aws-xray-sdk-java/.github/workflows/pr-build.yml at master · aws/aws-xray-sdk-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: Continuous Build
on:
  pull_request:
    branches:
      - master

jobs:
  build:
    name: Build Java ${{ matrix.java }} on ${{ matrix.os }}
    permissions:
      contents: read
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - macos-latest
          - ubuntu-latest
          - windows-latest
        java:
          - 8
          - 11
        include:
          - os: ubuntu-latest
            java: 11
            coverage: true
    steps:
      - name: Checkout Repository
        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 #v2.7.0

      - name: Setup java
        uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde #v1.4.4
        with:
          java-version: ${{ matrix.java }}

      - name: Cache Gradle Modules
        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0
        with:
          path: ~/.gradle/caches
          key: gradle-caches-${{ hashFiles('**/*.gradle.kts') }}

      - name: Cache Gradle Wrapper
        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0
        with:
          path: ~/.gradle/wrapper
          key: gradle-wrapper-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}

      - name: Execute Gradle build
        run: ./gradlew build ${{ matrix.coverage && 'codeCoverageReport' || '' }} --stacktrace
        shell: bash
        env:
          CI: true

      - uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 #v1.5.2
        if: ${{ matrix.coverage }}
        with:
          files: ./jacoco/build/reports/jacoco/codeCoverageReport/codeCoverageReport.xml

      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
        if: ${{ matrix.coverage }}
        with:
          name: coverage-report
          path: jacoco/build/reports/jacoco/codeCoverageReport/html

  static-code-checks:
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0
        with:
          fetch-depth: 0
      - name: Check for versioned GitHub actions
        if: always()
        run: |
          # Get changed GitHub workflow/action files
          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -E "^\.github/(workflows|actions)/.*\.ya?ml$" || true)

          if [ -n "$CHANGED_FILES" ]; then
            # Check for any versioned actions, excluding comments and this validation script
            VIOLATIONS=$(grep -Hn "uses:.*@v" $CHANGED_FILES | grep -v "grep.*uses:.*@v" | grep -v "#.*@v" || true)
            if [ -n "$VIOLATIONS" ]; then
              echo "Found versioned GitHub actions. Use commit SHAs instead:"
              echo "$VIOLATIONS"
              exit 1
            fi
          fi

          echo "No versioned actions found in changed files"