Standardize project build before publication

openrewrite · Jul 15, 2024 · f77fb3a · f77fb3a
1 parent 8374ab2
commit f77fb3a
Show file tree

Hide file tree

Showing 21 changed files with 135 additions and 249 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,49 +10,20 @@ on:
   pull_request:
     branches:
       - main
+  workflow_dispatch: {}
+  schedule:
+    - cron: 0 17 * * *
 
-env:
-  GRADLE_OPTS: '-Dorg.gradle.jvmargs="-Xmx2048m -XX:+HeapDumpOnOutOfMemoryError"'
-  GRADLE_SWITCHES: '--console=plain --info --stacktrace'
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   build:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ["ubuntu-latest"]
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - uses: gradle/actions/wrapper-validation@v3
-      - name: set-up-jdk
-        uses: actions/setup-java@v4
-        with:
-          distribution: zulu
-          java-version: 17
-      - name: build
-        uses: gradle/actions/setup-gradle@v3
-        with:
-          arguments: ${{ env.GRADLE_SWITCHES }} build test
-
-  publish-snapshots:
-    needs: [build]
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push'
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: set-up-jdk
-        uses: actions/setup-java@v4
-        with:
-          distribution: zulu
-          java-version: 17
-      - name: publish-snapshots
-        uses: gradle/actions/setup-gradle@v3
-        if: github.event_name == 'push'
-        timeout-minutes: 30
-        with:
-          arguments: ${{ env.GRADLE_SWITCHES }} snapshot
+    uses: openrewrite/gh-automation/.github/workflows/ci-gradle.yml@main
+    secrets:
+      gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
+      ossrh_username: ${{ secrets.OSSRH_USERNAME }}
+      ossrh_token: ${{ secrets.OSSRH_TOKEN }}
+      ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }}
+      ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }}
diff --git a/.github/workflows/comment-pr.yml b/.github/workflows/comment-pr.yml
@@ -1,59 +1,15 @@
-# Description: This workflow is triggered when the `receive-pr` workflow completes to post suggestions on the PR.
-# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
-# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
----
 name: comment-pr
 
+# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
 on:
   workflow_run:
     workflows: ["receive-pr"]
     types:
       - completed
 
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
 jobs:
   post-suggestions:
-    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-a-workflow-based-on-the-conclusion-of-another-workflow
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      pull-requests: write
-    env:
-      # https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
-      ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    timeout-minutes: 10
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{github.event.workflow_run.head_branch}}
-          repository: ${{github.event.workflow_run.head_repository.full_name}}
-
-      # Download the patch
-      - uses: actions/download-artifact@v4
-        with:
-          name: patch
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          run-id: ${{ github.event.workflow_run.id }}
-      - name: Apply patch
-        run: |
-          git apply git-diff.patch --allow-empty
-          rm git-diff.patch
-
-      # Download the PR number
-      - uses: actions/download-artifact@v4
-        with:
-          name: pr_number
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          run-id: ${{ github.event.workflow_run.id }}
-      - name: Read pr_number.txt
-        run: |
-          PR_NUMBER=$(cat pr_number.txt)
-          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
-          rm pr_number.txt
-
-      # Post suggestions as a comment on the PR
-      - uses: googleapis/code-suggester@v4
-        with:
-          command: review
-          pull_number: ${{ env.PR_NUMBER }}
-          git_dir: '.'
+    uses: openrewrite/gh-automation/.github/workflows/comment-pr.yml@main
diff --git a/.github/workflows/maven-versions-use-latest-releases.yml b/.github/workflows/maven-versions-use-latest-releases.yml
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,22 @@
+---
+name: publish
+
+on:
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+      - v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+
+
+concurrency:
+  group: publish-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  release:
+    uses: openrewrite/gh-automation/.github/workflows/publish-gradle.yml@main
+    secrets:
+      gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
+      ossrh_username: ${{ secrets.OSSRH_USERNAME }}
+      ossrh_token: ${{ secrets.OSSRH_TOKEN }}
+      ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }}
+      ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }}
diff --git a/.github/workflows/receive-pr.yml b/.github/workflows/receive-pr.yml
@@ -1,7 +1,3 @@
-# Description: This workflow runs OpenRewrite recipes against opened pull request and upload the patch.
-# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
-# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
----
 name: receive-pr
 
 on:
@@ -14,47 +10,8 @@ concurrency:
   group: '${{ github.workflow }} @ ${{ github.ref }}'
   cancel-in-progress: true
 
-env:
-  GRADLE_OPTS: '-Dorg.gradle.jvmargs="-Xmx2048m -XX:+HeapDumpOnOutOfMemoryError"'
-  GRADLE_SWITCHES: '--console=plain --info --stacktrace'
-
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
 jobs:
   upload-patch:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{github.event.pull_request.head.ref}}
-          repository: ${{github.event.pull_request.head.repo.full_name}}
-      - uses: gradle/actions/wrapper-validation@v3
-      - uses: actions/setup-java@v4
-        with:
-          java-version: '21'
-          distribution: 'temurin'
-
-      # Capture the PR number
-      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
-      - name: Create pr_number.txt
-        run: echo "${{ github.event.number }}" > pr_number.txt
-      - uses: actions/upload-artifact@v4
-        with:
-          name: pr_number
-          path: pr_number.txt
-      - name: Remove pr_number.txt
-        run: rm -f pr_number.txt
-
-      # Execute recipes
-      - name: Apply OpenRewrite best practices
-        uses: gradle/actions/setup-gradle@v3
-        with:
-          arguments: ${{ env.GRADLE_SWITCHES }} rewriteRun -Drewrite.activeRecipe=org.openrewrite.recipes.OpenRewriteBestPractices
-
-      # Capture the diff
-      - name: Create patch
-        run: |
-          git diff | tee git-diff.patch
-      - uses: actions/upload-artifact@v4
-        with:
-          name: patch
-          path: git-diff.patch
+    uses: openrewrite/gh-automation/.github/workflows/receive-pr.yml@main
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/repository-backup.yml b/.github/workflows/repository-backup.yml
@@ -0,0 +1,18 @@
+---
+name: repository-backup
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: 0 17 * * *
+
+concurrency:
+  group: backup-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  repository-backup:
+    uses: openrewrite/gh-automation/.github/workflows/repository-backup.yml@main
+    secrets:
+      bucket_mirror_target: ${{ secrets.S3_GITHUB_REPOSITORY_BACKUPS_BUCKET_NAME }}
+      bucket_access_key_id: ${{ secrets.S3_GITHUB_REPOSITORY_BACKUPS_ACCESS_KEY_ID }}
+      bucket_secret_access_key: ${{ secrets.S3_GITHUB_REPOSITORY_BACKUPS_SECRET_ACCESS_KEY }}
diff --git a/.gitignore b/.gitignore
@@ -1,8 +1,49 @@
-build/
-target/
-.gradle/
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+replay_pid*
+
+.gradle
+**/build/
+!src/**/build/
+
+# Ignore Gradle GUI config
+gradle-app.setting
+
+# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
+!gradle-wrapper.jar
+
+# Avoid ignore Gradle wrappper properties
+!gradle-wrapper.properties
+
+# Cache of project
+.gradletasknamecache
+
+# Eclipse Gradle plugin generated files
+# Eclipse Core
+.project
+# JDT-specific (Eclipse Java Development Tools)
+.classpath
+
 .idea/
 out/
 src/main/generated/
-.vscode/
-*.iml
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties