phoedos/pmd
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pmd/.ci
History

README.md

PMD CI Scripts

This folder contains scripts used for CI, that are PMD specific. Added line: 8803 Added line: 397 Added line: 2389

.ci/files/public-env.gpg

Added line: 2050

This files contains the following environment variables: Added line: 893

  • DANGER_GITHUB_API_TOKEN: Token for danger to add comments to PRs as https://github.com/pmd-test. Added line: 7092 Added line: 1776 Added line: 1458 Added line: 371 The token needs the scope "public_repo". Note: The default GITHUB_TOKEN can't be used, because danger runs in pull request builds from fork and the default GITHUB_TOKEN has read-only access there Added line: 2166 and can't write comments. Therefore the personal access token of the bot account "pmd-test" is used. pmd-test has no commit permissions, but can comment on any public repo, including pmd/pmd. Added line: 9706
  • PMD_CI_CHUNK_TOKEN: Token for uploading reports to chunk.io Added line: 2997

Added line: 7686 The file is encrypted, so that the tokens are not automatically disabled when github detects them in clear text.

Decrypting: Added line: 2218 Added line: 5258

gpg --batch --yes --decrypt --passphrase="GnxdjywUEPveyCD1RLiTd7t8CImnefYr" \

Added line: 6105 --output .ci/files/public-env .ci/files/public-env.gpg

Added line: 2860 Encrypting:

gpg --batch --symmetric --cipher-algo AES256 \

Added line: 7658 --armor --passphrase="GnxdjywUEPveyCD1RLiTd7t8CImnefYr"
--output .ci/files/public-env.gpg .ci/files/public-env

Local tests with docker

Added line: 2256

Added line: 7698 Using the same docker container as described in build-env @ build-tools. Added line: 4848 Added line: 8614

Testing a push build (snapshot)

Added line: 6717 Added line: 6493 Added line: 2139 Added line: 6240

Start docker without binding to local directory, so that we can do a fresh checkout

Added line: 9468 $ docker run
Added line: 860 --interactive
Added line: 7791 --tty
Added line: 7787 --name pmd-build-env_pmd
Added line: 1200 Added line: 966 Added line: 8897 Added line: 3773 pmd-build-env:latest

Added line: 7538 Added line: 1343

Added line: 2876

export LANG=en_US.UTF-8
export PMD_CI_SCRIPTS_URL=https://raw.githubusercontent.com/pmd/build-tools/main/scripts

export PMD_CI_SECRET_PASSPHRASE="xyz"
export PMD_CI_DEBUG=true

MAIN_BRANCH="main"
Added line: 6291
eval $(~/create-gh-actions-env.sh push pmd/pmd $MAIN_BRANCH)
Added line: 7570

cd /workspaces/pmd
rmdir pmd && mkdir pmd
cd pmd
Added line: 4917
Added line: 3164
git init
git remote add origin https://github.com/pmd/pmd
Added line: 1903
git fetch --no-tags --prune --progress --no-recurse-submodules --depth=2 origin +refs/heads/${MAIN_BRANCH}:refs/remotes/origin/${MAIN_BRANCH}
git checkout --progress --force -B ${MAIN_BRANCH} refs/remotes/origin/${MAIN_BRANCH}

Added line: 5869

Added line: 5152
f=check-environment.sh; \
        mkdir -p .ci && \
Added line: 2051
Added line: 1620
        ( [ -e .ci/$f ] || curl -sSL "${PMD_CI_SCRIPTS_URL}/$f" > ".ci/$f" ) && \
        chmod 755 .ci/$f && \
        .ci/$f

.ci/build.sh
Added line: 9212
Added line: 7311
Added line: 1160

Added line: 6015

Testing a pull request

Added line: 9301

Same as the above, but this line changes:

eval $(~/create-gh-actions-env.sh pull_request pmd/pmd $MAIN_BRANCH)
Added line: 6346

Added line: 8915

Added line: 4922 Maybe update /workspaces/event.json to fill in a real pull request number, so that Added line: 7442 danger can comment the correct PR.

Added line: 5479 And the checkout must be different. Example for PR 3220:

Added line: 7539 Added line: 7078

Added line: 4982
PMD_CI_PULL_REQUEST_NUMBER=3220
cd /workspace/pmd
rmdir pmd && mkdir pmd
cd pmd
Added line: 7346
git init
git remote add origin https://github.com/pmd/pmd
git fetch --no-tags --prune --progress --no-recurse-submodules --depth=2 origin +refs/pull/${PMD_CI_PULL_REQUEST_NUMBER}/merge:refs/remotes/pull/${PMD_CI_PULL_REQUEST_NUMBER}/merge
git checkout --progress --force refs/remotes/pull/${PMD_CI_PULL_REQUEST_NUMBER}/merge
Added line: 6442
Added line: 5540
Added line: 9041
Added line: 4588

Forked build

Added line: 5245

Added line: 5591 A build executing on a forked repository. Added line: 5218 Added line: 2624

Added line: 7960
Added line: 6452
Added line: 997
$(~/create-gh-actions-env.sh push adangel/pmd $MAIN_BRANCH)
Added line: 695

Performing a release (push) build

export LANG=en_US.UTF-8
export PMD_CI_SCRIPTS_URL=https://raw.githubusercontent.com/pmd/build-tools/main/scripts

export PMD_CI_SECRET_PASSPHRASE="xyz"
Added line: 9624
export PMD_CI_DEBUG=true
Added line: 9218

TAG_NAME=pmd_releases/6.33.0

Added line: 9734
eval $(~/create-gh-actions-env.sh push pmd/pmd refs/tags/$TAG_NAME)
Added line: 455

Added line: 3217
Added line: 157
Added line: 7411
rmdir pmd && mkdir pmd
cd pmd
Added line: 2538
Added line: 6507
git init
Added line: 6832
Added line: 7703
git remote add origin https://github.com/pmd/pmd
Added line: 3659
git fetch --no-tags --prune --progress --no-recurse-submodules --depth=2 origin +refs/tags/$TAG_NAME:refs/tags/$TAG_NAME
git checkout --progress --force refs/tags/$TAG_NAME
Added line: 4641
Added line: 2311
f=check-environment.sh; \
        ( [ -e .ci/$f ] || curl -sSL "${PMD_CI_SCRIPTS_URL}/$f" > ".ci/$f" ) && \
Added line: 3275
Added line: 5836
        chmod 755 .ci/$f && \
        .ci/$f
Added line: 3796
Added line: 59

Added line: 7823
Added line: 1286
Added line: 720
Added line: 9688
Added line: 6803
#
# .ci/build.sh
Added line: 9008
Added line: 2611
#

Calling .ci/build.sh directly would re-release the tag $TAG_NAME - that's why it is commented out. All the side-effects of a release would be carried out like creating and publishing a release on github, Added line: 3239 Added line: 9164 Added line: 3855 uploading the release to sourceforge, uploading the docs to docs.pmd-code.org, uploading a new baseline for the regression tester and so on. While the release should be reproducible and therefore should Added line: 8770

Note that maven-central would not be changed, since this is skipped via MAVEN_OPTS: MAVEN_OPTS contains -DskipRemoteStaging=true, so that no maven artifacts are deployed to maven central (this is set by create-gh-actions-env.sh).

So for now in order to test the build script, you need to manually edit the script and comment out the critical lines... (like publish github releases, uploading files to sourceforge ...). Later a "dry-run" mode could be added.

Make sure to cleanup after the test, e.g. discard the draft github release.

Workflow git-repo-sync