From f77fb3a919338ca775daae55bcc15f696f72f574 Mon Sep 17 00:00:00 2001 From: Tim te Beek Date: Mon, 15 Jul 2024 11:06:26 +0200 Subject: [PATCH] Standardize project build before publication --- .github/dependabot.yml | 9 --- .github/workflows/ci.yml | 55 +++++-------------- .github/workflows/comment-pr.yml | 52 ++---------------- .../maven-versions-use-latest-releases.yml | 32 ----------- .github/workflows/publish.yml | 22 ++++++++ .github/workflows/receive-pr.yml | 49 +---------------- .github/workflows/release.yml | 39 ------------- .github/workflows/repository-backup.yml | 18 ++++++ .gitignore | 51 +++++++++++++++-- .mvn/wrapper/maven-wrapper.properties | 19 ------- README.md | 16 ++++++ build.gradle.kts | 2 +- gradle/wrapper/gradle-wrapper.properties | 2 +- .../docker/DockerImageVersion.java | 1 + .../org/openrewrite/docker/package-info.java | 2 +- .../docker/search/package-info.java | 2 +- .../docker/table/package-info.java | 2 +- .../docker/trait/package-info.java | 2 +- .../resources/META-INF/rewrite/rewrite.yml | 2 +- src/main/resources/logback.xml | 2 +- .../docker/FindDockerImagesUsedTest.java | 5 +- 21 files changed, 135 insertions(+), 249 deletions(-) delete mode 100644 .github/dependabot.yml delete mode 100644 .github/workflows/maven-versions-use-latest-releases.yml create mode 100644 .github/workflows/publish.yml delete mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/repository-backup.yml delete mode 100644 .mvn/wrapper/maven-wrapper.properties diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 040685b..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -version: 2 -updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: weekly - commit-message: - prefix: "chore(ci)" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d82d40e..379e49f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,49 +10,20 @@ on: pull_request: branches: - main + workflow_dispatch: {} + schedule: + - cron: 0 17 * * * -env: - GRADLE_OPTS: '-Dorg.gradle.jvmargs="-Xmx2048m -XX:+HeapDumpOnOutOfMemoryError"' - GRADLE_SWITCHES: '--console=plain --info --stacktrace' +concurrency: + group: ci-${{ github.ref }} + cancel-in-progress: true jobs: build: - strategy: - fail-fast: false - matrix: - os: ["ubuntu-latest"] - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: gradle/actions/wrapper-validation@v3 - - name: set-up-jdk - uses: actions/setup-java@v4 - with: - distribution: zulu - java-version: 17 - - name: build - uses: gradle/actions/setup-gradle@v3 - with: - arguments: ${{ env.GRADLE_SWITCHES }} build test - - publish-snapshots: - needs: [build] - runs-on: ubuntu-latest - if: github.event_name == 'push' - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: set-up-jdk - uses: actions/setup-java@v4 - with: - distribution: zulu - java-version: 17 - - name: publish-snapshots - uses: gradle/actions/setup-gradle@v3 - if: github.event_name == 'push' - timeout-minutes: 30 - with: - arguments: ${{ env.GRADLE_SWITCHES }} snapshot + uses: openrewrite/gh-automation/.github/workflows/ci-gradle.yml@main + secrets: + gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + ossrh_username: ${{ secrets.OSSRH_USERNAME }} + ossrh_token: ${{ secrets.OSSRH_TOKEN }} + ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }} + ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }} diff --git a/.github/workflows/comment-pr.yml b/.github/workflows/comment-pr.yml index 71d28c3..e559610 100644 --- a/.github/workflows/comment-pr.yml +++ b/.github/workflows/comment-pr.yml @@ -1,59 +1,15 @@ -# Description: This workflow is triggered when the `receive-pr` workflow completes to post suggestions on the PR. -# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code. -# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ ---- name: comment-pr +# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow on: workflow_run: workflows: ["receive-pr"] types: - completed +# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ +# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code. jobs: post-suggestions: - # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-a-workflow-based-on-the-conclusion-of-another-workflow if: ${{ github.event.workflow_run.conclusion == 'success' }} - runs-on: ubuntu-latest - permissions: - actions: read - pull-requests: write - env: - # https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token - ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - timeout-minutes: 10 - steps: - - uses: actions/checkout@v4 - with: - ref: ${{github.event.workflow_run.head_branch}} - repository: ${{github.event.workflow_run.head_repository.full_name}} - - # Download the patch - - uses: actions/download-artifact@v4 - with: - name: patch - github-token: ${{ secrets.GITHUB_TOKEN }} - run-id: ${{ github.event.workflow_run.id }} - - name: Apply patch - run: | - git apply git-diff.patch --allow-empty - rm git-diff.patch - - # Download the PR number - - uses: actions/download-artifact@v4 - with: - name: pr_number - github-token: ${{ secrets.GITHUB_TOKEN }} - run-id: ${{ github.event.workflow_run.id }} - - name: Read pr_number.txt - run: | - PR_NUMBER=$(cat pr_number.txt) - echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV - rm pr_number.txt - - # Post suggestions as a comment on the PR - - uses: googleapis/code-suggester@v4 - with: - command: review - pull_number: ${{ env.PR_NUMBER }} - git_dir: '.' + uses: openrewrite/gh-automation/.github/workflows/comment-pr.yml@main diff --git a/.github/workflows/maven-versions-use-latest-releases.yml b/.github/workflows/maven-versions-use-latest-releases.yml deleted file mode 100644 index 24bdc59..0000000 --- a/.github/workflows/maven-versions-use-latest-releases.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: maven-versions-use-latest-releases - -on: - workflow_dispatch: {} - schedule: - - cron: 0 11 * * WED - -jobs: - bump-releases: - timeout-minutes: 30 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: actions/setup-java@v4 - with: - distribution: temurin - java-version: 17 - cache: maven - server-id: ossrh - settings-path: ${{ github.workspace }} - - name: configure-git-user - run: | - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config user.name "github-actions[bot]" - - - name: maven-versions-use-latest-releases - run: | - mvn versions:use-latest-releases - git diff-index --quiet HEAD pom.xml || git commit -m "Use latest releases for Maven" pom.xml && git push origin main && rm -f pom.xml.versionsBackup diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..960455a --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,22 @@ +--- +name: publish + +on: + push: + tags: + - v[0-9]+.[0-9]+.[0-9]+ + - v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+ + +concurrency: + group: publish-${{ github.ref }} + cancel-in-progress: false + +jobs: + release: + uses: openrewrite/gh-automation/.github/workflows/publish-gradle.yml@main + secrets: + gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + ossrh_username: ${{ secrets.OSSRH_USERNAME }} + ossrh_token: ${{ secrets.OSSRH_TOKEN }} + ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }} + ossrh_signing_password: ${{ secrets.OSSRH_SIGNING_PASSWORD }} diff --git a/.github/workflows/receive-pr.yml b/.github/workflows/receive-pr.yml index 871abec..f2751ff 100644 --- a/.github/workflows/receive-pr.yml +++ b/.github/workflows/receive-pr.yml @@ -1,7 +1,3 @@ -# Description: This workflow runs OpenRewrite recipes against opened pull request and upload the patch. -# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment. -# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ ---- name: receive-pr on: @@ -14,47 +10,8 @@ concurrency: group: '${{ github.workflow }} @ ${{ github.ref }}' cancel-in-progress: true -env: - GRADLE_OPTS: '-Dorg.gradle.jvmargs="-Xmx2048m -XX:+HeapDumpOnOutOfMemoryError"' - GRADLE_SWITCHES: '--console=plain --info --stacktrace' - +# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ +# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment. jobs: upload-patch: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - uses: actions/checkout@v4 - with: - ref: ${{github.event.pull_request.head.ref}} - repository: ${{github.event.pull_request.head.repo.full_name}} - - uses: gradle/actions/wrapper-validation@v3 - - uses: actions/setup-java@v4 - with: - java-version: '21' - distribution: 'temurin' - - # Capture the PR number - # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow - - name: Create pr_number.txt - run: echo "${{ github.event.number }}" > pr_number.txt - - uses: actions/upload-artifact@v4 - with: - name: pr_number - path: pr_number.txt - - name: Remove pr_number.txt - run: rm -f pr_number.txt - - # Execute recipes - - name: Apply OpenRewrite best practices - uses: gradle/actions/setup-gradle@v3 - with: - arguments: ${{ env.GRADLE_SWITCHES }} rewriteRun -Drewrite.activeRecipe=org.openrewrite.recipes.OpenRewriteBestPractices - - # Capture the diff - - name: Create patch - run: | - git diff | tee git-diff.patch - - uses: actions/upload-artifact@v4 - with: - name: patch - path: git-diff.patch + uses: openrewrite/gh-automation/.github/workflows/receive-pr.yml@main \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index e1c1f06..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -name: publish - -on: - push: - tags: - - v[0-9]+.[0-9]+.[0-9]+ - - v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+ - -env: - GRADLE_OPTS: '-Dorg.gradle.jvmargs="-Xmx2048m -XX:+HeapDumpOnOutOfMemoryError"' - GRADLE_SWITCHES: "-s --console=plain --info --stacktrace" - -jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: set-up-jdk - uses: actions/setup-java@v4 - with: - distribution: zulu - java-version: 17 - - - name: publish-candidate - uses: gradle/actions/setup-gradle@v3 - if: contains(github.ref, '-rc.') - timeout-minutes: 30 - with: - arguments: ${{ env.GRADLE_SWITCHES }} -Preleasing -Prelease.disableGitChecks=true -Prelease.useLastTag=true candidate publish - - - name: publish-release - uses: gradle/actions/setup-gradle@v3 - if: (!contains(github.ref, '-rc.')) - timeout-minutes: 30 - with: - arguments: ${{ env.GRADLE_SWITCHES }} -Preleasing -Prelease.disableGitChecks=true -Prelease.useLastTag=true final publish diff --git a/.github/workflows/repository-backup.yml b/.github/workflows/repository-backup.yml new file mode 100644 index 0000000..9627cb5 --- /dev/null +++ b/.github/workflows/repository-backup.yml @@ -0,0 +1,18 @@ +--- +name: repository-backup +on: + workflow_dispatch: {} + schedule: + - cron: 0 17 * * * + +concurrency: + group: backup-${{ github.ref }} + cancel-in-progress: false + +jobs: + repository-backup: + uses: openrewrite/gh-automation/.github/workflows/repository-backup.yml@main + secrets: + bucket_mirror_target: ${{ secrets.S3_GITHUB_REPOSITORY_BACKUPS_BUCKET_NAME }} + bucket_access_key_id: ${{ secrets.S3_GITHUB_REPOSITORY_BACKUPS_ACCESS_KEY_ID }} + bucket_secret_access_key: ${{ secrets.S3_GITHUB_REPOSITORY_BACKUPS_SECRET_ACCESS_KEY }} diff --git a/.gitignore b/.gitignore index bdc0db8..80cd7b4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,49 @@ -build/ -target/ -.gradle/ +# Compiled class file +*.class + +# Log file +*.log + +# BlueJ files +*.ctxt + +# Mobile Tools for Java (J2ME) +.mtj.tmp/ + +# Package Files # +*.war +*.nar +*.ear +*.zip +*.tar.gz +*.rar + +# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml +hs_err_pid* +replay_pid* + +.gradle +**/build/ +!src/**/build/ + +# Ignore Gradle GUI config +gradle-app.setting + +# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored) +!gradle-wrapper.jar + +# Avoid ignore Gradle wrappper properties +!gradle-wrapper.properties + +# Cache of project +.gradletasknamecache + +# Eclipse Gradle plugin generated files +# Eclipse Core +.project +# JDT-specific (Eclipse Java Development Tools) +.classpath + .idea/ out/ src/main/generated/ -.vscode/ -*.iml diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties deleted file mode 100644 index f95f1ee..0000000 --- a/.mvn/wrapper/maven-wrapper.properties +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -wrapperVersion=3.3.2 -distributionType=only-script -distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.8/apache-maven-3.9.8-bin.zip diff --git a/README.md b/README.md index 8bcbe8b..7b5f604 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,19 @@ +![Logo](https://github.com/openrewrite/rewrite/raw/main/doc/logo-oss.png) # Rewrite Docker Docker recipes for studying and transforming Docker usage. + +[![ci](https://github.com/openrewrite/rewrite-docker/actions/workflows/ci.yml/badge.svg)](https://github.com/openrewrite/rewrite-docker/actions/workflows/ci.yml) +[![Apache 2.0](https://img.shields.io/github/license/openrewrite/rewrite-docker.svg)](https://www.docker.org/licenses/LICENSE-2.0) +[![Maven Central](https://img.shields.io/maven-central/v/org.openrewrite.recipe/rewrite-docker.svg)](https://mvnrepository.com/artifact/org.openrewrite.recipe/rewrite-docker) +[![Revved up by Develocity](https://img.shields.io/badge/Revved%20up%20by-Develocity-06A0CE?logo=Gradle&labelColor=02303A)](https://ge.openrewrite.org/scans) + +### What is this? + +This project implements a [Rewrite module](https://github.com/openrewrite/rewrite) that performs common tasks for Docker. + +Browse [a selection of recipes available through this module in the recipe catalog](https://docs.openrewrite.org/recipes/docker). + +## Contributing + +We appreciate all types of contributions. See the [contributing guide](https://github.com/openrewrite/.github/blob/main/CONTRIBUTING.md) for detailed instructions on how to get started. diff --git a/build.gradle.kts b/build.gradle.kts index 8270758..d82d0c7 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -7,6 +7,6 @@ description = "Rewrite Docker recipes." val rewriteVersion = rewriteRecipe.rewriteVersion.get() dependencies { - implementation(platform("org.openrewrite.recipe:rewrite-recipe-bom:$rewriteVersion")) + implementation(platform("org.openrewrite:rewrite-bom:$rewriteVersion")) implementation("org.openrewrite:rewrite-core:$rewriteVersion") } diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index b82aa23..09523c0 100755 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME diff --git a/src/main/java/org/openrewrite/docker/DockerImageVersion.java b/src/main/java/org/openrewrite/docker/DockerImageVersion.java index b53e824..e9dde9d 100644 --- a/src/main/java/org/openrewrite/docker/DockerImageVersion.java +++ b/src/main/java/org/openrewrite/docker/DockerImageVersion.java @@ -25,6 +25,7 @@ public class DockerImageVersion { @Nullable String version; + @Override public String toString() { return imageName + (version != null ? ":" + version : ""); } diff --git a/src/main/java/org/openrewrite/docker/package-info.java b/src/main/java/org/openrewrite/docker/package-info.java index b8f1e8e..a3e4eea 100644 --- a/src/main/java/org/openrewrite/docker/package-info.java +++ b/src/main/java/org/openrewrite/docker/package-info.java @@ -1,5 +1,5 @@ /* - * Copyright 2020 the original author or authors. + * Copyright 2024 the original author or authors. *

* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/org/openrewrite/docker/search/package-info.java b/src/main/java/org/openrewrite/docker/search/package-info.java index 2f592af..e5c9f32 100644 --- a/src/main/java/org/openrewrite/docker/search/package-info.java +++ b/src/main/java/org/openrewrite/docker/search/package-info.java @@ -1,5 +1,5 @@ /* - * Copyright 2020 the original author or authors. + * Copyright 2024 the original author or authors. *

* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/org/openrewrite/docker/table/package-info.java b/src/main/java/org/openrewrite/docker/table/package-info.java index c35eb6f..3242c9b 100644 --- a/src/main/java/org/openrewrite/docker/table/package-info.java +++ b/src/main/java/org/openrewrite/docker/table/package-info.java @@ -1,5 +1,5 @@ /* - * Copyright 2020 the original author or authors. + * Copyright 2024 the original author or authors. *

* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/org/openrewrite/docker/trait/package-info.java b/src/main/java/org/openrewrite/docker/trait/package-info.java index 06a7b08..44e8ec1 100644 --- a/src/main/java/org/openrewrite/docker/trait/package-info.java +++ b/src/main/java/org/openrewrite/docker/trait/package-info.java @@ -1,5 +1,5 @@ /* - * Copyright 2020 the original author or authors. + * Copyright 2024 the original author or authors. *

* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/resources/META-INF/rewrite/rewrite.yml b/src/main/resources/META-INF/rewrite/rewrite.yml index cf040a8..4120624 100644 --- a/src/main/resources/META-INF/rewrite/rewrite.yml +++ b/src/main/resources/META-INF/rewrite/rewrite.yml @@ -1,5 +1,5 @@ # -# Copyright 2021 the original author or authors. +# Copyright 2024 the original author or authors. #

# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml index 0bdae2b..4a2bc3e 100644 --- a/src/main/resources/logback.xml +++ b/src/main/resources/logback.xml @@ -1,7 +1,7 @@