(polaris) branch main updated: Publish build scans to develocity.apache.org for build insights (#2559)

Sat, 20 Sep 2025 20:38:18 -0700 

This is an automated email from the ASF dual-hosted git repository.

yufei pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git


The following commit(s) were added to refs/heads/main by this push:
     new 27ec21525 Publish build scans to develocity.apache.org for build 
insights (#2559)
27ec21525 is described below

commit 27ec21525a10ff253c186ad4813d5017fe18e63b
Author: Clay Johnson <[email protected]>
AuthorDate: Tue Sep 16 11:42:22 2025 -0500

    Publish build scans to develocity.apache.org for build insights (#2559)
---
 .github/workflows/gradle.yml                |  8 ++++++++
 .github/workflows/helm.yml                  |  2 ++
 .github/workflows/nightly.yml               |  3 ++-
 .github/workflows/python-client.yml         |  2 ++
 .github/workflows/regtest.yml               |  2 ++
 .github/workflows/spark_client_regtests.yml |  3 +++
 README.md                                   | 13 +++++++++++++
 settings.gradle.kts                         | 17 +++++++++++++++++
 8 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index fd9f598a0..282cc46ab 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -56,6 +56,7 @@ jobs:
         env:
           # publishToMavenLocal causes a GH API requests, use the token for 
those requests
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew check sourceTarball distTar distZip publishToMavenLocal \
             -x :polaris-runtime-service:test \
@@ -94,6 +95,8 @@ jobs:
       - name: Prepare Gradle build cache
         uses: ./.github/actions/ci-incr-build-cache-prepare
       - name: Run Quarkus tests
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
             :polaris-runtime-service:test \
@@ -133,6 +136,8 @@ jobs:
         uses: ./.github/actions/ci-incr-build-cache-prepare
       - name: Run integration tests
         run: ./gradlew intTest --continue
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       - name: Save partial Gradle build cache
         uses: ./.github/actions/ci-incr-build-cache-save
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -172,5 +177,8 @@ jobs:
         with:
           cache-read-only: false
       - name: Trigger Gradle home cleanup
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: ./gradlew --no-daemon :showVersion
+
       # Note: the "Post Gradle invocation" archives the updated build cache.
diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
index 1404ec3f6..8b1748c2f 100644
--- a/.github/workflows/helm.yml
+++ b/.github/workflows/helm.yml
@@ -83,6 +83,8 @@ jobs:
           minikube docker-env
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           eval $(minikube -p minikube docker-env)
           ./gradlew \
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 4e002ce19..3463a39dd 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -62,4 +62,5 @@ jobs:
           # publishToApache causes a GH API requests, use the token for those 
requests
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.NEXUS_USER }}
-          ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.NEXUS_PW }} 
+          ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.NEXUS_PW }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
diff --git a/.github/workflows/python-client.yml 
b/.github/workflows/python-client.yml
index 8ee2d5011..1e61e8378 100644
--- a/.github/workflows/python-client.yml
+++ b/.github/workflows/python-client.yml
@@ -64,6 +64,8 @@ jobs:
           make client-unit-test
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
             :polaris-server:assemble \
diff --git a/.github/workflows/regtest.yml b/.github/workflows/regtest.yml
index 459f8186b..e0ea027d2 100644
--- a/.github/workflows/regtest.yml
+++ b/.github/workflows/regtest.yml
@@ -52,6 +52,8 @@ jobs:
         run: mkdir -p regtests/output && chmod 777 regtests/output && chmod 
777 regtests/t_*/ref/*
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
               :polaris-server:assemble \
diff --git a/.github/workflows/spark_client_regtests.yml 
b/.github/workflows/spark_client_regtests.yml
index 095262a64..ec24f17da 100644
--- a/.github/workflows/spark_client_regtests.yml
+++ b/.github/workflows/spark_client_regtests.yml
@@ -55,9 +55,12 @@ jobs:
         env:
           # publishToMavenLocal causes a GH API requests, use the token for 
those requests
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: ./gradlew assemble publishToMavenLocal
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
               :polaris-server:assemble \
diff --git a/README.md b/README.md
index 0abadaf25..633fe36a7 100644
--- a/README.md
+++ b/README.md
@@ -136,6 +136,19 @@ Default configuration values can be found in 
`runtime/defaults/src/main/resource
   ```
 - See [README in `site/`](site/README.md) for more information.
 
+#### Publishing Build Scans to develocity.apache.org
+
+All authenticated builds of Apache Polaris will automatically publish build 
scans to the ASF Develocity instance at 
+[develocity.apache.org](https://develocity.apache.org/scans?search.rootProjectNames=polaris).
 
+
+CI builds originating from the `apache/polaris` repository will have access to 
the Apache organization-level secret 
+`DEVELOCITY_ACCESS_KEY` and publish build scans using the secret. CI builds 
originating from pull requests from forks 
+will not have access to the secret and will silently skip build scan 
publication.
+
+Apache committers can publish build scans from their local machine by 
+[provisioning an access 
key](https://docs.gradle.com/develocity/gradle-plugin/current/#automated_access_key_provisioning)
 
+using ASF LDAP credentials. Builds by anonymous, unauthenticated contributors 
will silently skip build scan publication.
+
 ## License
 
 Apache Polaris is under the Apache License Version 2.0. See the 
[LICENSE](LICENSE).
diff --git a/settings.gradle.kts b/settings.gradle.kts
index cbfbc3a26..fa3f02300 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -109,6 +109,11 @@ pluginManagement {
   }
 }
 
+plugins {
+  id("com.gradle.develocity") version "4.1.1"
+  id("com.gradle.common-custom-user-data-gradle-plugin") version "2.3"
+}
+
 dependencyResolutionManagement {
   repositoriesMode = RepositoriesMode.FAIL_ON_PROJECT_REPOS
   repositories {
@@ -126,3 +131,15 @@ gradle.beforeProject {
   version = baseVersion
   group = "org.apache.polaris"
 }
+
+val isCI = System.getenv("CI") != null
+
+develocity {
+  server = "https://develocity.apache.org";
+  projectId = "polaris"
+  buildScan {
+    uploadInBackground = !isCI
+    publishing.onlyIf { it.isAuthenticated }
+    obfuscation { ipAddresses { addresses -> addresses.map { _ -> "0.0.0.0" } 
} }
+  }
+}

Reply via email to