-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into sschroevers/refaster-speed-up
- Loading branch information
Showing
465 changed files
with
87,255 additions
and
5,732 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| name: Build and verify | ||
| on: | ||
| pull_request: | ||
| push: | ||
| branches: [ master ] | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| build: | ||
| strategy: | ||
| matrix: | ||
| os: [ ubuntu-22.04 ] | ||
| jdk: [ 11.0.20, 17.0.8, 21.0.0 ] | ||
| distribution: [ temurin ] | ||
| experimental: [ false ] | ||
| include: | ||
| - os: macos-12 | ||
| jdk: 17.0.8 | ||
| distribution: temurin | ||
| experimental: false | ||
| - os: windows-2022 | ||
| jdk: 17.0.8 | ||
| distribution: temurin | ||
| experimental: false | ||
| runs-on: ${{ matrix.os }} | ||
| continue-on-error: ${{ matrix.experimental }} | ||
| steps: | ||
| # We run the build twice for each supported JDK: once against the | ||
| # original Error Prone release, using only Error Prone checks available | ||
| # on Maven Central, and once against the Picnic Error Prone fork, | ||
| # additionally enabling all checks defined in this project and any Error | ||
| # Prone checks available only from other artifact repositories. | ||
| - name: Check out code | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 | ||
| with: | ||
| java-version: ${{ matrix.jdk }} | ||
| distribution: ${{ matrix.distribution }} | ||
| cache: maven | ||
| - name: Display build environment details | ||
| run: mvn --version | ||
| - name: Build project against vanilla Error Prone, compile Javadoc | ||
| run: mvn -T1C install javadoc:jar | ||
| - name: Build project with self-check against Error Prone fork | ||
| run: mvn -T1C clean verify -Perror-prone-fork -Pnon-maven-central -Pself-check -s settings.xml | ||
| - name: Remove installed project artifacts | ||
| run: mvn build-helper:remove-project-artifact | ||
|
|
||
| # XXX: Enable Codecov once we "go public". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # Analyzes the code using GitHub's default CodeQL query database. | ||
| # Identified issues are registered with GitHub's code scanning dashboard. When | ||
| # a pull request is analyzed, any offending lines are annotated. See | ||
| # https://codeql.github.com for details. | ||
| name: CodeQL analysis | ||
| on: | ||
| pull_request: | ||
| push: | ||
| branches: [ master ] | ||
| schedule: | ||
| - cron: '0 4 * * 1' | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| analyze: | ||
| strategy: | ||
| matrix: | ||
| language: [ java, ruby ] | ||
| permissions: | ||
| contents: read | ||
| security-events: write | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 | ||
| with: | ||
| java-version: 17.0.8 | ||
| distribution: temurin | ||
| cache: maven | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| - name: Perform minimal build | ||
| if: matrix.language == 'java' | ||
| run: mvn -T1C clean package -DskipTests -Dverification.skip | ||
| - name: Perform CodeQL analysis | ||
| uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 | ||
| with: | ||
| category: /language:${{ matrix.language }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| name: Update `error-prone.picnic.tech` website content | ||
| on: | ||
| pull_request: | ||
| push: | ||
| branches: [ master, website ] | ||
| permissions: | ||
| contents: read | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| persist-credentials: false | ||
| - uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0 | ||
| with: | ||
| working-directory: ./website | ||
| bundler-cache: true | ||
| - name: Configure Github Pages | ||
| uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4.0.0 | ||
| - name: Generate documentation | ||
| run: ./generate-docs.sh | ||
| - name: Build website with Jekyll | ||
| working-directory: ./website | ||
| run: bundle exec jekyll build | ||
| - name: Validate HTML output | ||
| working-directory: ./website | ||
| # XXX: Drop `--disable_external true` once we fully adopted the | ||
| # "Refaster rules" terminology on our website and in the code. | ||
| run: bundle exec htmlproofer --disable_external true --check-external-hash false ./_site | ||
| - name: Upload website as artifact | ||
| uses: actions/upload-pages-artifact@0252fc4ba7626f0298f0cf00902a25c6afc77fa8 # v3.0.0 | ||
| with: | ||
| path: ./website/_site | ||
| deploy: | ||
| if: github.ref == 'refs/heads/website' | ||
| needs: build | ||
| permissions: | ||
| id-token: write | ||
| pages: write | ||
| runs-on: ubuntu-22.04 | ||
| environment: | ||
| name: github-pages | ||
| url: ${{ steps.deployment.outputs.page_url }} | ||
| steps: | ||
| - name: Deploy to GitHub Pages | ||
| id: deployment | ||
| uses: actions/deploy-pages@7a9bd943aa5e5175aeb8502edcc6c1c02d398e10 # v4.0.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # Analyzes the code base and GitHub project configuration for adherence to | ||
| # security best practices for open source software. Identified issues are | ||
| # registered with GitHub's code scanning dashboard. When a pull request is | ||
| # analyzed, any offending lines are annotated. See | ||
| # https://securityscorecards.dev for details. | ||
| name: OpenSSF Scorecard update | ||
| on: | ||
| pull_request: | ||
| push: | ||
| branches: [ master ] | ||
| schedule: | ||
| - cron: '0 4 * * 1' | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| analyze: | ||
| permissions: | ||
| contents: read | ||
| security-events: write | ||
| id-token: write | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Run OpenSSF Scorecard analysis | ||
| uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 | ||
| with: | ||
| results_file: results.sarif | ||
| results_format: sarif | ||
| publish_results: ${{ github.ref == 'refs/heads/master' }} | ||
| - name: Update GitHub's code scanning dashboard | ||
| uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 | ||
| with: | ||
| sarif_file: results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| # Performs mutation testing analysis on the files changed by a pull request and | ||
| # uploads the results. The associated PR is subsequently updated by the | ||
| # `pitest-update-pr.yml` workflow. See https://blog.pitest.org/oss-pitest-pr/ | ||
| # for details. | ||
| name: "Mutation testing" | ||
| on: | ||
| pull_request: | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| analyze-pr: | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| fetch-depth: 2 | ||
| persist-credentials: false | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 | ||
| with: | ||
| java-version: 17.0.8 | ||
| distribution: temurin | ||
| cache: maven | ||
| - name: Run Pitest | ||
| # By running with features `+GIT(from[HEAD~1]), +gitci`, Pitest only | ||
| # analyzes lines changed in the associated pull request, as GitHub | ||
| # exposes the changes unique to the PR as a single commit on top of the | ||
| # target branch. See https://blog.pitest.org/pitest-pr-setup for | ||
| # details. | ||
| run: mvn test pitest:mutationCoverage -DargLine.xmx=2048m -Dverification.skip -Dfeatures="+GIT(from[HEAD~1]), +gitci" | ||
| - name: Aggregate Pitest reports | ||
| run: mvn pitest-git:aggregate -DkilledEmoji=":tada:" -DmutantEmoji=":zombie:" -DtrailingText="Mutation testing report by [Pitest](https://pitest.org/). Review any surviving mutants by inspecting the line comments under [_Files changed_](${{ github.event.number }}/files)." | ||
| - name: Upload Pitest reports as artifact | ||
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 | ||
| with: | ||
| name: pitest-reports | ||
| path: ./target/pit-reports-ci |
Oops, something went wrong.