HHH-18689 Maintain proxy targets when converting cache entries #19314
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The main CI of Hibernate ORM is https://ci.hibernate.org/job/hibernate-orm-pipeline/. | |
# However, Hibernate ORM builds run on GitHub actions regularly | |
# to check that it still works and can be used in GitHub forks. | |
# See https://docs.github.com/en/free-pro-team@latest/actions | |
# for more information about GitHub actions. | |
name: Hibernate ORM build | |
on: | |
push: | |
branches: | |
- '6.6' | |
# WARNING: Using pull_request_target to access secrets, but we check out the PR head commit. | |
# See checkout action for details. | |
pull_request_target: | |
branches: | |
- '6.6' | |
permissions: {} # none | |
# See https://github.com/hibernate/hibernate-orm/pull/4615 for a description of the behavior we're getting. | |
concurrency: | |
# Consider that two builds are in the same concurrency group (cannot run concurrently) | |
# if they use the same workflow and are about the same branch ("ref") or pull request. | |
group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" | |
# Cancel previous builds in the same concurrency group even if they are in process | |
# for pull requests or pushes to forks (not the upstream repository). | |
cancel-in-progress: ${{ github.event_name == 'pull_request_target' || github.repository != 'hibernate/hibernate-orm' }} | |
jobs: | |
build: | |
permissions: | |
contents: read | |
name: Java 11 | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- rdbms: h2 | |
- rdbms: hsqldb | |
- rdbms: derby | |
- rdbms: mysql | |
- rdbms: mariadb | |
- rdbms: postgresql | |
- rdbms: edb | |
- rdbms: oracle | |
- rdbms: db2 | |
- rdbms: mssql | |
- rdbms: sybase | |
# Running with CockroachDB requires at least 2-4 vCPUs, which we don't have on GH Actions runners | |
# - rdbms: cockroachdb | |
# Running with HANA requires at least 8GB memory just for the database, which we don't have on GH Actions runners | |
# - rdbms: hana | |
steps: | |
- name: Check out commit already pushed to branch | |
if: "! github.event.pull_request.number" | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Check out PR head | |
uses: actions/checkout@v4 | |
if: github.event.pull_request.number | |
with: | |
# WARNING: This is potentially dangerous since we're checking out unreviewed code, | |
# and since we're using the pull_request_target event we can use secrets. | |
# Thus, we must be extra careful to never expose secrets to steps that execute this code, | |
# and to strictly limit our of secrets to those that only pose minor security threats. | |
# This means in particular we won't expose Develocity credentials to the main gradle executions, | |
# but instead will execute gradle a second time just to push build scans to Develocity; | |
# see below. | |
ref: "refs/pull/${{ github.event.pull_request.number }}/head" | |
persist-credentials: false | |
- name: Reclaim Disk Space | |
run: .github/ci-prerequisites.sh | |
- name: Start database | |
env: | |
RDBMS: ${{ matrix.rdbms }} | |
run: ci/database-start.sh | |
- name: Set up Java 11 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Get year/month for cache key | |
id: get-date | |
run: echo "yearmonth=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Cache Maven local repository | |
uses: actions/cache@v4 | |
id: cache-maven | |
with: | |
path: | | |
~/.m2/repository | |
~/.gradle/caches/ | |
~/.gradle/wrapper/ | |
# refresh cache every month to avoid unlimited growth | |
key: maven-localrepo-${{ steps.get-date.outputs.yearmonth }} | |
- name: Run build script | |
env: | |
RDBMS: ${{ matrix.rdbms }} | |
# Don't populate Develocity cache in pull requests as that's potentially dangerous | |
POPULATE_REMOTE_GRADLE_CACHE: "${{ github.event_name == 'push' }}" | |
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code. | |
DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY || '' }}" | |
run: ./ci/build-github.sh | |
shell: bash | |
- name: Publish Develocity build scan for previous build (pull request) | |
# Don't fail a build if publishing fails | |
continue-on-error: true | |
if: "${{ !cancelled() && github.event_name == 'pull_request_target' && github.repository == 'hibernate/hibernate-orm' }}" | |
run: | | |
./gradlew buildScanPublishPrevious | |
env: | |
# WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code. | |
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }} | |
- name: Upload test reports (if Gradle failed) | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: test-reports-java11-${{ matrix.rdbms }} | |
path: | | |
./**/target/reports/tests/ | |
./**/target/reports/checkstyle/ | |
- name: Omit produced artifacts from build cache | |
run: ./ci/before-cache.sh |