This is an automated email from the ASF dual-hosted git repository.
davidarthur pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 4d182d12f6d MINOR Add status check for gradle scan (#17140)
4d182d12f6d is described below
commit 4d182d12f6deaf015894717b5a4179eed76a1bfe
Author: David Arthur <[email protected]>
AuthorDate: Mon Sep 9 15:15:47 2024 -0400
MINOR Add status check for gradle scan (#17140)
Add a commit status check so PRs can easily access the build scan.
Reviewers: Chia-Ping Tsai <[email protected]>
---
.github/actions/gh-api-update-status/action.yml | 58 ++++++++++++++++++++++
.github/workflows/build.yml | 10 ++--
.github/workflows/ci-complete.yml | 65 ++++++++++++++++++++++---
3 files changed, 124 insertions(+), 9 deletions(-)
diff --git a/.github/actions/gh-api-update-status/action.yml
b/.github/actions/gh-api-update-status/action.yml
new file mode 100644
index 00000000000..6a699d948ed
--- /dev/null
+++ b/.github/actions/gh-api-update-status/action.yml
@@ -0,0 +1,58 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+---
+name: "Update Commit Status Check"
+description: "Update the status of a commit check using the GH CLI"
+inputs:
+ gh-token:
+ description: "The GitHub token for use with the CLI"
+ required: true
+ repository:
+ description: "The repository where the commit is located"
+ default: "apache/kafka"
+ commit_sha:
+ description: "The SHA of the commit we are updating"
+ required: true
+ url:
+ description: "The URL of the status check"
+ required: false
+ default: ""
+ description:
+ description: "The text to display next to the check"
+ default: ""
+ required: false
+ context:
+ description: "The name of the status check"
+ required: true
+ state:
+ description: "The state of the check. Can be one of: error, failure,
pending, success"
+ required: true
+
+runs:
+ using: "composite"
+ steps:
+ - name: Update Check
+ shell: bash
+ env:
+ GH_TOKEN: ${{ inputs.gh-token }}
+ run: |
+ gh api --method POST -H "Accept: application/vnd.github+json" -H
"X-GitHub-Api-Version: 2022-11-28" \
+ /repos/${{ inputs.repository }}/statuses/${{ inputs.commit_sha }} \
+ -f "state=${{ inputs.state }}" -f "target_url=${{ inputs.url }}" \
+ -f "description=${{ inputs.description }}" \
+ -f "context=${{ inputs.context }}"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 60f2a132b7e..b36f3d4e388 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -62,8 +62,12 @@ jobs:
# Gradle flags
# --build-cache: Let Gradle restore the build cache
# --info: For now, we'll generate lots of logs while setting
up the GH Actions
- # --scan: Attempt to publish build scans in PRs. This will
only work on PRs from apache/kafka, not public forks.
- run: ./gradlew --build-cache --info --scan check -x test
+ # --scan: Publish the build scan. This will only work on PRs
from apache/kafka and trunk
+ # --no-scan: For public fork PRs, we won't attempt to publish the
scan
+ run: |
+ ./gradlew --build-cache --info \
+ ${{ inputs.is-public-fork == 'true' && '--no-scan' || '--scan' }} \
+ check -x test
- name: Archive check reports
if: always()
uses: actions/upload-artifact@v4
@@ -85,7 +89,7 @@ jobs:
strategy:
fail-fast: false
matrix:
- java: [ 17, 11 ]
+ java: [ 17, 11 ] # If we change these, make sure to adjust
ci-complete.yml
name: JUnit tests Java ${{ matrix.java }}
steps:
- name: Checkout code
diff --git a/.github/workflows/ci-complete.yml
b/.github/workflows/ci-complete.yml
index 73de8fcf4d1..b45b23645a7 100644
--- a/.github/workflows/ci-complete.yml
+++ b/.github/workflows/ci-complete.yml
@@ -21,14 +21,30 @@ on:
types:
- completed
+run-name: Build Scans for ${{ github.event.workflow_run.display_title}}
+
+# This workflow runs after the completion of the CI workflow triggered on a
"pull_request" event.
+# The "pull_request" event type is run in an unprivileged context without
access to the repository
+# secrets. This means that PRs from public forks cannot publish Gradle Build
Scans or modify the
+# PR contents.
+#
+# This "workflow_run" triggered workflow is run in a privileged context and so
does have access to
+# the repository secrets. Here we can download the build scan files produced
by a PR and publish
+# them to ge.apache.org.
+#
+# If we need to do things like comment on, label, or otherwise modify PRs from
public forks. This
+# workflow is the place to do it. PR number is ${{
github.event.workflow_run.pull_requests[0].number }}
+
jobs:
upload-build-scan:
- if: ${{ github.event.workflow_run.head_repository.full_name !=
'apache/kafka' }}
+ # Skip this workflow if CI was run for anything other than "pull_request"
(like "push").
+ # Also skip this workflow if the PR was from apache/kafka. Those will have
already published the build scan in CI.
+ if: ${{ github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.head_repository.full_name != 'apache/kafka' }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
- java: [ 21, 17, 11, 8 ]
+ java: [ 17, 11 ]
steps:
- name: Env
run: printenv
@@ -44,11 +60,48 @@ jobs:
with:
java-version: ${{ matrix.java }}
develocity-access-key: ${{ secrets.GE_ACCESS_TOKEN }}
- - uses: actions/download-artifact@v4
+ - name: Download build scan archive
+ id: download-build-scan
+ uses: actions/download-artifact@v4
+ continue-on-error: true
with:
github-token: ${{ github.token }}
run-id: ${{ github.event.workflow_run.id }}
name: build-scan-test-${{ matrix.java }}
- path: ~/.gradle/build-scan-data
- - name: Publish scan
- run: ./gradlew --info buildScanPublishPrevious
+ path: ~/.gradle/build-scan-data # This is where Gradle buffers
unpublished build scan data when --no-scan is given
+ - name: Handle missing scan
+ if: ${{ steps.download-build-scan.outcome == 'failure' }}
+ run: |
+ echo "Could not download build scans from ${{
github.event.workflow_run.html_url }} " >> $GITHUB_STEP_SUMMARY
+ - name: Publish Scan
+ id: publish-build-scan
+ continue-on-error: true
+ if: ${{ steps.download-build-scan.outcome == 'success' }}
+ run: |
+ ./gradlew --info buildScanPublishPrevious > gradle.out
+ SCAN_URL=$(grep '^https://.*$' gradle.out)
+ cat gradle.out
+ echo "Published build scan to $SCAN_URL" >> $GITHUB_STEP_SUMMARY
+ echo "build-scan-url=$SCAN_URL" >> $GITHUB_OUTPUT
+ - name: Handle failed publish
+ if: ${{ steps.publish-build-scan.outcome == 'failure' }}
+ uses: ./.github/actions/gh-api-update-status
+ with:
+ gh-token: ${{ secrets.GITHUB_TOKEN }}
+ repository: ${{ github.event.workflow_run.head_repository.full_name
}}
+ commit_sha: ${{ github.event.workflow_run.head_sha }}
+ url: '${{ github.event.repository.html_url }}/actions/runs/${{
github.run_id }}'
+ description: 'The build scan could not be published'
+ context: 'Gradle Build Scan / Java ${{ matrix.java }}'
+ state: 'error'
+ - name: Update Status Check
+ if: ${{ steps.publish-build-scan.outcome == 'success' }}
+ uses: ./.github/actions/gh-api-update-status
+ with:
+ gh-token: ${{ secrets.GITHUB_TOKEN }}
+ repository: ${{ github.event.workflow_run.head_repository.full_name
}}
+ commit_sha: ${{ github.event.workflow_run.head_sha }}
+ url: ${{ steps.publish-build-scan.outputs.build-scan-url }}
+ description: 'The build scan was successfully published'
+ context: 'Gradle Build Scan / Java ${{ matrix.java }}'
+ state: 'success'
