Hi Geode Community,
I'd like to propose enabling GitHub Actions workflows for the support/1.15
branch to ensure automated testing and security scanning for maintenance
releases. Over the past week, several PRs have been submitted to this
branch for dependency updates and security fixes, but currently there are
no automated CI/CD checks running on these PRs.
Recent PRs to support/1.15 (examples):
• https://github.com/apache/geode/pull/7979
• https://github.com/apache/geode/pull/7978
• https://github.com/apache/geode/pull/7977
• These PRs include dependency bumps and security vulnerability fixes
• Without automated testing, we risk introducing regressions or
missing issues
Proposal
Enable the same GitHub Actions workflows that run on the develop branch to
also run on support/1.15:
1. gradle.yml - Comprehensive build and test suite:
• Build verification with code quality checks (spotlessCheck, rat,
checkPom, pmdMain)
• Java API compatibility checks (japicmp)
• Unit, integration, and acceptance tests
• Distributed tests for all modules (WAN, CQ, Lucene, Management,
Assembly)
2. codeql.yml - Security scanning:
• CodeQL analysis for Go, Java, JavaScript, and Python
• Weekly scheduled security scans
I've prepared PR #7980 with the necessary workflow configurations:
• PR: https://github.com/apache/geode/pull/7980
• JIRA: GEODE-10550
The workflows are configured to use Java 8 (matching the support/1.15
branch requirements with Gradle 6.8.3) rather than Java 17 used on develop.
Request for Feedback. Let's discuss if we collectively think we should run
the pipelines on the support branch? if we conclude yes, then I request
your approval on the PR #7980.
We can also discuss if we should run all tests are few categories. I'll
wait for community feedback before merging. If there are no objections,
I'll proceed with the merge.
Thanks,
Sai
