From 8c60e3efbefbf274914f842c9308f07a14087766 Mon Sep 17 00:00:00 2001 From: Clay Johnson Date: Sat, 13 Jan 2024 23:20:02 -0600 Subject: [PATCH] [ISSUE #4737] Separate codeql workflow (#4740) * Add GRADLE_ENTERPRISE_ACCESS_KEY to a couple of Gradle builds missing it * Update to most recent Gradle Enterprise Gradle Plugin * Move CodeQL verification to its own worfklow * Rename CodeQL workflow to "Analyze" * Rename "Build" workflow to "Docker" * Restore the language matrix with 'java' as the only language in ci workflow * Return the cpp/csharp language step in ci workflow * Rename CodeQL job to "Analyze" rather than "Build" --- .github/workflows/ci.yml | 18 ++--- .github/workflows/codeql.yml | 69 +++++++++++++++++++ .github/workflows/{build.yaml => docker.yaml} | 2 +- settings.gradle | 2 +- 4 files changed, 76 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/codeql.yml rename .github/workflows/{build.yaml => docker.yaml} (99%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2123d1ba36..e6018573c6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,22 +33,13 @@ jobs: matrix: os: [ ubuntu-latest, macOS-latest ] java: [ 8, 11 ] - language: ['java', 'go'] + language: ['java'] runs-on: ${{ matrix.os }} steps: - name: Checkout repository uses: actions/checkout@v3 - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - languages: ${{ matrix.language }} - - if: matrix.language == 'cpp' || matrix.language == 'csharp' name: Build C run: | @@ -67,6 +58,8 @@ jobs: - name: GenerateGrammarSource run: ./gradlew clean generateGrammarSource --parallel --daemon + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Set up JDK ${{ matrix.java }} uses: actions/setup-java@v3 @@ -85,9 +78,6 @@ jobs: env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@v2 - - name: Upload coverage report to codecov.io run: bash <(curl -s https://codecov.io/bash) || echo 'Failed to upload coverage report!' @@ -107,3 +97,5 @@ jobs: - name: Check third party dependencies run: | ./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar && sh tools/dependency-check/check-dependencies.sh && echo "Thirty party dependencies check success" + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..d8a345a39f --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,69 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: "CodeQL" + +on: + push: + branches: [ '*' ] + pull_request: + branches: [ '*' ] + +jobs: + build: + name: Analyze + strategy: + fail-fast: false + matrix: + language: ['java', 'go'] + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + languages: ${{ matrix.language }} + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + if: matrix.language == 'java' + + - name: Set up JDK 11 + uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: 11 + if: matrix.language == 'java' + + # https://docs.gradle.org/current/userguide/performance.html + - name: Build + run: ./gradlew clean assemble compileTestJava --no-build-cache --parallel --daemon + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} + if: matrix.language == 'java' + + - name: Perform CodeQL analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/build.yaml b/.github/workflows/docker.yaml similarity index 99% rename from .github/workflows/build.yaml rename to .github/workflows/docker.yaml index 68ca1799cc..ab49c8204e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/docker.yaml @@ -16,7 +16,7 @@ # specific language governing permissions and limitations # under the License. # -name: Build +name: Docker on: release: types: [released] diff --git a/settings.gradle b/settings.gradle index 3e8647cf0e..645e6fb365 100644 --- a/settings.gradle +++ b/settings.gradle @@ -16,7 +16,7 @@ */ plugins { - id 'com.gradle.enterprise' version '3.15.1' + id 'com.gradle.enterprise' version '3.16.1' id 'com.gradle.common-custom-user-data-gradle-plugin' version '1.12.1' }