Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PR Testing: Build Performance (CI Refactor) #16

Draft
wants to merge 15 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
204 changes: 204 additions & 0 deletions .github/workflows/ci.build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
# Guava GitHub CI
# ---------------------------------------------------------------------------------------------------------------------
# This is the main CI build on GitHub for the Google Guava project. This workflow is not invoked directly; instead, the
# `on.pr.yml` and `on.push.yml` workflows kick in on PR and push events, respectively, and call this workflow as a
# Reusable Workflow.
#
# This workflow can be tested independently of the entrypoint flow through the `workflow_dispatch` hook, which adds a
# button within the UI of the GitHub repository. You can trigger the workflow from here:
#
# https://github.com/google/guava/actions/workflows/ci.build.yml
#
# ## Inputs
#
# See the set of input parameters underneath the `workflow_call` and `workflow_dispatch` hooks for ways this workflow
# can be controlled when called.
#
# ## SLSA Provenance
#
# After building Guava in both JRE and Android variants, this workflow will (if enabled) generate provenance material
# and upload it to an associated release. Learn more about SLSA here: https://slsa.dev.

name: Build

on:
workflow_call:
inputs:
provenance:
type: boolean
description: "Provenance"
default: false
provenance_publish:
type: boolean
description: "Publish: Provenance"
default: true
snapshot:
type: boolean
description: "Publish: Snapshot"
default: false
repository:
type: string
description: "Publish Repository"
default: "sonatype-nexus-snapshots"

workflow_dispatch:
inputs:
provenance:
type: boolean
description: "Provenance"
default: false
provenance_publish:
type: boolean
description: "Publish: Provenance"
default: false
snapshot:
type: boolean
description: "Publish: Snapshot"
default: true
repository:
type: string
description: "Publish Repository"
default: "sonatype-nexus-snapshots"

permissions:
contents: read

jobs:
build:
strategy:
fail-fast: false
matrix:
mode: ["JRE", "Android"]
name: "Build Guava (${{ matrix.mode }})"
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
env:
ROOT_POM: ${{ matrix.mode == 'Android' && 'android/pom.xml' || 'pom.xml' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.azul.com:443
api.github.com:443
cdn.azul.com:443
dl.google.com:443
docs.oracle.com:443
errorprone.info:443
github.com:443
objects.githubusercontent.com:443
oss.sonatype.org:443
repo.maven.apache.org:443
services.gradle.org:443
- name: 'Check out repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: 'Set up JDK 11'
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: 11
distribution: 'zulu'
cache: 'maven'
- name: 'Install'
shell: bash
run: ./mvnw --strict-checksums -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn install -U -DskipTests=true -f $ROOT_POM
- name: Generate hashes
shell: bash
id: hash
if: matrix.mode == 'JRE'
run: |
echo "Building SLSA provenance material..."
ls guava/target/*.jar guava-gwt/target/*.jar guava-testlib/target/*.jar
echo "hashes=$(sha256sum guava/target/*.jar guava-gwt/target/*.jar guava-testlib/target/*.jar | base64 -w0)" >> ./provenance-hashes.txt
cat ./provenance-hashes.txt >> "$GITHUB_OUTPUT"
echo "Gathered provenance hashes:"
cat ./provenance-hashes.txt
- name: 'Upload artifacts'
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
if: matrix.mode == 'JRE'
with:
name: guava-artifacts-${{ matrix.mode == 'Android' && 'android' || 'jre' }}-${{ github.sha }}
path: |
guava/target/*.jar
guava-gwt/target/*.jar
guava-testlib/target/*.jar
./provenance-hashes.txt
if-no-files-found: warn
retention-days: 7

# Generate SLSA provenance
provenance:
needs: [build]
if: inputs.provenance
name: "SLSA Provenance"
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
permissions:
actions: read
id-token: write
contents: write
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
upload-assets: ${{ inputs.provenance_publish }}

# Publish snapshot JAR
publish_snapshot:
name: 'Publish Snapshot'
needs: [build, provenance]
if: inputs.snapshot
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: 'Check out repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Set up JDK 11'
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: 11
distribution: 'zulu'
server-id: ${{ inputs.repository }}
server-username: CI_DEPLOY_USERNAME
server-password: CI_DEPLOY_PASSWORD
cache: 'maven'
- name: "Download artifacts"
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: guava-artifacts-jre-${{ github.sha }}
- name: 'Publish'
env:
CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}
CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
run: ./util/deploy_snapshot.sh

generate_docs:
permissions:
contents: write
name: 'Generate Docs'
needs: build
if: github.event_name == 'push' && github.repository == 'google/guava'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: 'Check out repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Set up JDK 11'
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: 11
distribution: 'zulu'
cache: 'maven'
- name: 'Generate latest docs'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./util/update_snapshot_docs.sh
97 changes: 97 additions & 0 deletions .github/workflows/ci.test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
# Guava GitHub CI
# ---------------------------------------------------------------------------------------------------------------------
# This is the main CI testsuite on GitHub for the Google Guava project. This workflow is not invoked directly; instead,
# the `on.pr.yml` and `on.push.yml` workflows kick in on PR and push events, respectively, and call this workflow as a
# Reusable Workflow.
#
# This workflow can be tested independently of the entrypoint flow through the `workflow_dispatch` hook, which adds a
# button within the UI of the GitHub repository. You can trigger the workflow from here:
#
# https://github.com/google/guava/actions/workflows/ci.test.yml
#
# ## Inputs
#
# See the set of input parameters underneath the `workflow_call` and `workflow_dispatch` hooks for ways this workflow
# can be controlled when called.
#
# ## Multi-OS and Multi-JVM Testing
#
# Guava is tested against each LTS release at JDK 8 through JDK 21, on Linux and on Windows (starting at JDK 17), and
# in Android and JRE flavors.

name: Tests

on:
workflow_call: {}
workflow_dispatch: {}

permissions:
contents: read

jobs:
test:
permissions:
contents: read # for actions/checkout to fetch code
name: "JDK ${{ matrix.java }} ${{ matrix.mode }} (${{ matrix.os }})"
strategy:
matrix:
os: [ ubuntu-latest ]
java: [ 8, 11, 17 ]
mode: [ 'JRE', 'Android' ]
include:
- os: windows-latest
java: 17
mode: JRE
root-pom: pom.xml
- os: windows-latest
java: 17
mode: Android
root-pom: pom.xml
runs-on: ${{ matrix.os }}
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
env:
ROOT_POM: ${{ matrix.root-pom == 'Android' && 'android/pom.xml' || 'pom.xml' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.azul.com:443
api.github.com:443
cdn.azul.com:443
dl.google.com:443
docs.oracle.com:443
errorprone.info:443
github.com:443
objects.githubusercontent.com:443
oss.sonatype.org:443
repo.maven.apache.org:443
services.gradle.org:443
- name: 'Check out repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: 'Set up JDK ${{ matrix.java }}'
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
cache: 'maven'
- name: 'Install'
shell: bash
run: ./mvnw --strict-checksums -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn install -U -DskipTests=true -f $ROOT_POM
- name: 'Test'
shell: bash
run: ./mvnw --strict-checksums -B -P!standard-with-extra-repos verify -U -Dmaven.javadoc.skip=true -f $ROOT_POM
- name: 'Print Surefire reports'
# Note: Normally a step won't run if the job has failed, but this causes it to
if: ${{ failure() }}
shell: bash
run: ./util/print_surefire_reports.sh
- name: 'Integration Test'
if: matrix.java == 11
shell: bash
run: util/gradle_integration_tests.sh
Loading
Loading