 59 -----------
.github/workflows/codeql-analysis.yml | 10 +-
.github/workflows/daily-repo-status.lock.yml | 10 +-
.github/workflows/docker-cloudstack-simulator.yml | 8 +-
.github/workflows/main-sonar-check.yml | 61 ++++++------
.github/workflows/merge-conflict-checker.yml | 20 ++--
.github/workflows/pre-commit.yml | 18 ++--
.github/workflows/rat.yml | 27 +++--
.github/workflows/sonar-check.yml | 60 +++++-------
.github/workflows/stale.yml | 4 +-
.github/workflows/ui.yml | 12 ++-
15 files changed, 258 insertions(+), 283 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml
b/.github/actions/install-nonoss/action.yml
similarity index 52%
copy from .github/workflows/codeql-analysis.yml
copy to .github/actions/install-nonoss/action.yml
index cb1fa88a102..39a03213c29 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/actions/install-nonoss/action.yml
@@ -15,34 +15,17 @@
# specific language governing permissions and limitations
# under the License.
-name: CodeQL Analysis
-on:
- push:
- branches: [main]
- pull_request:
- branches: [main]
-permissions:
- actions: read
- contents: read
- security-events: write
-jobs:
- codeql:
- name: CodeQL
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- language: ["actions"]
- steps:
- - name: Checkout repository
- uses: actions/checkout@v6
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v4
- with:
- languages: ${{ matrix.language }}
- - name: Autobuild
- uses: github/codeql-action/autobuild@v4
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v4
- with:
- category: "Security"
+name: 'Install CloudStack Non-OSS'
+description: 'Clones and installs the shapeblue/cloudstack-nonoss repository.'
+
+runs:
+ using: "composite"
+ steps:
+ - name: Install cloudstack-nonoss
+ shell: bash
+ run: |
+ git clone --depth 1 https://github.com/shapeblue/cloudstack-nonoss.git
nonoss
+ cd nonoss
+ bash -x install-non-oss.sh
+ cd ..
+ rm -fr nonoss
diff --git a/.github/actions/setup-env/action.yml
b/.github/actions/setup-env/action.yml
new file mode 100644
index 00000000000..0f842522924
--- /dev/null
+++ b/.github/actions/setup-env/action.yml
@@ -0,0 +1,58 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: 'Setup CloudStack Environment'
+description: 'Sets up JDK (with Maven cache), optionally Python, and
optionally APT build dependencies for CloudStack.'
+
+inputs:
+ java-version:
+ description: 'The JDK version to use'
+ required: false
+ default: '17'
+ install-python:
+ description: 'Whether to install Python 3.10'
+ required: false
+ default: 'false'
+ install-apt-deps:
+ description: 'Whether to install CloudStack APT build dependencies'
+ required: false
+ default: 'false'
+
+runs:
+ using: "composite"
+ steps:
+ - name: Set up JDK ${{ inputs.java-version }}
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.2.0
+ with:
+ java-version: ${{ inputs.java-version }}
+ distribution: 'adopt'
+ architecture: x64
+ cache: 'maven'
+
+ - name: Set up Python
+ if: ${{ inputs.install-python == 'true' }}
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
+ with:
+ python-version: '3.10'
+ architecture: x64
+
+ - name: Install Build Dependencies
+ if: ${{ inputs.install-apt-deps == 'true' }}
+ shell: bash
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y git uuid-runtime genisoimage netcat-openbsd
ipmitool build-essential libgcrypt20 libgpg-error-dev libgpg-error0
libopenipmi0 libpython3-dev libssl-dev libffi-dev python3-openssl python3-dev
python3-setuptools
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4c33a131343..4eb508f5f6f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,40 +16,27 @@
# under the License.
name: Build
-
-on: [push, pull_request]
-
+on:
+ - push
+ - pull_request
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.ref }}
- cancel-in-progress: true
-
+ cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
permissions:
contents: read
-
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- - uses: actions/checkout@v6
-
- - name: Set up JDK 17
- uses: actions/setup-java@v5
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
- distribution: 'temurin'
- java-version: '17'
- cache: 'maven'
+ persist-credentials: false
- - name: Set up Python
- uses: actions/setup-python@v6
+ - name: Setup Environment
+ uses: ./.github/actions/setup-env
with:
- python-version: '3.10'
- architecture: 'x64'
-
- - name: Install Build Dependencies
- run: |
- sudo apt-get update
- sudo apt-get install -y git uuid-runtime genisoimage netcat ipmitool
build-essential libgcrypt20 libgpg-error-dev libgpg-error0 libopenipmi0
ipmitool libpython3-dev libssl-dev libffi-dev python3-openssl python3-dev
python3-setuptools
-
+ install-python: 'true'
+ install-apt-deps: 'true'
- name: Env details
run: |
uname -a
@@ -60,9 +47,8 @@ jobs:
free -m
nproc
git status
-
+ - name: Install Non-OSS
+ uses: ./.github/actions/install-nonoss
- name: Noredist Build
run: |
- git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
&& cd nonoss && bash -x install-non-oss.sh && cd ..
- rm -fr nonoss
mvn -B -P developer,systemvm -Dsimulator -Dnoredist clean install
-T$(nproc)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 52c47b26de8..e9d03bf1209 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,21 +16,56 @@
# under the License.
name: Simulator CI
-
-on: [push, pull_request]
-
+on:
+ - push
+ - pull_request
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.ref }}
- cancel-in-progress: true
-
+ cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
permissions:
contents: read
-
jobs:
build:
if: github.repository == 'apache/cloudstack'
runs-on: ubuntu-24.04
-
+ steps:
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ with:
+ fetch-depth: 0
+ persist-credentials: false
+ - name: Setup Environment
+ uses: ./.github/actions/setup-env
+ with:
+ install-python: 'true'
+ install-apt-deps: 'true'
+ - name: Env details
+ run: |
+ uname -a
+ whoami
+ javac -version
+ mvn -v
+ python3 --version
+ free -m
+ nproc
+ git status
+ ipmitool -V
+ - name: Build with Maven
+ run: |
+ mvn -B -P developer,systemvm -Dsimulator clean install
-DskipTests=true -T$(nproc)
+ - name: Archive artifacts
+ run: |
+ mkdir -p /tmp/artifacts
+ tar -czf /tmp/artifacts/targets.tar.gz $(find . -name "target" -type
d) tools/marvin/dist engine/schema/dist utils/conf
+ tar -czf /tmp/artifacts/m2-cloudstack.tar.gz -C ~/.m2/repository
org/apache/cloudstack
+ - name: Upload artifacts
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
# v7.0.1
+ with:
+ name: build-artifacts
+ path: /tmp/artifacts/
+ test:
+ needs: build
+ if: github.repository == 'apache/cloudstack'
+ runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
@@ -215,30 +250,16 @@ jobs:
smoke/test_list_service_offerings
smoke/test_list_storage_pools
smoke/test_list_volumes"]
-
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
fetch-depth: 0
-
- - name: Set up JDK 17
- uses: actions/setup-java@v5
+ persist-credentials: false
+ - name: Setup Environment
+ uses: ./.github/actions/setup-env
with:
- distribution: 'temurin'
- java-version: '17'
- cache: 'maven'
-
- - name: Set up Python
- uses: actions/setup-python@v6
- with:
- python-version: '3.10'
- architecture: 'x64'
-
- - name: Install Build Dependencies
- run: |
- sudo apt-get update
- sudo apt-get install -y git uuid-runtime genisoimage netcat-openbsd
ipmitool build-essential libgcrypt20 libgpg-error-dev libgpg-error0
libopenipmi0 ipmitool libpython3-dev libssl-dev libffi-dev python3-openssl
python3-dev python3-setuptools
-
+ install-python: 'true'
+ install-apt-deps: 'true'
- name: Setup IPMI Tool for CloudStack
run: |
# Create cloudstack-common directory if it doesn't exist
@@ -256,28 +277,13 @@ jobs:
/usr/share/cloudstack-common/ipmitool -C3 $@
EOF
sudo chmod 755 /usr/bin/ipmitool
-
- name: Install Python dependencies
run: |
python3 -m pip install --user --upgrade urllib3 lxml paramiko nose
texttable ipmisim pyopenssl pycryptodome mock flask netaddr pylint pycodestyle
six astroid pynose
-
- name: Install jacoco dependencies
run: |
wget
https://github.com/jacoco/jacoco/releases/download/v0.8.10/jacoco-0.8.10.zip
unzip jacoco-0.8.10.zip -d jacoco
-
- - name: Env details
- run: |
- uname -a
- whoami
- javac -version
- mvn -v
- python3 --version
- free -m
- nproc
- git status
- ipmitool -V
-
- name: Setup MySQL Server
run: |
#
https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2004-Readme.md#mysql
@@ -286,25 +292,28 @@ jobs:
sudo mysql -uroot -proot -e "ALTER USER 'root'@'localhost'
IDENTIFIED WITH caching_sha2_password BY ''; FLUSH PRIVILEGES;"
sudo systemctl restart mysql
sudo mysql -uroot -e "SELECT VERSION();"
-
- - name: Build with Maven
+ - name: Download artifacts
+ uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+ with:
+ name: build-artifacts
+ path: /tmp/artifacts/
+ - name: Extract artifacts
run: |
- mvn -B -P developer,systemvm -Dsimulator clean install
-DskipTests=true -T$(nproc)
-
+ tar -xzf /tmp/artifacts/targets.tar.gz
+ mkdir -p ~/.m2/repository
+ tar -xzf /tmp/artifacts/m2-cloudstack.tar.gz -C ~/.m2/repository
- name: Setup Simulator Prerequisites
run: |
sudo python3 -m pip install --upgrade netaddr mysql-connector-python
python3 -m pip install --user --upgrade
tools/marvin/dist/[mM]arvin-*.tar.gz
mvn -q -Pdeveloper -pl developer -Ddeploydb
mvn -q -Pdeveloper -pl developer -Ddeploydb-simulator
-
- name: Generate jacoco-coverage.sh
run: |
echo "java -jar jacoco/lib/jacococli.jar report jacoco-it.exec \\" >
jacoco-report.sh
find . | grep "target/classes" | sed 's/\/classes\//\/classes /g' |
awk '{print "--classfiles", $1, "\\"}' | sort |uniq >> jacoco-report.sh
find . | grep "src/main/java" | sed 's/\/java\//\/java /g' | awk
'{print "--sourcefiles", $1, "\\"}' | sort | uniq >> jacoco-report.sh
echo "--xml jacoco-coverage.xml" >> jacoco-report.sh
-
- name: Start CloudStack Management Server with Simulator
run: |
export MAVEN_OPTS="-Xmx4096m -XX:MaxMetaspaceSize=800m
-Djava.security.egd=file:/dev/urandom
-javaagent:jacoco/lib/jacocoagent.jar=address=*,port=36320,output=tcpserver
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-exports=java.base/sun.security.x509=ALL-UNNAMED
--add-opens=java.base/jdk.internal.reflect=ALL-UNNAMED"
@@ -315,7 +324,6 @@ jobs:
set -e
echo -e "\nStarting Advanced Zone DataCenter deployment"
python3 tools/marvin/marvin/deployDataCenter.py -i
setup/dev/advdualzone.cfg 2>&1 || true
-
- name: Run Integration Tests with Simulator
run: |
mkdir -p integration-test-results/smoke/misc
@@ -335,13 +343,12 @@ jobs:
bash jacoco-report.sh
mvn -Dsimulator -pl client jetty:stop 2>&1
find /tmp//MarvinLogs -type f -exec echo -e "Printing marvin logs {}
:\n" \; -exec cat {} \;
-
- name: Integration Tests Result
run: |
echo -e "Simulator CI Test Results: (only failures listed)\n"
python3 ./tools/marvin/xunit-reader.py integration-test-results/
- - uses: codecov/codecov-action@v6
+ - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354
# v6.0.1
with:
files: jacoco-coverage.xml
fail_ci_if_error: true
diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml
deleted file mode 100644
index 0ee10baa385..00000000000
--- a/.github/workflows/codecov.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-name: Coverage Check
-
-on: [pull_request, push]
-
-permissions:
- contents: read
-
-concurrency:
- group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.ref }}
- cancel-in-progress: true
-
-jobs:
- build:
- if: github.repository == 'apache/cloudstack'
- name: codecov
- runs-on: ubuntu-22.04
- steps:
- - uses: actions/checkout@v6
- with:
- fetch-depth: 0
-
- - name: Set up JDK 17
- uses: actions/setup-java@v5
- with:
- distribution: 'temurin'
- java-version: '17'
- cache: 'maven'
-
- - name: Build CloudStack with Quality Checks
- run: |
- git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
- cd nonoss && bash -x install-non-oss.sh && cd ..
- mvn -P quality -Dsimulator -Dnoredist clean install -T$(nproc)
-
- - uses: codecov/codecov-action@v6
- with:
- files: ./client/target/site/jacoco-aggregate/jacoco.xml
- fail_ci_if_error: true
- flags: unittests
- verbose: true
- name: codecov
- token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml
b/.github/workflows/codeql-analysis.yml
index cb1fa88a102..a2d581dcac2 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -35,14 +35,16 @@ jobs:
language: ["actions"]
steps:
- name: Checkout repository
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ with:
+ persist-credentials: false
- name: Initialize CodeQL
- uses: github/codeql-action/init@v4
+ uses:
github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
with:
languages: ${{ matrix.language }}
- name: Autobuild
- uses: github/codeql-action/autobuild@v4
+ uses:
github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba #
v4.35.5
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v4
+ uses:
github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
with:
category: "Security"
diff --git a/.github/workflows/daily-repo-status.lock.yml
b/.github/workflows/daily-repo-status.lock.yml
index 35eb5d409a4..f8ce13c3cee 100644
--- a/.github/workflows/daily-repo-status.lock.yml
+++ b/.github/workflows/daily-repo-status.lock.yml
@@ -102,7 +102,7 @@ jobs:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.
with:
- persist-credentials:
+ persist-credentials: false
- name: Create gh-aw temp
run: bash /opt/gh-aw/actions/create_gh_aw_tmp_dir.
- name: Configure Git
@@ -789,7 +789,7 @@ jobs:
destination: /opt/gh-aw/
- name: Download agent output
continue-on-error:
- uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v6.0.
+ uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: agent-
path: /tmp/gh-aw/safeoutputs/
@@ -886,13 +886,13 @@ jobs:
destination: /opt/gh-aw/
- name: Download agent
continue-on-error:
- uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v6.0.
+ uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: agent-
path: /tmp/gh-aw/threat-detection/
- name: Download agent output
continue-on-error:
- uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v6.0.
+ uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: agent-
path: /tmp/gh-aw/threat-detection/
@@ -998,7 +998,7 @@ jobs:
destination: /opt/gh-aw/
- name: Download agent output
continue-on-error:
- uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v6.0.
+ uses:
actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: agent-
path: /tmp/gh-aw/safeoutputs/
diff --git a/.github/workflows/docker-cloudstack-simulator.yml
b/.github/workflows/docker-cloudstack-simulator.yml
index 96c9400935c..dc00968563d 100644
--- a/.github/workflows/docker-cloudstack-simulator.yml
+++ b/.github/workflows/docker-cloudstack-simulator.yml
@@ -35,10 +35,10 @@ concurrency:
jobs:
build:
if: github.repository == 'apache/cloudstack'
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Login to Docker Registry
- uses: docker/login-action@v4
+ uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 #
v4.1.0
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKERHUB_USER }}
@@ -47,7 +47,9 @@ jobs:
- name: Set Docker repository name
run: echo "DOCKER_REPOSITORY=apache" >> $GITHUB_ENV
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ with:
+ persist-credentials: false
- name: Set ACS version
run: echo "ACS_VERSION=$(grep '<version>' pom.xml | head -2 | tail -1
| cut -d'>' -f2 |cut -d'<' -f1)" >> $GITHUB_ENV
diff --git a/.github/workflows/main-sonar-check.yml
b/.github/workflows/main-sonar-check.yml
index 7ccd6600ab9..ad58d07a989 100644
--- a/.github/workflows/main-sonar-check.yml
+++ b/.github/workflows/main-sonar-check.yml
@@ -15,54 +15,51 @@
# specific language governing permissions and limitations
# under the License.
-name: Main Branch Sonar Quality Check
-
+name: Sonar Quality Check (Main)
+permissions:
+ contents: read
on:
push:
branches:
- main
-
-permissions:
- contents: read # to fetch code (actions/checkout)
- pull-requests: write # for sonar to comment on pull-request
-
+concurrency:
+ group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.ref }}
+ cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
build:
if: github.repository == 'apache/cloudstack'
- name: Main Sonar JaCoCo Build
- runs-on: ubuntu-22.04
+ name: Sonar JaCoCo Coverage
+ runs-on: ubuntu-24.04
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
fetch-depth: 0
-
- - name: Set up JDK17
- uses: actions/setup-java@v5
+ persist-credentials: false
+ - name: Setup Environment
+ uses: ./.github/actions/setup-env
with:
- distribution: 'temurin'
- java-version: '17'
- cache: 'maven'
-
+ install-python: 'true'
+ install-apt-deps: 'true'
- name: Cache SonarCloud packages
- uses: actions/cache@v5
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
-
- - name: Cache local Maven repository
- uses: actions/cache@v5
- with:
- path: ~/.m2/repository
- key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml',
'*/*/pom.xml', '*/*/*/pom.xml') }}
- restore-keys: |
- ${{ runner.os }}-m2
-
- - name: Run Tests with Coverage
+ - name: Install Non-OSS
+ uses: ./.github/actions/install-nonoss
+ - name: Run Build and Tests with Coverage
+ run: mvn -B -T$(nproc) -P developer,systemvm,quality -Dsimulator
-Dnoredist clean install
+ - name: Upload to SonarQube
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- run: |
- git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
- cd nonoss && bash -x install-non-oss.sh && cd ..
- mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dsonar.projectKey=apache_cloudstack
+ run: mvn -B -P quality
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dsonar.projectKey=apache_cloudstack -Dsonar.branch.name=${{ github.ref_name }}
+ - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354
# v6.0.1
+ with:
+ files: ./client/target/site/jacoco-aggregate/jacoco.xml
+ fail_ci_if_error: true
+ flags: unittests
+ verbose: true
+ name: codecov
+ token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/merge-conflict-checker.yml
b/.github/workflows/merge-conflict-checker.yml
index 2c826a47c7e..f23719f7183 100644
--- a/.github/workflows/merge-conflict-checker.yml
+++ b/.github/workflows/merge-conflict-checker.yml
@@ -29,14 +29,14 @@ concurrency:
jobs:
triage:
permissions:
- pull-requests: write # for eps1lon/actions-label-merge-conflict to
label PRs
- runs-on: ubuntu-22.04
+ pull-requests: write # for eps1lon/actions-label-merge-conflict to label
PRs
+ runs-on: ubuntu-24.04
steps:
- - name: Conflict Check
- uses: eps1lon/[email protected]
- with:
- repoToken: "${{ secrets.GITHUB_TOKEN }}"
- dirtyLabel: "status:has-conflicts"
- removeOnDirtyLabel: "status:ready-for-review"
- continueOnMissingPermissions: true
- commentOnDirty: "This pull request has merge conflicts. Dear author,
please fix the conflicts and sync your branch with the base branch."
+ - name: Conflict Check
+ uses:
eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 #
v3.0.3
+ with:
+ repoToken: "${{ secrets.GITHUB_TOKEN }}"
+ dirtyLabel: "status:has-conflicts"
+ removeOnDirtyLabel: "status:ready-for-review"
+ continueOnMissingPermissions: true
+ commentOnDirty: "This pull request has merge conflicts. Dear author,
please fix the conflicts and sync your branch with the base branch."
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 895a597659d..1ea00be9112 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -29,17 +29,23 @@ concurrency:
jobs:
pre-commit:
name: Run pre-commit
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Check Out
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ with:
+ persist-credentials: false
+ - name: Set up Python
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #
v6.2.0
+ with:
+ python-version: '3.11'
+ cache: 'pip'
- name: Install
- run: |
- python -m pip install --upgrade pip
- pip install pre-commit
+ run: pip install pre-commit
- name: Set PY
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- - uses: actions/cache@v5
+ - name: Cache pre-commit environments
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.PY }}|${{
hashFiles('.pre-commit-config.yaml') }}
diff --git a/.github/workflows/rat.yml b/.github/workflows/rat.yml
index 21b8e197d82..a36a956856e 100644
--- a/.github/workflows/rat.yml
+++ b/.github/workflows/rat.yml
@@ -16,32 +16,27 @@
# under the License.
name: License Check
-
-on: [push, pull_request]
-
+on:
+ - push
+ - pull_request
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.ref }}
- cancel-in-progress: true
-
+ cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
permissions:
contents: read
-
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- - uses: actions/checkout@v6
- - name: Set up JDK 17
- uses: actions/setup-java@v5
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
- java-version: '17'
- distribution: 'adopt'
- architecture: x64
- cache: maven
+ persist-credentials: false
+ - name: Setup Environment
+ uses: ./.github/actions/setup-env
+ - name: Install Non-OSS
+ uses: ./.github/actions/install-nonoss
- name: RAT licence checks
run: |
- git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
&& cd nonoss && bash -x install-non-oss.sh && cd ..
- rm -fr nonoss
mvn -P developer,systemvm -Dsimulator -Dnoredist -pl .
org.apache.rat:apache-rat-plugin:0.12:check
- name: Rat Report
if: always()
diff --git a/.github/workflows/sonar-check.yml
b/.github/workflows/sonar-check.yml
index 9f5c3a194bc..49a49d00958 100644
--- a/.github/workflows/sonar-check.yml
+++ b/.github/workflows/sonar-check.yml
@@ -16,58 +16,52 @@
# under the License.
name: Sonar Quality Check
-
-on: [pull_request]
-
permissions:
- contents: read # to fetch code (actions/checkout)
- pull-requests: write # for sonar to comment on pull-request
-
+ contents: read
+ pull-requests: write
+on:
+ pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.ref }}
- cancel-in-progress: true
-
+ cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
build:
- if: github.repository == 'apache/cloudstack' &&
github.event.pull_request.head.repo.full_name == github.repository
name: Sonar JaCoCo Coverage
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
with:
- ref: "refs/pull/${{ github.event.number }}/merge"
fetch-depth: 0
-
- - name: Set up JDK17
- uses: actions/setup-java@v5
+ persist-credentials: false
+ - name: Setup Environment
+ uses: ./.github/actions/setup-env
with:
- distribution: 'temurin'
- java-version: '17'
- cache: 'maven'
-
+ install-python: 'true'
+ install-apt-deps: 'true'
- name: Cache SonarCloud packages
- uses: actions/cache@v5
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
-
- - name: Cache local Maven repository
- uses: actions/cache@v5
- with:
- path: ~/.m2/repository
- key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml',
'*/*/pom.xml', '*/*/*/pom.xml') }}
- restore-keys: |
- ${{ runner.os }}-m2
-
+ - name: Install Non-OSS
+ uses: ./.github/actions/install-nonoss
- name: Run Build and Tests with Coverage
- id: coverage
+ run: mvn -B -T$(nproc) -P developer,systemvm,quality -Dsimulator
-Dnoredist clean install
+ - name: Upload to SonarQube
+ if: github.repository == 'apache/cloudstack' &&
github.event.pull_request.head.repo.full_name == github.repository
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
PR_ID: ${{ github.event.pull_request.number }}
HEADREF: ${{ github.event.pull_request.head.ref }}
run: |
- git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
- cd nonoss && bash -x install-non-oss.sh && cd ..
- mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dsonar.projectKey=apache_cloudstack -Dsonar.pullrequest.key="$PR_ID"
-Dsonar.pullrequest.branch="$HEADREF"
-Dsonar.pullrequest.github.repository=apache/cloudstack
-Dsonar.pullrequest.provider=GitHub
-Dsonar.pullrequest.github.summary_comment=true
+ mvn -B -P quality
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dsonar.projectKey=apache_cloudstack -Dsonar.pullrequest.key="$PR_ID"
-Dsonar.pullrequest.branch="$HEADREF"
-Dsonar.pullrequest.github.repository=apache/cloudstack
-Dsonar.pullrequest.provider=GitHub
-Dsonar.pullrequest.github.summary_comment=true
+ - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354
# v6.0.1
+ with:
+ files: ./client/target/site/jacoco-aggregate/jacoco.xml
+ fail_ci_if_error: true
+ flags: unittests
+ verbose: true
+ name: codecov
+ token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 842e4497a4a..5c92f23888e 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -28,7 +28,7 @@ jobs:
issues: write
pull-requests: write
steps:
- - uses: actions/stale@v10
+ - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
with:
stale-issue-message: 'This issue is stale because it has been open
for 120 days with no activity. It may be removed by administrators of this
project at any time. Remove the stale label or comment to request for removal
of it to prevent this.'
stale-pr-message: 'This PR is stale because it has been open for 120
days with no activity. It may be removed by administrators of this project at
any time. Remove the stale label or comment to request for removal of it to
prevent this.'
@@ -41,7 +41,7 @@ jobs:
days-before-pr-close: 240
exempt-issue-labels: 'gsoc,good-first-issue,long-term-plan'
exempt-pr-labels:
'status:ready-for-merge,status:needs-testing,status:on-hold'
- - uses: actions/stale@v10
+ - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
with:
stale-issue-label: 'archive'
days-before-stale: 240
diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml
index 2db8456fcba..ff27809db8f 100644
--- a/.github/workflows/ui.yml
+++ b/.github/workflows/ui.yml
@@ -28,15 +28,19 @@ permissions:
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.2
+ with:
+ persist-credentials: false
- name: Set up Node
- uses: actions/setup-node@v6
+ uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #
v6.4.0
with:
node-version: 16
+ cache: 'npm'
+ cache-dependency-path: 'ui/package-lock.json'
- name: Env details
run: |
@@ -55,7 +59,7 @@ jobs:
npm run lint
npm run test:unit
- - uses: codecov/codecov-action@v6
+ - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354
# v6.0.1
if: github.repository == 'apache/cloudstack'
with:
working-directory: ui
