Include latest GHA changes

Signed-off-by: Simon Dudley <simon.dudley@consensys.net>
hyperledger · Apr 11, 2024 · a9c8c0c · a9c8c0c
1 parent 77ba0b5
commit a9c8c0c
Show file tree

Hide file tree

Showing 9 changed files with 169 additions and 216 deletions.
diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml
@@ -1,62 +1,26 @@
 name: acceptance-tests
 on:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     branches:
       - main
       - release-*
-  pull_request_review:
-    types: [submitted]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
 env:
   GRADLE_OPTS: "-Xmx6g -Dorg.gradle.daemon=false"
   total-runners: 16
 
 jobs:
-  shouldRun:
-    name: checks to ensure we should run
-    # necessary because there is no single PR approved event, need to check all comments/approvals/denials
-    runs-on: ubuntu-22.04
-    outputs:
-      shouldRun: ${{steps.shouldRun.outputs.result}}
-    steps:
-      - name: required check
-        id: shouldRun
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
-        env:
-          # fun fact, this changes based on incoming event, it will be different when we run this on pushes to main
-          RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
-        with:
-          script: |
-            const { RELEVANT_SHA } = process.env;
-            const { data: { statuses } } = await github.rest.repos.getCombinedStatusForRef({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              ref: RELEVANT_SHA,
-            });
-            const acceptanceTested = statuses && statuses.filter(({ context }) => context === 'accepttests-passed');
-            const alreadyRun = acceptanceTested && acceptanceTested.find(({ state }) => state === 'success') > 0;
-            const { data: reviews } = await github.rest.pulls.listReviews({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-            });
-            const approvingReviews = reviews && reviews.filter(review => review.state === 'APPROVED');
-            const shouldRun = !alreadyRun && github.actor != 'dependabot[bot]' &&  (approvingReviews.length > 0);
-            
-              console.log("tests should be run = %j", shouldRun);
-              console.log("alreadyRun = %j", alreadyRun);
-              console.log("approvingReviews = %j", approvingReviews.length);
-            
-            return shouldRun;
   acceptanceTestEthereum:
     runs-on: ubuntu-22.04
     name: "Acceptance Runner"
-    needs: shouldRun
     permissions:
       statuses: write
       checks: write
-    if: ${{ needs.shouldRun.outputs.shouldRun == 'true'}}
     strategy:
       fail-fast: true
       matrix:
@@ -81,6 +45,8 @@ jobs:
           if_no_artifact_found: true
       - name: setup gradle
         uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1
+        with:
+          cache-disabled: true
       - name: Split tests
         id: split-tests
         uses: r7kamura/split-tests-by-timings@9322bd292d9423e2bc5a65bec548901801341e3f
@@ -104,18 +70,22 @@ jobs:
         with:
           name: acceptance-node-${{matrix.runner_index}}-test-results
           path: 'acceptance-tests/tests/build/test-results/**/TEST-*.xml'
-      - name: Publish Test Report
-        uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5
-        if: (success() || failure()) # always run even if the build step fails
-        with:
-          report_paths: 'acceptance-tests/tests/build/test-results/**/TEST-*.xml'
-          annotate_only: true
   accepttests-passed:
+    name: "accepttests-passed"
     runs-on: ubuntu-22.04
     needs: [ acceptanceTestEthereum ]
     permissions:
       checks: write
       statuses: write
+    if: always()
     steps:
-      - name: consolidation
-        run: echo "consolidating statuses"
+      # Fail if any `needs` job was not a success.
+      # Along with `if: always()`, this allows this job to act as a single required status check for the entire workflow.
+      - name: Fail on workflow error
+        run: exit 1
+        if: >-
+          ${{
+            contains(needs.*.result, 'failure')
+            || contains(needs.*.result, 'cancelled')
+            || contains(needs.*.result, 'skipped')
+          }}
diff --git a/.github/workflows/artifacts.yml b/.github/workflows/artifacts.yml
@@ -1,11 +1,12 @@
 
-name: artifacts
+name: release artifacts
 
 on:
-  workflow_dispatch: 
   release:
     types:
       - prereleased
+env:
+  GRADLE_OPTS: "-Dorg.gradle.parallel=true -Dorg.gradle.caching=true"
 
 jobs:
   artifacts:
@@ -22,9 +23,11 @@ jobs:
           java-version: '17'
       - name: setup gradle
         uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1
-      - name: assemble distributions
+        with:
+          cache-disabled: true
+      - name: assemble release
         run:
-          ./gradlew -Prelease.releaseVersion=${{github.ref_name}} -Pversion=${{github.ref_name}} assemble -Dorg.gradle.parallel=true -Dorg.gradle.caching=true
+          ./gradlew -Prelease.releaseVersion=${{github.event.release.name}} -Pversion=${{github.event.release.name}} assemble
       - name: hashes
         id: hashes
         run: |
@@ -35,29 +38,19 @@ jobs:
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
         with:
           path: 'build/distributions/besu*.tar.gz'
-          name: besu-${{ github.ref_name }}.tar.gz
+          name: besu-${{ github.event.release.name }}.tar.gz
           compression-level: 0
       - name: upload zipfile
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
         with:
           path: 'build/distributions/besu*.zip'
-          name: besu-${{ github.ref_name }}.zip
+          name: besu-${{ github.event.release.name }}.zip
           compression-level: 0
-      - name: Upload Release assets
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
-        with:
-          append_body: true
-          files: |
-            build/distributions/besu*.tar.gz
-            build/distributions/besu*.zip
-          body: |
-            ${{steps.hashes.outputs.tarSha}}
-            ${{steps.hashes.outputs.zipSha}}
+
   testWindows:
     runs-on: windows-2022
     needs: artifacts
     timeout-minutes: 10
-    if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - name: Set up Java
         uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
@@ -67,13 +60,43 @@ jobs:
       - name: Download zip
         uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe
         with:
-          name: besu-${{ github.ref_name }}.zip
+          pattern: besu-*.zip
+          merge-multiple: true
       - name: test Besu
         run: |
+          dir
           unzip besu-*.zip -d besu-tmp
           cd besu-tmp
           mv besu-* ../besu
           cd ..
           besu\bin\besu.bat --help
           besu\bin\besu.bat --version
-
+  publish:
+    runs-on: ubuntu-22.04
+    needs: testWindows
+    steps:
+      - name: Download archives
+        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe
+        with:
+          pattern: besu-*
+          merge-multiple: true
+          path: 'build/distributions'
+      - name: Upload Release assets
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
+        with:
+          append_body: true
+          files: |
+            build/distributions/besu*.tar.gz
+            build/distributions/besu*.zip
+          body: |
+            ${{steps.hashes.outputs.tarSha}}
+            ${{steps.hashes.outputs.zipSha}}
+  arifactoryPublish:
+    runs-on: ubuntu-22.04
+    needs: artifacts
+    steps:
+      - name: Artifactory Publish
+        env:
+          ARTIFACTORY_USER: ${{ secrets.BESU_ARTIFACTORY_USER }}
+          ARTIFACTORY_KEY: ${{ secrets.BESU_ARTIFACTORY_TOKEN }}
+        run: ./gradlew -Prelease.releaseVersion=${{ github.event.release.name }} -Pversion=${{github.event.release.name}} artifactoryPublish
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -13,15 +13,11 @@ name: "CodeQL"
 
 on:
   workflow_dispatch:
-  push:
-    branches: [ main ]
-    pull_request:
-      branches: [ main ]
-      paths-ignore:
-        - '**/*.json'
-        - '**/*.md'
-        - '**/*.properties'
-        - '**/*.txt'
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    # expression evaluates to midnight every night
+    - cron: '0 0 * * *'
+
 jobs:
   analyze:
     name: Analyze
@@ -50,6 +46,8 @@ jobs:
 
     - name: setup gradle
       uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1
+      with:
+        cache-disabled: true
     - name: compileJava noscan
       run: |
         JAVA_OPTS="-Xmx2048M" ./gradlew --no-scan compileJava

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -19,16 +19,10 @@ jobs:
           java-version: 17
       - name: setup gradle
         uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1
-      - name: hadoLint_openj9-jdk_17
-        run: docker run --rm -i hadolint/hadolint < docker/openj9-jdk-17/Dockerfile
-      - name: hadoLint_openjdk_17
-        run: docker run --rm -i hadolint/hadolint < docker/openjdk-17/Dockerfile
-      - name: hadoLint_openjdk_17_debug
-        run: docker run --rm -i hadolint/hadolint < docker/openjdk-17-debug/Dockerfile
-      - name: hadoLint_openjdk_latest
-        run: docker run --rm -i hadolint/hadolint < docker/openjdk-latest/Dockerfile
-      - name: hadoLint_graalvm
-        run: docker run --rm -i hadolint/hadolint < docker/graalvm/Dockerfile
+        with:
+          cache-disabled: true
+      - name: hadoLint
+        run: docker run --rm -i hadolint/hadolint < docker/Dockerfile
   buildDocker:
     needs: hadolint
     permissions:
@@ -66,6 +60,8 @@ jobs:
           java-version: 17
       - name: setup gradle
         uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1
+        with:
+          cache-disabled: true
       - name: install goss
         run: |
           mkdir -p docker/reports
@@ -81,11 +77,12 @@ jobs:
         env:
           architecture: ${{ steps.prep.outputs.ARCH }}
         with:
-          arguments: testDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{github.ref_name}} -Prelease.releaseVersion=${{ github.ref_name }}
+          cache-disabled: true
+          arguments: testDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{github.event.release.name}} -Prelease.releaseVersion=${{ github.event.release.name }}
       - name: publish
         env:
           architecture: ${{ steps.prep.outputs.ARCH }}
-        run: ./gradlew --no-daemon dockerUpload -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{github.ref_name}} -Prelease.releaseVersion=${{ github.ref_name }}
+        run: ./gradlew --no-daemon dockerUpload -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{github.event.release.name}} -Prelease.releaseVersion=${{ github.event.release.name }}
   multiArch:
     needs: buildDocker
     runs-on: ubuntu-22.04
@@ -102,14 +99,16 @@ jobs:
           java-version: 17
       - name: setup gradle
         uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1
+        with:
+          cache-disabled: true
       - name: login to ${{ env.registry }}
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
         with:
           registry: ${{ env.registry }}
           username: ${{ secrets.DOCKER_USER_RW }}
           password: ${{ secrets.DOCKER_PASSWORD_RW }}
       - name: multi-arch docker
-        run: ./gradlew manifestDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{github.ref_name}} -Prelease.releaseVersion=${{ github.ref_name }}
+        run: ./gradlew manifestDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{github.event.release.name}} -Prelease.releaseVersion=${{ github.event.release.name }}
   amendNotes:
     needs: multiArch
     runs-on: ubuntu-22.04
@@ -121,4 +120,4 @@ jobs:
         with:
           append_body: true
           body: |
-            `docker pull ${{env.registry}}/${{secrets.DOCKER_ORG}}/besu:${{github.ref_name}}`
+            `docker pull ${{env.registry}}/${{secrets.DOCKER_ORG}}/besu:${{github.event.release.name}}`
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
@@ -1,58 +1,22 @@
 name: integration-tests
 on:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     branches:
       - main
       - release-*
-  pull_request_review:
-    types:
-      - submitted
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
 env:
-  GRADLE_OPTS: "-Xmx6g -Dorg.gradle.daemon=false"
+  GRADLE_OPTS: "-Xmx6g -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.caching=true"
 
 jobs:
-  shouldRun:
-    name: checks to ensure we should run
-    runs-on: ubuntu-22.04
-    outputs:
-      shouldRun: ${{steps.shouldRun.outputs.result}}
-    steps:
-      - name: required check
-        id: shouldRun
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
-        env:
-          # fun fact, this changes based on incoming event, it will be different when we run this on pushes to main
-          RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
-        with:
-          script: |
-            const { RELEVANT_SHA } = process.env;
-            const { data: { statuses } } = await github.rest.repos.getCombinedStatusForRef({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              ref: RELEVANT_SHA,
-            });
-            
-            const intTested = statuses && statuses.filter(({ context }) => context === 'integration-tests');
-            const alreadyRun = intTested && intTested.find(({ state }) => state === 'success') > 0;
-            const { data: reviews } = await github.rest.pulls.listReviews({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-            });
-            const approvingReviews = reviews && reviews.filter(review => review.state === 'APPROVED');
-            const shouldRun = !alreadyRun && github.actor != 'dependabot[bot]' && (approvingReviews.length > 0);
-
-              console.log("tests should be run = %j", shouldRun);
-              console.log("alreadyRun = %j", alreadyRun);
-              console.log("approvingReviews = %j", approvingReviews.length);
-
-            return shouldRun;
   integration-tests:
+    name: "integration-passed"
     runs-on: ubuntu-22.04
-    needs: shouldRun
-    if: ${{ needs.shouldRun.outputs.shouldRun == 'true' }}
     permissions:
       statuses: write
       checks: write
@@ -68,13 +32,9 @@ jobs:
           java-version: 17
       - name: setup gradle
         uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1
-      - name: run integration tests
-        run: ./gradlew integrationTest compileJmh -Dorg.gradle.parallel=true -Dorg.gradle.caching=true
-      - name: Publish Test Report
-        uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5
-        if: (success() || failure())
         with:
-          report_paths: '**/build/test-results/integrationTest/TEST-*.xml'
-          annotate_only: true
+          cache-disabled: true
+      - name: run integration tests
+        run: ./gradlew integrationTest compileJmh