From 748a5db5da49eea3e8a378fe22aba6100ea7b03b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Vorburger=20=E2=9B=91=EF=B8=8F?= Date: Thu, 26 Oct 2023 22:33:19 +0200 Subject: [PATCH] Minor clean-up to align CodeQL & Build GitHub Actions (#2313) --- .github/workflows/build.yml | 27 ++++++++++++++++++++------- .github/workflows/codeql.yaml | 19 +++++++++++++++++++ 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9ffbca252b..22419da6dc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: "GitHub Actions: Build" +name: "Build" # Controls when the action will run. Triggers the workflow on push or pull request # events for the `master` branch @@ -22,18 +22,30 @@ on: tags: build* pull_request: + # The branches below must be a subset of the branches above branches: [ master ] + schedule: + # Run once a week (even if no new code or PRs) to detect random regressions + - cron: '12 13 * * 2' + env: # Allow precise monitoring of the save/restore of Gradle User Home by `gradle-build-action` # See https://github.com/marketplace/actions/gradle-build-action?version=v2.1.1#cache-debugging-and-analysis GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: "fhir" # change this to invalidate cache -# A workflow run is made up of one or more jobs that can run sequentially or in parallel + + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # Build will compile APK, test APK and run tests, lint, etc. build: - runs-on: ubuntu-22.04-8core + timeout-minutes: 60 + permissions: + actions: read + contents: read + + strategy: + fail-fast: false # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -49,17 +61,18 @@ jobs: # Fetch origin/master for spotless ratchet to work # https://github.com/diffplug/spotless/issues/1242 fetch-depth: 0 + - name: Setup machine uses: ./.github/actions/commonSetup - name: Spotless check - run: ./gradlew spotlessCheck --scan --stacktrace + run: ./gradlew spotlessCheck --scan --full-stacktrace - - name: Build with Gradle - run: ./gradlew build --scan --stacktrace + - name: Build (full) with Gradle + run: ./gradlew build --scan --full-stacktrace - name: Check with Gradle - run: ./gradlew check --scan --stacktrace + run: ./gradlew check --scan --full-stacktrace - name: Release artifacts to local repo run: ./gradlew publishReleasePublicationToCIRepository --scan diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 25e4197f6b..0df5358f2c 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -1,5 +1,24 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + name: "CodeQL" +# NB: This GitHub Action for https://codeql.github.com seems to be +# a bit "special"; it does not appear to be (easily) possible to just +# integrate and run this as part of the main build.yaml action; see +# https://github.com/google/android-fhir/issues/2310. + on: push: branches: [ "master" ]