From c1f307eb0bd6472bcf8d155144bbd21559984720 Mon Sep 17 00:00:00 2001
From: Andreas Dangel <andreas.dangel@pmd-code.org>
Date: Thu, 15 Apr 2021 18:47:44 +0200
Subject: [PATCH] [ci] Update doc about pmd build

---
 .ci/README.md                 |  65 ++++++++++++----------------------
 .ci/files/public-env.gpg      | Bin 365 -> 630 bytes
 .ci/inc/regression-tester.inc |   1 -
 3 files changed, 23 insertions(+), 43 deletions(-)

diff --git a/.ci/README.md b/.ci/README.md
index c3711495ca..c541ba8c3e 100644
--- a/.ci/README.md
+++ b/.ci/README.md
@@ -1,31 +1,28 @@
-## PMD CI Scripts
+# PMD CI Scripts
 
-This folder contains scripts used for CI.
+This folder contains scripts used for CI, that are PMD specific.
+It uses the common scripts from [build-tools](https://github.com/pmd/build-tools).
 
-## Secrets
+## .ci/files/public-env.gpg
 
-One secret is required for decrypting the GPG Key with which the PMD Releases are signed and
-for a ssh key, which is used to copy files to sourceforge.
+This files contains the following environment variables:
 
-## Environment variables
+*   DANGER_GITHUB_API_TOKEN: Token for danger to add comments to PRs as <https://github.com/pmd-test>
+*   PMD_CI_CHUNK_TOKEN: Token for uploading reports to chunk.io
 
-* PMD_CI_SECRET_PASSPHRASE
-* CI_DEPLOY_USER
-* CI_DEPLOY_PASSWORD
-* CI_SIGN_KEY
-* CI_SIGN_PASSPHRASE
-* PMD_SF_USER
-* PMD_SF_APIKEY
-* GITHUB_OAUTH_TOKEN
-* GITHUB_BASE_URL
-* COVERALLS_REPO_TOKEN
-* SONAR_TOKEN
-* DANGER_GITHUB_API_TOKEN
-* PMD_CI_CHUNK_TOKEN
+The file is encrypted, so that the tokens are not automatically disabled when github detects them
+in clear text.
 
-## Encrypting
+**Decrypting**:
 
-    gpg --batch --symmetric --cipher-algo AES256 --passphrase="$PMD_CI_SECRET_PASSPHRASE" file.txt
+    gpg --batch --yes --decrypt --passphrase="GnxdjywUEPveyCD1RLiTd7t8CImnefYr" \
+        --output .ci/files/public-env .ci/files/public-env.gpg
+
+**Encrypting**:
+
+    gpg --batch --symmetric --cipher-algo AES256 \
+        --armor --passphrase="GnxdjywUEPveyCD1RLiTd7t8CImnefYr" \
+        --output .ci/files/public-env.gpg .ci/files/public-env
 
 ## Known Issues
 
@@ -40,7 +37,7 @@ and [WAGON-486](https://issues.apache.org/jira/browse/WAGON-486):
 
 The setting `-Dmaven.wagon.httpconnectionManager.ttlSeconds=180 -Dmaven.wagon.http.retryHandler.count=3`
 makes sure, that Maven doesn't try to use pooled connections that have been unused for more than 180 seconds.
-These settings are placed as environment variable `MAVEN_OPTS` in all workflows, so that they are active for
+These settings are placed as environment variable `MAVEN_OPTS` in the workflow, so that they are active for
 all Maven executions (including builds done by regression tester).
 
 Alternatively, pooling could be disabled completely via `-Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false`.
@@ -49,9 +46,7 @@ established.
 
 More information about configuring this can be found at [wagon-http](https://maven.apache.org/wagon/wagon-providers/wagon-http/).
 
-## Hints
-
-### Remote debugging
+## Remote debugging
 
 Debugging remotely is possible with <https://github.com/mxschmitt/action-tmate>.
 
@@ -67,27 +62,13 @@ The workflow `troubleshooting` can be started manually, which already contains t
 **Note**: This is dangerous for push/pull builds on pmd/pmd, because these have access to the secrets and the SSH session
 is not protected. Builds triggered by pull requests from forked repositories don't have access to the secrets.
 
-### Local tests with docker
+## Local tests with docker
 
-Create a local docker container:
+Using the same docker container as described in [build-env @ build-tools](https://github.com/pmd/build-tools).
 
-```
-cd .ci/docker_ubuntu18.04
-docker build -t pmd-ci .
-```
+### Testing a push build (snapshot)
 
-This container is based on Ubuntu 18.04, which is used for `ubuntu-latest` github actions runner,
-see [Virtual Environment](https://github.com/actions/virtual-environments).
 
-You can run a local instance with docker:
-
-```
-docker run -it pmd-ci
-```
-
-You'll be dropped into a bash.
-
-#### Testing a push build (snapshot)
 
 Start docker without binding to local directory, so that we can do a fresh checkout: `docker run -it pmd-ci`.
 You'll be dropped into a bash. Use the following script, to setup and start the build:
diff --git a/.ci/files/public-env.gpg b/.ci/files/public-env.gpg
index 8cae0c6b6aeddac3ac14268b7bbecd73d3d891fa..4504a0ef26466ec3cdab5ea64dff77971a5ac03a 100644
GIT binary patch
literal 630
zcmZXSx00hk00nctVsmN>5HLWn0p5&+Hxe0En2~T22)_RIF1-$4()FtP`}-G3)lK`$
z)!na)8U&)Q{vE$DtP@F9_AYY&D4qZ}*^yTWa!~>?0XBG|Hth$hcgg29<!F-LH{IAr
z!#~cu*<`H)5hi5ySc$T42?DF#0Dx!8PRpzs-W{axnubX46>4))RwtN-`!LM`W!Lk-
z`g(u8nLH-$SEA3<l4bH3Ep3z=iPW`Xv_hWVtk!H~1RI5-A0vD%@yx0t?&qK*j%qM_
zi|?@o_JP1nY1dx8Sl`kkXHGANPY8Ibm#o>OsJ=z`s2}~L3Z3h@eXK}plB8jA%pDjp
zH%|7quWA_?mSb@mcMd1=fItgQSy43u{c~Gvgu^yn<!G0b_zbwqufskfq7Vxat4llX
z4^v`8`TmGBWX=Xdzh8)`1?QAsWm2#Yh<|1}c7u_TR)?=+ky2_!U$*Dveqc`V>U{57
zIaazaY>J;3l9Fj|9!62-t?&r($hZ(I84uoLfQ|G4c-0vFbZkl$J@OdyEXKHKOQP?g
zy8|YW(>!1@C&|1IIgz%eMI3yTZ^rlRiF||1QBpxb>RQT<qE{S=t%#j|Ka8h|&q21|
qC?$#qrZ?B-O~Xk;NDZIy)0h~G4`u7TVL$g_ny`NrskZWeS$_aXMaUcg

literal 365
zcmV-z0h0cV4Fm}T0$RwwO_uU9D*w{Jn*sl}ZilHm;mEMu&J;4aJr)3JVp8_#Y*TcB
zI*hN)V3G7&xoKeR_&#mlga5+P_n{Q+Ykxp)QfLFRS!|3X({H|y2mu!FqK^mXVI3xJ
zZ3ORd4%kTq2Jz6fV{|yX&a>l!v;>IO=s>X-2D{Cy1|)95YFGO^(Q)pd-hzILUm;)?
zVK|~P0wC+?$wctbmD6bN_2Vu;w(7pk5g3oU&x58DIM>;ufwS*#7~ILRZS>;2+$hQ}
z{F+Odn%^!@_T5;3z_M{g!MV}^Sgl~&bR~38*)7C7oEu>Ml-VSQ{xJW=>_iw8{D%sm
zhTnBDWK7W9_^HVcFEWAe+|X6SM-ym5h<8?9RLu+bDxC0w`H?3Mn1m(ybrjjrw?eW8
zIOAB7ISoIGH!B`aNHD+tsW0BNq)%Dp9+^C8aD5#g0Gk72g6Nf5&LnYIe<<hV<OtQL
Ls|g+Of@dz}n4Y;*

diff --git a/.ci/inc/regression-tester.inc b/.ci/inc/regression-tester.inc
index 093e096e95..4fd2ceeee0 100644
--- a/.ci/inc/regression-tester.inc
+++ b/.ci/inc/regression-tester.inc
@@ -7,7 +7,6 @@ source "$(dirname "$0")/inc/fetch_ci_scripts.bash" && fetch_ci_scripts
 
 #
 # The functions here require the following environment variables:
-# PMD_SF_USER
 # PMD_CI_BRANCH
 #
 # DANGER_GITHUB_API_TOKEN