diff --git a/.github/workflows/auto-merge-deps.yml b/.github/workflows/auto-merge-deps.yml deleted file mode 100644 index fc925e140c11..000000000000 --- a/.github/workflows/auto-merge-deps.yml +++ /dev/null @@ -1,56 +0,0 @@ -# This workflow will auto merge a PR authored by dependabot[bot]. It runs only on open PRs ready for -# review. -# -# It will merge the PR only if: it is authored by dependabot[bot], is a patch semantic update, and -# all CI checks are successful (ignoring the soon-to-be-removed Jenkins check). -# -# The workflow is divided into multiple sequential jobs to allow giving only minimal permissions to -# the GitHub token passed around. -# -# Once we're using the merge queue feature, I think we can simplify this workflow a lot by relying -# on dependabot merging PRs via its commands, as it will always wait for checks to be green before -# merging. -name: Dependabot auto-merge updates -on: - pull_request: - types: - - ready_for_review - - opened - - reopened - - synchronize - -permissions: - checks: read - pull-requests: write - -jobs: - auto-merge: - name: Auto-merge dependabot PRs - runs-on: ubuntu-latest - if: ${{ github.repository == 'camunda/zeebe' && github.actor == 'dependabot[bot]' }} - steps: - - uses: actions/checkout@v3 - - id: metadata - name: Fetch dependency metadata - uses: dependabot/fetch-metadata@v1.3.3 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - id: await-tests - name: Wait until select checks are green - # change this condition if you wish to merge other type of version updates - if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }} - uses: 'lewagon/wait-on-check-action@v1.1.2' - with: - ref: ${{ github.event.pull_request.head.sha }} - repo-token: "${{ secrets.GITHUB_TOKEN }}" - wait-interval: 30 - check-regexp: '(Test summary)|(Java checks)|(Go linting)|(Docker checks)|(CodeQL)' - allowed-conclusions: success,skipped - verbose: true - - id: approve-and-merge - name: Approve and merge PR - # required to skip if the previous step was also skipped - if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }} - run: gh pr review ${{ github.event.pull_request.number }} --approve -b "bors merge" - env: - GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}" diff --git a/.github/workflows/test.yml b/.github/workflows/ci.yml similarity index 69% rename from .github/workflows/test.yml rename to .github/workflows/ci.yml index bbc5a2ef9d09..187a37bad503 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,9 @@ -name: Tests +name: CI on: push: branches: + - main - stable/* - release-* - trying @@ -385,10 +386,10 @@ jobs: REVISION: ${{ github.sha }} VERSION: ${{ steps.build-docker.outputs.version }} run: ${PWD}/docker/test/verify.sh '${{ steps.build-docker.outputs.image }}' - # Used by bors to check all tests, including the unit test matrix. - # New test jobs must be added to the `needs` lists! - # This name is hard-referenced from bors.toml; remember to update that if this name changes test-summary: + # Used by bors to check all tests, including the unit test matrix. + # New test jobs must be added to the `needs` lists! + # This name is hard-referenced from bors.toml; remember to update that if this name changes name: Test summary runs-on: ubuntu-latest needs: @@ -405,11 +406,10 @@ jobs: - docker-checks steps: - run: exit 0 - - # We need to upload the event file as an artifact in order to support - # publishing the results of forked repositories - # https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches event_file: + # We need to upload the event file as an artifact in order to support + # publishing the results of forked repositories + # https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches name: "Event File" runs-on: ubuntu-latest needs: @@ -428,3 +428,140 @@ jobs: name: Event File path: ${{ github.event_path }} retention-days: 1 + deploy-snapshots: + name: Deploy snapshot artifacts + needs: [ test-summary ] + runs-on: ubuntu-latest + if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main' + concurrency: + group: deploy-maven-snapshot + cancel-in-progress: false + steps: + - uses: actions/checkout@v3 + - name: Import Secrets + id: secrets + uses: hashicorp/vault-action@v2.4.2 + with: + url: ${{ secrets.VAULT_ADDR }} + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + secret/data/products/zeebe/ci/zeebe ARTIFACTS_USR; + secret/data/products/zeebe/ci/zeebe ARTIFACTS_PSW; + - uses: actions/setup-java@v3.5.1 + with: + distribution: 'temurin' + java-version: '17' + server-id: camunda-nexus + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + # compile and generate-sources to ensure that the Javadoc can be properly generated; compile is + # necessary when using annotation preprocessors for code generation, as otherwise the symbols are + # not resolve-able by the Javadoc generator + - run: mvn -B -D skipTests -D skipChecks compile generate-sources source:jar javadoc:jar deploy + env: + MAVEN_USERNAME: ${{ steps.secrets.outputs.ARTIFACTS_USR }} + MAVEN_PASSWORD: ${{ steps.secrets.outputs.ARTIFACTS_PSW }} + deploy-docker-snapshot: + name: Deploy snapshot Docker image + needs: [ test-summary ] + runs-on: ubuntu-latest + if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main' + concurrency: + group: deploy-docker-snapshot + cancel-in-progress: false + steps: + - uses: actions/checkout@v3 + - name: Import Secrets + id: secrets + uses: hashicorp/vault-action@v2.4.2 + with: + url: ${{ secrets.VAULT_ADDR }} + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + secret/data/products/zeebe/ci/zeebe REGISTRY_HUB_DOCKER_COM_USR; + secret/data/products/zeebe/ci/zeebe REGISTRY_HUB_DOCKER_COM_PSW; + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_USR }} + password: ${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_PSW }} + - uses: ./.github/actions/setup-zeebe + - uses: ./.github/actions/build-zeebe + id: build-zeebe + - uses: ./.github/actions/build-docker + id: build-docker + with: + repository: camunda/zeebe + version: SNAPSHOT + push: true + distball: ${{ steps.build-zeebe.outputs.distball }} + notify-if-failed: + name: Send slack notification on build failure + runs-on: ubuntu-latest + needs: [ test-summary, deploy-snapshots, deploy-docker-snapshot ] + if: failure() && github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main' + steps: + - id: slack-notify + name: Send slack notification + uses: slackapi/slack-github-action@v1.22.0 + with: + # For posting a rich message using Block Kit + payload: | + { + "text": ":alarm: Build on `main` failed! :alarm:\n${{ github.event.head_commit.url }}", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": ":alarm: Build on `main` failed! :alarm:" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Please check the related commit: ${{ github.event.head_commit.url }}\n \\cc @zeebe-medic" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + auto-merge: + # This workflow will auto merge a PR authored by dependabot[bot]. It runs only on open PRs ready for + # review. + # + # It will merge the PR only if: it is authored by dependabot[bot], is a patch semantic update, and + # all CI checks are successful (ignoring the soon-to-be-removed Jenkins check). + # + # The workflow is divided into multiple sequential jobs to allow giving only minimal permissions to + # the GitHub token passed around. + # + # Once we're using the merge queue feature, I think we can simplify this workflow a lot by relying + # on dependabot merging PRs via its commands, as it will always wait for checks to be green before + # merging. + name: Auto-merge dependabot PRs + runs-on: ubuntu-latest + needs: [ test-summary ] + if: github.repository == 'camunda/zeebe' && github.actor == 'dependabot[bot]' + permissions: + checks: read + pull-requests: write + steps: + - id: metadata + name: Fetch dependency metadata + uses: dependabot/fetch-metadata@v1.3.4 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - id: approve-and-merge + name: Approve and merge PR + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + run: gh pr review ${{ github.event.pull_request.number }} --approve -b "bors merge" + env: + GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index e51e78501d16..000000000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Deploy - -on: - push: - branches: - - main - workflow_dispatch: { } - -# Sequence deployment of artifacts on pushes to ensure ordering, e.g. SNAPSHOT is always the latest -# commit -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: false - -jobs: - tests: - name: Tests - uses: ./.github/workflows/test.yml - secrets: inherit - - deploy-snapshots: - name: Deploy snapshot artifacts - needs: [ tests ] - runs-on: ubuntu-latest - if: github.repository == 'camunda/zeebe' - concurrency: deploy-snapshots - steps: - - uses: actions/checkout@v3 - - name: Import Secrets - id: secrets - uses: hashicorp/vault-action@v2.4.2 - with: - url: ${{ secrets.VAULT_ADDR }} - method: approle - roleId: ${{ secrets.VAULT_ROLE_ID }} - secretId: ${{ secrets.VAULT_SECRET_ID }} - secrets: | - secret/data/products/zeebe/ci/zeebe ARTIFACTS_USR; - secret/data/products/zeebe/ci/zeebe ARTIFACTS_PSW; - - uses: actions/setup-java@v3.5.0 - with: - distribution: 'temurin' - java-version: '17' - server-id: camunda-nexus - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - # compile and generate-sources to ensure that the Javadoc can be properly generated; compile is - # necessary when using annotation preprocessors for code generation, as otherwise the symbols are - # not resolve-able by the Javadoc generator - - run: mvn -B -D skipTests -D skipChecks compile generate-sources source:jar javadoc:jar deploy - env: - MAVEN_USERNAME: ${{ steps.secrets.outputs.ARTIFACTS_USR }} - MAVEN_PASSWORD: ${{ steps.secrets.outputs.ARTIFACTS_PSW }} - - deploy-docker-snapshot: - name: Deploy snapshot Docker image - needs: [ tests ] - runs-on: ubuntu-latest - if: github.repository == 'camunda/zeebe' - steps: - - uses: actions/checkout@v3 - - name: Import Secrets - id: secrets - uses: hashicorp/vault-action@v2.4.2 - with: - url: ${{ secrets.VAULT_ADDR }} - method: approle - roleId: ${{ secrets.VAULT_ROLE_ID }} - secretId: ${{ secrets.VAULT_SECRET_ID }} - secrets: | - secret/data/products/zeebe/ci/zeebe REGISTRY_HUB_DOCKER_COM_USR; - secret/data/products/zeebe/ci/zeebe REGISTRY_HUB_DOCKER_COM_PSW; - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_USR }} - password: ${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_PSW }} - - uses: ./.github/actions/setup-zeebe - - uses: ./.github/actions/build-zeebe - id: build-zeebe - - uses: ./.github/actions/build-docker - id: build-docker - with: - repository: camunda/zeebe - version: SNAPSHOT - push: true - distball: ${{ steps.build-zeebe.outputs.distball }} - - notify-if-failed: - name: Send slack notification on build failure - runs-on: ubuntu-latest - needs: [tests, deploy-snapshots, deploy-docker-snapshot] - if: failure() - steps: - - id: slack-notify - name: Send slack notification - uses: slackapi/slack-github-action@v1.22.0 - with: - # For posting a rich message using Block Kit - payload: | - { - "text": ":alarm: Build on `main` failed! :alarm:\n${{ github.event.head_commit.url }}", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":alarm: Build on `main` failed! :alarm:" - } - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "Please check the related commit: ${{ github.event.head_commit.url }}\n \\cc @zeebe-medic" - } - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/bors.toml b/bors.toml index 73c5df92ed63..9acbe3ba8173 100644 --- a/bors.toml +++ b/bors.toml @@ -1,7 +1,5 @@ status = [ "Test summary", - "Java checks", - "Go linting" ] required_approvals = 1