Skip to content

Commit

Permalink
[ISSUE apache#4720] Modernize CI license check and Enable Dependabot (a…
Browse files Browse the repository at this point in the history
…pache#4827)

* Sync changes in apache#4719

* minor change

* Only keep the artifact name

* Run `sed -i 's/-[0-9].*\.jar//g'`

* Run `sort known-dependencies.txt | uniq > known-dependencies-unique.txt`

* Allow CI to run on branches with namespace in the branch name in forked repos

* Correct typo and remove useless command

* Use `sort -u -o` instead of `uniq` to remove duplicate artifacts with different version

* Enlarge open-pull-requests-limit

* minor: polish tips

* Test apache/skywalking-eyes/dependency CI result

* Fix 'unable to find version `0.6.0`'

* See debug log to prove it works

* skywalking-eyes/dependency doesn't support gradle, test basic actions/dependency-review-action

* Add all denied licenses

* Remove redundant check

* Remove not included SPDX: ASL, RSAL

* Add a useful printAllDependencyTrees task

* Exampt safe artifact under multiple licenses

* Exempt more safe artifacts (Looks like the last of them)

* 'allow-dependencies-licenses' attribute only supports single-line text

* Add a TODO comment

* Add more file extensions for checkstyle

* Resolve some checkstyle header violations

* Add back apache/skywalking-eyes

* Fix downloaded file didn't have a `.`

* Disable Go deps update & Must pass CI before merge

* No need to force up-to-date & Auto-approve only

* Remove the slash at the end of the homepage url in Repo GitHub desc

* Skip patch updates temporarily to reduce PR noise

* Logback removed after apache@be06ef7

* Accept patch update

* Submit dependency graph

* Follow https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories

* try to sort dependency graph workflow exec seq

* `workflow_run` event will only trigger a workflow run if the workflow file is on the default branch

* Grant required permission of CodeQL

* Attempt to fix 'No dependency graph files found to submit'

* Attempt to fix 'No dependency graph files found to submit' try 2

* Attempt to fix 'No dependency graph files found to submit' try 3

* Attempt to fix 'No dependency graph files found to submit' try 4

* Try to check dependency-review

* Only check bundled dependencies

* Fix 'No snapshots were found for the head SHA' attempt 1

* Test runtimeClasspath dependencies

* Revert "Test runtimeClasspath dependencies"

This reverts commit 3de89a5.

* Try to retry 1 hr wo wait for snapshot update

* Test gradle/actions#196 (comment)

* Add todo comments

* Keep implementation and compileOnly for now

* Keep runtimeOnly deps

* [Breaking Change] Remove dependency-review-action and wait for its bugfix

* Add checkDeniedLicense into CI

* minor code optimization
  • Loading branch information
Pil0tXia authored May 17, 2024
1 parent 76035f6 commit beaa735
Show file tree
Hide file tree
Showing 25 changed files with 375 additions and 683 deletions.
6 changes: 5 additions & 1 deletion .asf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,11 @@ github:
protected_branches:
master:
required_status_checks:
strict: true
strict: false
contexts:
- dependency-review
- Build (ubuntu-latest, 8, java)
- Build (ubuntu-latest, 11, java)
required_pull_request_reviews:
dismiss_stale_reviews: true
required_approving_review_count: 2
Expand Down
42 changes: 26 additions & 16 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,39 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

version: 2
updates:
- package-ecosystem: "gradle"
directory: "/"
open-pull-requests-limit: 20
open-pull-requests-limit: 15
schedule:
interval: "weekly"
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-major"]
update-types: [ "version-update:semver-major" ]
- package-ecosystem: "gomod"
directory: "eventmesh-sdks/eventmesh-sdk-go"
schedule:
interval: "monthly"
ignore:
- dependency-name: "*"
# Disabled temporarily since the Go SDK is not integrated with CI
update-types: [ "version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch" ]
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
42 changes: 42 additions & 0 deletions .github/workflows/auto-dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

name: Dependabot Auto-approve
on: pull_request_target

permissions:
contents: write
pull-requests: write

jobs:
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
# Pull request Auto merge is not enabled for this repository
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"

- name: Approve PR
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
61 changes: 21 additions & 40 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

name: "Continuous Integration"

on:
push:
branches: [ '*' ]
branches:
- '**'
- '!dependabot/**'
pull_request:
branches: [ '*' ]
branches: [ '**' ]

jobs:
build:
Expand All @@ -33,12 +33,12 @@ jobs:
matrix:
os: [ ubuntu-latest, macOS-latest ]
java: [ 8, 11 ]
language: ['java']
language: [ 'java' ]
runs-on: ${{ matrix.os }}

steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- if: matrix.language == 'cpp' || matrix.language == 'csharp'
name: Build C
Expand All @@ -48,10 +48,10 @@ jobs:
make -C ./eventmesh-sdks/eventmesh-sdk-c
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
uses: gradle/actions/setup-gradle@v3

- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: 11
Expand All @@ -62,7 +62,7 @@ jobs:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}

- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: ${{ matrix.java }}
Expand All @@ -80,22 +80,3 @@ jobs:

- name: Upload coverage report to codecov.io
run: bash <(curl -s https://codecov.io/bash) || echo 'Failed to upload coverage report!'

license-check:
name: License Check
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Check license header
uses: apache/skywalking-eyes@main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Check third party dependencies
run: |
./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar && sh tools/dependency-check/check-dependencies.sh && echo "Thirty party dependencies check success"
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
74 changes: 74 additions & 0 deletions .github/workflows/code-scanning.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

name: 'Code Scanning'

on:
push:
branches:
- '**'
- '!dependabot/**'
pull_request:
branches: [ '**' ]

permissions:
security-events: write
contents: read

jobs:
build:
name: Analyze
strategy:
fail-fast: false
matrix:
language: [ 'java', 'go' ]
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
languages: ${{ matrix.language }}

- name: Set up JDK 11
if: matrix.language == 'java'
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: 11

- name: Setup Gradle
if: matrix.language == 'java'
uses: gradle/actions/setup-gradle@v3
with:
cache-disabled: true

- name: Build
if: matrix.language == 'java'
run: ./gradlew clean assemble compileTestJava --parallel --daemon
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}

- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@v3
69 changes: 0 additions & 69 deletions .github/workflows/codeql.yml

This file was deleted.

Loading

0 comments on commit beaa735

Please sign in to comment.