ci: GitHub Actions sync and M1 dependencies (#1663)

* build: Micronaut Groovy 4.0.0-M1 * build: Micronaut Serde 2.0.0-M1 * build: Micronaut Validation 4.0.0-M2 * fix equal ignore case * build: MongoDB M1 * build: use mn.micronaut.graal * checkstyle: remove import * build: Micronaut Test 4.0.0-M1 * build: add prefectProjectModules resolution strategy * ci: GitHub Actions Sync
micronaut-projects · Mar 28, 2023 · d5ac6a1 · d5ac6a1
1 parent 16f2be1
commit d5ac6a1
Show file tree

Hide file tree

Showing 7 changed files with 111 additions and 147 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -2,7 +2,7 @@
   "extends": [
     "config:base"
   ],
-  "addLabels": ["dependency-upgrade"],
+  "addLabels": ["type: dependency-upgrade"],
   "schedule": [
     "every weekend"
   ],

diff --git a/.github/workflows/graalvm.yml b/.github/workflows/graalvm.yml
@@ -3,69 +3,74 @@
 # https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows
 #
 # and edit them there. Note that it will be sync'ed to all the Micronaut repos
-name: GraalVM CE CI
+name: GraalVM Dev CI
 on:
-  push:
-    branches:
-      - master
-      - '[1-9]+.[0-9]+.x'
-  pull_request:
-    branches:
-      - master
-      - '[1-9]+.[0-9]+.x'
+  schedule:
+    - cron: "0 1 * * 1-5" # Mon-Fri at 1am UTC
+  workflow_dispatch:
 jobs:
   build:
     if: github.repository != 'micronaut-projects/micronaut-project-template'
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        graalvm: [ 'latest']
-        java: [ '17' ]
+        graalvm: [ 'dev']
+        java: ['17']
+    env:
+      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
+      GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
+      GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+      GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
+      GH_USERNAME: ${{ secrets.GH_USERNAME }}
+      TESTCONTAINERS_RYUK_DISABLED: true
+      PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
        # https://github.com/actions/virtual-environments/issues/709
-      - name: Free disk space
+      - name: "🗑 Free disk space"
         run: |
          sudo rm -rf "/usr/local/share/boost"
          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
          sudo apt-get clean
          df -h
-      - uses: actions/checkout@v3
-      - uses: actions/cache@v3
+
+      - name: "📥 Checkout repository"
+        uses: actions/checkout@v3
         with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
-      - name: Setup GraalVM CE
+          fetch-depth: 0
+
+      - name: "🔧 Setup GraalVM CE"
         uses: graalvm/setup-graalvm@v1
         with:
           version: ${{ matrix.graalvm }}
           java-version: ${{ matrix.java }}
           components: 'native-image'
           github-token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2.4.0
-      - name: Build with Gradle
+
+      - name: "🔧 Setup Gradle"
+        uses: gradle/gradle-build-action@v2
+
+      - name: "❓ Optional setup step"
+        run: |
+          [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
+
+      - name: "🛠 Build with Gradle"
         id: gradle
         run: |
-          if ./gradlew tasks --no-daemon --all | grep -w "testNativeImage"
-          then
-            ./gradlew check testNativeImage --continue --no-daemon
-          else
-            ./gradlew check --continue --no-daemon
-          fi
-        env:
-           TESTCONTAINERS_RYUK_DISABLED: true
-           GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
-           GH_USERNAME: ${{ secrets.GH_USERNAME }}
-           GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-           GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
-           GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-           PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
-      - name: Publish Test Report
+          ./gradlew check --no-daemon --continue
+
+      - name: "📊 Publish Test Report"
         if: always()
-        uses: mikepenz/action-junit-report@v3.7.5
+        uses: mikepenz/action-junit-report@v3
         with:
-          check_name: GraalVM CE CI / Test Report (Java ${{ matrix.java }})
+          check_name: Java CI / Test Report (${{ matrix.java }})
           report_paths: '**/build/test-results/test/TEST-*.xml'
           check_retries: 'true'
+
+      - name: "📜 Upload binary compatibility check results"
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: binary-compatibility-reports
+          path: "**/build/reports/binary-compatibility-*.html"
+
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -19,74 +19,88 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
+        graalvm: [ 'latest']
         java: ['17']
+    env:
+      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
+      GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
+      GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+      GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
+      GH_USERNAME: ${{ secrets.GH_USERNAME }}
+      TESTCONTAINERS_RYUK_DISABLED: true
+      PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
        # https://github.com/actions/virtual-environments/issues/709
-      - name: Free disk space
+      - name: "🗑 Free disk space"
         run: |
          sudo rm -rf "/usr/local/share/boost"
          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
          sudo apt-get clean
          df -h
-      - uses: actions/checkout@v3
-      - name: Set up JDK
-        uses: actions/setup-java@v3
+
+      - name: "📥 Checkout repository"
+        uses: actions/checkout@v3
         with:
-          distribution: 'temurin'
+          fetch-depth: 0
+
+      - name: "🔧 Setup GraalVM CE"
+        uses: graalvm/setup-graalvm@v1
+        with:
+          version: ${{ matrix.graalvm }}
           java-version: ${{ matrix.java }}
-      - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2.4.0
-      - name: Optional setup step
-        env:
-          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-          GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
-          GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+          components: 'native-image'
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: "🔧 Setup Gradle"
+        uses: gradle/gradle-build-action@v2
+
+      - name: "❓ Optional setup step"
         run: |
-          [ -f ./setup.sh ] && ./setup.sh || true
-      - name: Build with Gradle
+          [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
+
+      - name: "🛠 Build with Gradle"
         id: gradle
         run: |
-          ./gradlew check --no-daemon --parallel --continue
-        env:
-           GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
-           GH_USERNAME: ${{ secrets.GH_USERNAME }}
-           TESTCONTAINERS_RYUK_DISABLED: true
-           GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-           GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
-           GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
-           PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
-      - name: Publish Test Report
+          ./gradlew check --no-daemon --continue
+
+      - name: "🔎 Run static analysis"
+        if: env.SONAR_TOKEN != ''
+        run: |
+          ./gradlew sonar
+
+      - name: "📊 Publish Test Report"
         if: always()
-        uses: mikepenz/action-junit-report@v3.7.5
+        uses: mikepenz/action-junit-report@v3
         with:
           check_name: Java CI / Test Report (${{ matrix.java }})
           report_paths: '**/build/test-results/test/TEST-*.xml'
           check_retries: 'true'
+
       - name: "📜 Upload binary compatibility check results"
         if: always()
         uses: actions/upload-artifact@v3
         with:
           name: binary-compatibility-reports
           path: "**/build/reports/binary-compatibility-*.html"
-      - name: Publish to Sonatype Snapshots
+
+      - name: "📦 Publish to Sonatype Snapshots"
         if: success() && github.event_name == 'push' && matrix.java == '17'
         env:
-          GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
-          GH_USERNAME: ${{ secrets.GH_USERNAME }}        
           SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
           SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
-          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-          GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
-          GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
         run: ./gradlew publishToSonatype docs --no-daemon
-      - name: Determine docs target repository
+
+      - name: "❓ Determine docs target repository"
         uses: haya14busa/action-cond@v1
         id: docs_target
         with:
           cond: ${{ github.repository == 'micronaut-projects/micronaut-core' }}
           if_true: "micronaut-projects/micronaut-docs"
           if_false: ${{ github.repository }}
-      - name: Publish to Github Pages
+
+      - name: "📑 Publish to Github Pages"
         if: success() && github.event_name == 'push' && matrix.java == '17'
         uses: micronaut-projects/github-pages-deploy-action@master
         env:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -66,13 +66,13 @@ jobs:
           # Store the hash in a file, which is uploaded as a workflow artifact.
           echo $(sha256sum $ARTIFACTS | base64 -w0) > artifacts-sha256
       - name: Upload build artifacts
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@v3
         with:
           name: gradle-build-outputs
           path: build/repo/${{ steps.publish.outputs.group }}/*/${{ steps.publish.outputs.version }}/*
           retention-days: 5
       - name: Upload artifacts-sha256
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@v3
         with:
           name: artifacts-sha256
           path: artifacts-sha256
@@ -130,7 +130,7 @@ jobs:
       artifacts-sha256: ${{ steps.set-hash.outputs.artifacts-sha256 }}
     steps:
       - name: Download artifacts-sha256
-        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+        uses: actions/download-artifact@v3
         with:
           name: artifacts-sha256
       # The SLSA provenance generator expects the hash digest of artifacts to be passed as a job
@@ -161,18 +161,18 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/')
     steps:
       - name: Checkout repository
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - name: Download artifacts
-        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: gradle-build-outputs
           path: build/repo
+      - name: Create artifacts archive
+        shell: bash
+        run: find build/repo -regextype sed -regex '\(.*\.jar\|.*\.pom\|.*\.module\|.*\.toml\)' | xargs zip artifacts.zip
       - name: Upload assets
-        # Upload the artifacts and SLSA L3 provenance as assets to the existing
-        # release. Note that the provenance will attest to each artifact file and
-        # not the aggregated ZIP file.
-        run: |
-          find build/repo -regextype sed -regex '\(.*\.jar\|.*\.pom\|.*\.module\|.*\.toml\)' | xargs zip artifacts.zip
-          gh release upload ${{ github.ref_name }} artifacts.zip
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # Upload the artifacts to the existing release. Note that the SLSA provenance will
+        # attest to each artifact file and not the aggregated ZIP file.
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        with:
+          files: artifacts.zip
diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -8,3 +8,8 @@ repositories {
     mavenCentral()
     maven(url = "https://s01.oss.sonatype.org/content/repositories/snapshots/")
 }
+configurations.all {
+    resolutionStrategy {
+        preferProjectModules()
+    }
+}
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -2,7 +2,7 @@
 
 micronaut = "4.0.0-M1"
 micronaut-docs = "2.0.0"
-micronaut-test = "4.0.0-SNAPSHOT"
+micronaut-test = "4.0.0-M1"
 groovy = "4.0.10"
 spock = "2.3-groovy-4.0"