forked from hyperledger/besu
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
customize checks and release actions for lacchain
* customize release workflow * add release trigger with workflow dispatch * fix docker variants to just openjdk-17 * add workflow to create binaries with java-17 * add lacchain dco * add codeql * fix codeql Signed-off-by: eum602 <eum602@gmail.com>
- Loading branch information
Showing
6 changed files
with
179 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| name: release lacchain-besu binary | ||
| on: | ||
| release: | ||
| types: [created] | ||
| jobs: | ||
| binaryPromoteX64: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| packages: write | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: 'temurin' | ||
| java-version: '17' | ||
|
|
||
| - name: Setup Gradle | ||
| uses: gradle/gradle-build-action@v2 | ||
| - name: Build with Gradle | ||
| run: ./gradlew build -x test --no-daemon | ||
|
|
||
| - name: Upload the artifacts | ||
| uses: skx/github-action-publish-binaries@master | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| args: 'build/distributions/*' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| name: lacchain-checks | ||
| on: | ||
| push: | ||
| branches: [lacchain_release] | ||
| pull_request: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| spotless: | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.actor != 'dependabot[bot]' }} | ||
| steps: | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v3 | ||
| - name: Set up Java | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: adopt | ||
| java-version: 17 | ||
| cache: gradle | ||
| - name: spotless | ||
| run: ./gradlew --no-daemon --parallel clean spotlessCheck | ||
| javadoc_17: | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.actor != 'dependabot[bot]' }} | ||
| steps: | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v3 | ||
| - name: Set up Java 17 | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: adopt | ||
| java-version: 17 | ||
| cache: gradle | ||
| - name: javadoc (JDK 17) | ||
| run: ./gradlew --no-daemon clean javadoc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| name: "Lacchain CodeQL" | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ lacchain_release ] | ||
| pull_request: | ||
| branches: [ lacchain_release ] | ||
| paths-ignore: | ||
| - '**/*.json' | ||
| - '**/*.md' | ||
| - '**/*.properties' | ||
| - '**/*.txt' | ||
| workflow_dispatch: | ||
| jobs: | ||
| analyze: | ||
| name: Analyze | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| language: [ 'java' ] | ||
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | ||
| # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up Java | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: adopt | ||
| java-version: 17 | ||
|
|
||
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v2 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| queries: security-and-quality,security-extended | ||
|
|
||
| # Autobuild failed (OOM) | ||
| # Hence, supply memory args for gradle build | ||
| - run: | | ||
| JAVA_OPTS="-Xmx1000M" ./gradlew --no-scan compileJava | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| name: lacchain-dco | ||
| on: | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| dco: | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.actor != 'dependabot[bot]' }} | ||
| steps: | ||
| - run: echo "This DCO job runs on pull_request event and workflow_dispatch" | ||
| - name: Get PR Commits | ||
| id: 'get-pr-commits' | ||
| uses: tim-actions/get-pr-commits@v1.2.0 | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: DCO Check | ||
| uses: tim-actions/dco@v1.1.0 | ||
| with: | ||
| commits: ${{ steps.get-pr-commits.outputs.commits }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| name: release lacchain-besu docker | ||
| on: | ||
| release: | ||
| types: released | ||
| workflow_dispatch: | ||
| env: | ||
| REGISTRY: ghcr.io | ||
| jobs: | ||
| dockerPromoteX64: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: 'temurin' # See 'Supported distributions' for available options | ||
| java-version: '17' | ||
| - name: Log in to the Container registry | ||
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Setup Gradle | ||
| uses: gradle/gradle-build-action@v2 | ||
| - name: Build docker image | ||
| env: | ||
| architecture: "amd64" | ||
| dockerVariants: "openjdk-17" | ||
| run: ./gradlew --no-daemon "-PdockerVariants=${{ env.dockerVariants }}" "-Prelease.releaseVersion=${{ github.ref_name }}" "-PdockerArtifactName=lacchain-besu" "-PdockerOrgName=${{ env.REGISTRY }}/lacchain" dockerUpload -x test -x :ethereum:evmtool:dockerUpload |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| name: "Lacchain Validate Gradle Wrapper" | ||
| on: [push, pull_request] | ||
|
|
||
| jobs: | ||
| validation: | ||
| name: "Gradle Wrapper Validation" | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: gradle/wrapper-validation-action@v1 |