From f481c8b2838873c55c06bca3dd5baaf0b9416852 Mon Sep 17 00:00:00 2001 From: sebthom Date: Tue, 5 Dec 2023 03:10:27 +0100 Subject: [PATCH] update project config --- .ci/build.sh | 2 +- .ci/maven-settings.xml | 4 +- .ci/maven-toolchains.xml | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 6 +++ .github/dependabot.yml | 12 ++--- .github/stale.yml | 8 ++-- .github/workflows/build.yml | 80 ++++++++++++++++++++++++++++---- CODE_OF_CONDUCT.md | 52 +++++++++++---------- CONTRIBUTING.md | 3 +- 9 files changed, 121 insertions(+), 48 deletions(-) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.ci/build.sh b/.ci/build.sh index ed3d21c3..57e9f62d 100644 --- a/.ci/build.sh +++ b/.ci/build.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # # SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) -# SPDX-FileContributor: Sebastian Thomschke +# SPDX-FileContributor: Sebastian Thomschke (Vegard IT GmbH) # SPDX-License-Identifier: Apache-2.0 # SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/vegardit-maven-parent diff --git a/.ci/maven-settings.xml b/.ci/maven-settings.xml index 753c62c8..57efd0c8 100644 --- a/.ci/maven-settings.xml +++ b/.ci/maven-settings.xml @@ -1,7 +1,6 @@ - + - sonatype-ossrh @@ -14,5 +13,4 @@ ${env.GITHUB_API_KEY} - diff --git a/.ci/maven-toolchains.xml b/.ci/maven-toolchains.xml index 3501ddf9..39c6084c 100644 --- a/.ci/maven-toolchains.xml +++ b/.ci/maven-toolchains.xml @@ -1,4 +1,4 @@ - + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..6bdaa999 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,6 @@ +*Issue #, if available:* + +*Description of changes:* + + +By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 55e4e74d..7b925ac4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,28 +6,28 @@ updates: schedule: interval: weekly day: monday - time: "09:00" + time: "10:00" commit-message: prefix: fix prefix-development: chore include: scope labels: - - gha - - dependencies - pinned + - dependencies + - gha - package-ecosystem: maven directory: / schedule: interval: weekly day: monday - time: "09:00" + time: "10:00" commit-message: prefix: fix prefix-development: chore include: scope labels: - - mvn - - dependencies - pinned + - dependencies + - mvn ignore: - dependency-name: "co.leantechniques:maven-buildtime-extension" diff --git a/.github/stale.yml b/.github/stale.yml index e7df9f1b..f3ece949 100644 --- a/.github/stale.yml +++ b/.github/stale.yml @@ -1,13 +1,14 @@ # Configuration for probot-stale - https://github.com/probot/stale # Number of days of inactivity before an issue becomes stale -daysUntilStale: 60 +daysUntilStale: 120 # Number of days of inactivity before a stale issue is closed -daysUntilClose: 7 +daysUntilClose: 14 # Issues with these labels will never be considered stale exemptLabels: + - enhancement - pinned - security @@ -18,7 +19,8 @@ staleLabel: wontfix markComment: > This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. - Thank you for your contributions. + If the issue is still valid, please add a respective comment to prevent this + issue from being closed automatically. Thank you for your contributions. # Comment to post when closing a stale issue. Set to `false` to disable closeComment: false diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8c091b6c..eea70d36 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,5 +1,5 @@ # SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) -# SPDX-FileContributor: Sebastian Thomschke +# SPDX-FileContributor: Sebastian Thomschke (Vegard IT GmbH) # SPDX-License-Identifier: Apache-2.0 # SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/vegardit-maven-parent # @@ -19,6 +19,12 @@ on: - '.git*' - '.github/*.yml' pull_request: + paths-ignore: + - '**/*.adoc' + - '**/*.md' + - '.editorconfig' + - '.git*' + - '.github/*.yml' workflow_dispatch: # https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ inputs: @@ -26,6 +32,15 @@ on: description: 'Additional Maven Args' required: false default: '' + debug-with-ssh: + description: "Start an SSH session for debugging purposes at the end of the build:" + default: never + type: choice + options: [ always, on_failure, on_failure_or_cancelled, never ] + debug-with-ssh-only-for-actor: + description: "Limit access to the SSH session to the GitHub user that triggered the job." + default: true + type: boolean defaults: run: @@ -34,22 +49,37 @@ defaults: env: JAVA_VERSION: 11 + jobs: - build: + + ########################################################### + maven-build: + ########################################################### runs-on: ubuntu-latest + + + # https://docs.github.com/en/actions/using-jobs/using-concurrency + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + + steps: - name: Show environment variables run: env | sort + - name: Git Checkout - uses: actions/checkout@v4 #https://github.com/actions/checkout + uses: actions/checkout@v4 # https://github.com/actions/checkout + - - name: Set up JDK ${{ env.JAVA_VERSION }} - uses: actions/setup-java@v4 #https://github.com/actions/setup-java + - name: "Install: JDK ${{ env.JAVA_VERSION }}" + uses: actions/setup-java@v4 # https://github.com/actions/setup-java with: distribution: temurin java-version: ${{ env.JAVA_VERSION }} + # reusing CDS archives of the same JVM randomly fails in GitHub Actions with # "An error has occurred while processing the shared archive file. shared class paths mismatch" #- name: Calculate Java version checksum @@ -63,6 +93,7 @@ jobs: # ~/.xshare/${{ steps.java-version-checksum.outputs.md5sum }} # key: ${{ runner.os }}-xshare-${{ steps.java-version-checksum.outputs.md5sum }} + - name: "Cache: Restore" id: cache-restore if: ${{ !env.ACT }} # https://github.com/nektos/act#skipping-steps @@ -74,8 +105,8 @@ jobs: !~/.m2/repository/com/vegardit/maven key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + - name: Test with Maven - id: maven-test if: ${{ github.ref_name != 'main' || env.ACT }} env: GITHUB_USER: ${{ github.actor }} @@ -84,8 +115,8 @@ jobs: run: | bash .ci/build.sh ${{ github.event.inputs.additional_maven_args }} + - name: Build with Maven - id: maven-build if: ${{ github.ref_name == 'main' && !env.ACT }} env: DEPLOY_SNAPSHOTS_TO_GITHUB_BRANCH: true @@ -107,7 +138,7 @@ jobs: ################################################## # Cache Update - # See https://github.com/actions/cache/issues/342 + # See https://github.com/actions/cache/issues/342#issuecomment-1399442670 ################################################## - name: "Cache: Delete Previous" if: ${{ steps.cache-restore.outputs.cache-hit && !env.ACT }} @@ -126,11 +157,41 @@ jobs: ~/.m2/bin ~/.m2/repository !~/.m2/repository/com/vegardit/maven + !~/.m2/repository/*SNAPSHOT* key: ${{ steps.cache-restore.outputs.cache-primary-key }} + ################################################## + # Setup SSH debug session + ################################################## + - name: "SSH session for debugging: check" + id: DEBUG_SSH_SESSSION_CHECK + if: always() + run: | + set -eu + + when="${{ inputs.debug-with-ssh }}" + + if [[ $when == "always" ]] || case "${{ job.status }}" in + success) [[ $when == "always" ]] ;; + cancelled) [[ $when == "on_failure_or_cancelled" ]] ;; + failure) [[ $when == "on_failure"* ]] ;; + esac; then + echo "start_ssh_session=true" | tee -a "$GITHUB_OUTPUT" + fi + + + - name: "SSH session for debugging: start" + uses: mxschmitt/action-tmate@v3 # https://github.com/mxschmitt/action-tmate + if: always() && steps.DEBUG_SSH_SESSSION_CHECK.outputs.start_ssh_session + with: + limit-access-to-actor: ${{ inputs.debug-with-ssh-only-for-actor }} + + + ########################################################### dependabot-pr-auto-merge: - needs: build + ########################################################### + needs: maven-build if: ${{ github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' }} runs-on: ubuntu-latest @@ -147,6 +208,7 @@ jobs: with: github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs if: | ${{ diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index b24457b1..7035167b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -6,8 +6,8 @@ We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, religion, or sexual identity -and orientation. +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. @@ -22,17 +22,17 @@ community include: * Giving and gracefully accepting constructive feedback * Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience -* Focusing on what is best not just for us as individuals, but for the - overall community +* Focusing on what is best not just for us as individuals, but for the overall + community Examples of unacceptable behavior include: -* The use of sexualized language or imagery, and sexual attention or - advances of any kind +* The use of sexualized language or imagery, and sexual attention or advances of + any kind * Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment -* Publishing others' private information, such as a physical or email - address, without their explicit permission +* Publishing others' private information, such as a physical or email address, + without their explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting @@ -60,7 +60,7 @@ representative at an online or offline event. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at -https://vegardit.com/about/legal/. +https://vegardit.com/en/legal/ All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the @@ -82,15 +82,15 @@ behavior was inappropriate. A public apology may be requested. ### 2. Warning -**Community Impact**: A violation through a single incident or series -of actions. +**Community Impact**: A violation through a single incident or series of +actions. **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. +like social media. Violating these terms may lead to a temporary or permanent +ban. ### 3. Temporary Ban @@ -106,23 +106,27 @@ Violating these terms may lead to a permanent ban. ### 4. Permanent Ban **Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an +standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. -**Consequence**: A permanent ban from any sort of public interaction within -the community. +**Consequence**: A permanent ban from any sort of public interaction within the +community. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder](https://github.com/mozilla/diversity). - -[homepage]: https://www.contributor-covenant.org +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0572657f..bf7ea580 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,6 +8,7 @@ We want to make contributing as easy and transparent as possible. ## Code of Conduct Our code of conduct is described in [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md). +Please follow it in all your interactions with the project. ## Issues @@ -20,6 +21,6 @@ We use GitHub issues to track bugs and feature requests. Please ensure your desc Before you make a substantial pull request, please file an issue and make sure someone from the team agrees that there is a problem or room for improvement. -## License +### License By contributing your code, you agree to license your contribution under the [Apache License 2.0](LICENSE.txt).