pmd/.ci/README.md

## PMD CI Scripts

This folder contains scripts used for CI.

## Secrets

One secret is required for decrypting the GPG Key with which the PMD Releases are signed and
for a ssh key, which is used to copy files to sourceforge.

## Environment variables

* PMD_CI_SECRET_PASSPHRASE
* CI_DEPLOY_USER
* CI_DEPLOY_PASSWORD
* CI_SIGN_KEY
* CI_SIGN_PASSPHRASE
* PMD_SF_USER
* PMD_SF_APIKEY
* GITHUB_OAUTH_TOKEN
* GITHUB_BASE_URL
* DANGER_GITHUB_API_TOKEN
* PMD_CI_CHUNK_TOKEN

## Encrypting

    gpg --batch --symmetric --cipher-algo AES256 --passphrase="$PMD_CI_SECRET_PASSPHRASE" file.txt

## Known Issues

Intermittent build failures while downloading dependencies from maven central.
Root issue seems to be SNAT configs in Azure, which closes long running TCP connections
only on one side: https://docs.microsoft.com/en-us/azure/load-balancer/troubleshoot-outbound-connection#idletimeout
The default timeout is 4 minutes.

Workaround as described in https://github.com/actions/virtual-environments/issues/1499 and
https://issues.apache.org/jira/browse/WAGON-545 is applied:

The setting `-Dmaven.wagon.httpconnectionManager.ttlSeconds=180 -Dmaven.wagon.http.retryHandler.count=3`
doesn't seem to work.

Now we disable pooling completely, so that for downloading a artifact/dependency, always new, fresh
connections are used: `-Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false`.

Not working either.

## Hints

### Remote debugging

Debugging remotely is possible with <https://github.com/mxschmitt/action-tmate>.

Just add the following step into the job:

```
      - name: Setup tmate session
        uses: mxschmitt/action-tmate@v3
```

**Note**: This is dangerous for push/pull builds, because these have access to the secrets and the SSH session
is not protected...

### Local tests

Create a local docker container:

```
cd .ci/docker_ubuntu18.04
docker build -t pmd-ci .
```

This container is based on Ubuntu 18.04, which is used for `ubuntu-latest` github actions runner
(see <https://github.com/actions/virtual-environments>).

You can run a local instance with docker and mount your local pmd checkout into the container:

```
docker run -it --mount type=bind,source=path/to/pmd,target=/workspaces/pmd/pmd pmd-ci
```

You'll be dropped into a bash. Start e.g. with

```
cd workspaces/pmd/pmd
.ci/check-environment.sh
```
Initial version of new ci scripts 2020-11-10 22:26:26 +01:00			`## PMD CI Scripts`

			`This folder contains scripts used for CI.`

			`## Secrets`

			`One secret is required for decrypting the GPG Key with which the PMD Releases are signed and`
			`for a ssh key, which is used to copy files to sourceforge.`

			`## Environment variables`

Integrate danger for pull requests 2020-11-12 13:11:56 +01:00			`* PMD_CI_SECRET_PASSPHRASE`
			`* CI_DEPLOY_USER`
			`* CI_DEPLOY_PASSWORD`
			`* CI_SIGN_KEY`
			`* CI_SIGN_PASSPHRASE`
			`* PMD_SF_USER`
			`* PMD_SF_APIKEY`
			`* GITHUB_OAUTH_TOKEN`
			`* GITHUB_BASE_URL`
			`* DANGER_GITHUB_API_TOKEN`
			`* PMD_CI_CHUNK_TOKEN`
Initial version of new ci scripts 2020-11-10 22:26:26 +01:00
Integrate setup secrets into build.sh, add env.gpg, add sourceforge upload 2020-11-11 22:56:02 +01:00			`## Encrypting`

			`gpg --batch --symmetric --cipher-algo AES256 --passphrase="$PMD_CI_SECRET_PASSPHRASE" file.txt`
Initial version of new ci scripts 2020-11-10 22:26:26 +01:00
Add workaround for connection timeouts 2020-11-12 09:44:17 +01:00			`## Known Issues`

			`Intermittent build failures while downloading dependencies from maven central.`
			`Root issue seems to be SNAT configs in Azure, which closes long running TCP connections`
			`only on one side: https://docs.microsoft.com/en-us/azure/load-balancer/troubleshoot-outbound-connection#idletimeout`
			`The default timeout is 4 minutes.`

			`Workaround as described in https://github.com/actions/virtual-environments/issues/1499 and`
			`https://issues.apache.org/jira/browse/WAGON-545 is applied:`

Try disable http pooling 2020-11-12 17:59:43 +01:00			The setting `-Dmaven.wagon.httpconnectionManager.ttlSeconds=180 -Dmaven.wagon.http.retryHandler.count=3`
			`doesn't seem to work.`

Take out windows build It's always failing to download dependencies 2020-11-12 19:15:29 +01:00			`Now we disable pooling completely, so that for downloading a artifact/dependency, always new, fresh`
			connections are used: `-Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false`.

			`Not working either.`
Add debugging hints 2020-11-12 11:55:05 +01:00
			`## Hints`

			`### Remote debugging`

			`Debugging remotely is possible with <https://github.com/mxschmitt/action-tmate>.`

			`Just add the following step into the job:`

			```
			`- name: Setup tmate session`
			`uses: mxschmitt/action-tmate@v3`
			```

Take out windows build It's always failing to download dependencies 2020-11-12 19:15:29 +01:00			`Note: This is dangerous for push/pull builds, because these have access to the secrets and the SSH session`
			`is not protected...`
Add debugging hints 2020-11-12 11:55:05 +01:00
			`### Local tests`

Add docker for testing 2020-11-12 16:13:02 +01:00			`Create a local docker container:`
Add debugging hints 2020-11-12 11:55:05 +01:00
			```
Add docker for testing 2020-11-12 16:13:02 +01:00			`cd .ci/docker_ubuntu18.04`
			`docker build -t pmd-ci .`
Add debugging hints 2020-11-12 11:55:05 +01:00			```

Add docker for testing 2020-11-12 16:13:02 +01:00			This container is based on Ubuntu 18.04, which is used for `ubuntu-latest` github actions runner
			`(see <https://github.com/actions/virtual-environments>).`

			`You can run a local instance with docker and mount your local pmd checkout into the container:`

			```
			`docker run -it --mount type=bind,source=path/to/pmd,target=/workspaces/pmd/pmd pmd-ci`
			```

			`You'll be dropped into a bash. Start e.g. with`

			```
			`cd workspaces/pmd/pmd`
			`.ci/check-environment.sh`
			```