Rework/simplify GH Actions jobs #16
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GH Actions CI | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| branches: | |
| - 'main' | |
| permissions: {} # none | |
| # See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting. | |
| concurrency: | |
| # Consider that two builds are in the same concurrency group (cannot run concurrently) | |
| # if they use the same workflow and are about the same branch ("ref") or pull request. | |
| group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" | |
| # Cancel previous builds in the same concurrency group even if they are in progress | |
| # for pull requests or pushes to forks (not the upstream repository). | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' || github.repository != 'hibernate/hibernate-orm' }} | |
| jobs: | |
| # Main job for h2/docker DBs. | |
| build: | |
| permissions: | |
| contents: read | |
| name: OpenJDK 17 - ${{matrix.rdbms}} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - rdbms: h2 | |
| - rdbms: hsqldb | |
| - rdbms: mysql | |
| - rdbms: mariadb | |
| - rdbms: postgresql | |
| - rdbms: edb | |
| - rdbms: oracle | |
| - rdbms: db2 | |
| - rdbms: mssql | |
| - rdbms: sybase | |
| # Running with CockroachDB requires at least 2-4 vCPUs, which we don't have on GH Actions runners | |
| # - rdbms: cockroachdb | |
| # Running with HANA requires at least 8GB memory just for the database, which we don't have on GH Actions runners | |
| # - rdbms: hana | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Reclaim Disk Space | |
| run: .github/ci-prerequisites.sh | |
| - name: Start database | |
| env: | |
| RDBMS: ${{ matrix.rdbms }} | |
| run: ci/database-start.sh | |
| - name: Set up Java 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| - name: Get year/month for cache key | |
| id: get-date | |
| run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Cache Maven/Gradle local caches | |
| uses: actions/cache@v4 | |
| id: cache-maven-gradle | |
| with: | |
| path: | | |
| ~/.m2/repository/ | |
| ~/.m2/wrapper/ | |
| ~/.gradle/caches/ | |
| ~/.gradle/wrapper/ | |
| # refresh cache every month to avoid unlimited growth | |
| # use a different key depending on whether we run in trusted or untrusted mode | |
| key: ${{ github.event_name == 'push' && 'trusted' || 'untrusted' }}-maven-gradle-caches-${{ steps.get-date.outputs.yearmonth }} | |
| - name: Run build script | |
| run: ./ci/build-github.sh | |
| shell: bash | |
| env: | |
| RDBMS: ${{ matrix.rdbms }} | |
| # For jobs running on 'push', publish build scan and cache immediately. | |
| # This won't work for pull requests, since they don't have access to secrets. | |
| POPULATE_REMOTE_GRADLE_CACHE: ${{ github.event_name == 'push' && github.repository == 'hibernate/hibernate-orm' && 'true' || 'false' }} | |
| DEVELOCITY_ACCESS_KEY: "${{ secrets.DEVELOCITY_ACCESS_KEY }}" | |
| # For jobs running on 'pull_request', tar and upload build scan data. | |
| # The actual publishing must be done in a separate job (see ci-report.yml). | |
| # We don't write to the remote cache as that would be unsafe. | |
| - name: Tar build scan content pushed to subsequent jobs | |
| if: "${{ github.event_name == 'pull_request' && !cancelled() }}" | |
| run: tar -czf build-scan-data.tgz -C ~/.gradle/build-scan-data . | |
| - name: Upload GitHub Actions artifact for the Develocity build scan | |
| uses: actions/upload-artifact@v4 | |
| if: "${{ github.event_name == 'pull_request' && !cancelled() }}" | |
| with: | |
| name: build-scan-data-${{ matrix.rdbms }} | |
| path: build-scan-data.tgz | |
| - name: Upload test reports (if Gradle failed) | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: test-reports-java11-${{ matrix.rdbms }} | |
| path: | | |
| ./**/target/reports/tests/ | |
| - name: Omit produced artifacts from build cache | |
| run: ./ci/before-cache.sh | |
| # Job for builds on Atlas (Oracle) infrastructure. | |
| # This is untrusted, even for pushes, see below. | |
| atlas: | |
| permissions: | |
| contents: read | |
| name: GraalVM 21 - ${{matrix.rdbms}} | |
| # runs-on: ubuntu-latest | |
| runs-on: [self-hosted, Linux, X64, OCI] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - rdbms: oracle_atps | |
| - rdbms: oracle_db19c | |
| - rdbms: oracle_db21c | |
| - rdbms: oracle_db23c | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Reclaim Disk Space | |
| run: .github/ci-prerequisites.sh | |
| - name: Start database | |
| env: | |
| RDBMS: ${{ matrix.rdbms }} | |
| RUNID: ${{ github.run_number }} | |
| run: ci/database-start.sh | |
| - name: Set up Java 21 | |
| uses: graalvm/setup-graalvm@v1 | |
| with: | |
| distribution: 'graalvm' | |
| java-version: '21' | |
| - name: Get year/month for cache key | |
| id: get-date | |
| run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Cache Maven/Gradle local caches | |
| uses: actions/cache@v4 | |
| id: cache-maven-gradle | |
| with: | |
| path: | | |
| ~/.m2/repository/ | |
| ~/.m2/wrapper/ | |
| ~/.gradle/caches/ | |
| ~/.gradle/wrapper/ | |
| # refresh cache every month to avoid unlimited growth | |
| # use a different key than jobs running in trusted mode | |
| key: untrusted-maven-gradle-caches-${{ steps.get-date.outputs.yearmonth }} | |
| - name: Run build script | |
| env: | |
| RDBMS: ${{ matrix.rdbms }} | |
| RUNID: ${{ github.run_number }} | |
| run: ./ci/build-github.sh | |
| shell: bash | |
| # Tar and upload build scan data. | |
| # The actual publishing must be done in a separate job (see ci-report.yml). | |
| # We don't write to the remote cache as that would be unsafe. | |
| # That's even on push, because we do not trust Atlas runners to hold secrets: they are shared infrastructure. | |
| - name: Tar build scan content pushed to subsequent jobs | |
| if: "${{ !cancelled() }}" | |
| run: tar -czf build-scan-data.tgz -C ~/.gradle/build-scan-data . | |
| - name: Upload GitHub Actions artifact for the Develocity build scan | |
| uses: actions/upload-artifact@v4 | |
| if: "${{ !cancelled() }}" | |
| with: | |
| name: build-scan-data-${{ matrix.rdbms }} | |
| path: build-scan-data.tgz | |
| - name: Upload test reports (if Gradle failed) | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: test-reports-java11-${{ matrix.rdbms }} | |
| path: | | |
| ./**/target/reports/tests/ | |
| - name: Omit produced artifacts from build cache | |
| run: ./ci/before-cache.sh |