Skip to content

Commit 099cc49

Browse files
Fork-specific CI and workflow configurations
1 parent 0c7a0a1 commit 099cc49

6 files changed

Lines changed: 816 additions & 0 deletions

File tree

.github/fork-specific-files.txt

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
.github/dependabot.yml
2+
.github/workflows/codacy.yml
3+
.github/workflows/codeql.yml
4+
.github/workflows/maven.yml
5+
.github/workflows/rebase.yml
6+
.github/workflows/rebase-upstream.yml
7+
.github/workflows/sync-upstream.yml
8+
.github/workflows/create-upstream-pr.yml
9+
.github/fork-specific-files.txt
10+
README.md

.github/workflows/codacy.yml

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
# This workflow uses actions that are not certified by GitHub.
2+
# They are provided by a third-party and are governed by
3+
# separate terms of service, privacy policy, and support
4+
# documentation.
5+
6+
# This workflow checks out code, performs a Codacy security scan
7+
# and integrates the results with the
8+
# GitHub Advanced Security code scanning feature. For more information on
9+
# the Codacy security scan action usage and parameters, see
10+
# https://github.com/codacy/codacy-analysis-cli-action.
11+
# For more information on Codacy Analysis CLI in general, see
12+
# https://github.com/codacy/codacy-analysis-cli.
13+
14+
name: Codacy Security Scan
15+
16+
on:
17+
push:
18+
branches: [ master ]
19+
pull_request:
20+
# The branches below must be a subset of the branches above
21+
branches: [ master ]
22+
schedule:
23+
- cron: '24 8 * * 2'
24+
25+
permissions:
26+
contents: read
27+
28+
jobs:
29+
codacy-security-scan:
30+
permissions:
31+
contents: read # for actions/checkout to fetch code
32+
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
33+
name: Codacy Security Scan
34+
runs-on: ubuntu-latest
35+
steps:
36+
# Checkout the repository to the GitHub Actions runner
37+
- name: Checkout code
38+
uses: actions/checkout@v4
39+
40+
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
41+
- name: Run Codacy Analysis CLI
42+
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
43+
# uses: codacy/codacy-analysis-cli-action@33d455949345bddfdb845fba76b57b70cc83754b
44+
env:
45+
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths", 1]}}'
46+
47+
with:
48+
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
49+
# You can also omit the token and run the tools that support default configurations
50+
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
51+
verbose: true
52+
output: results.sarif
53+
format: sarif
54+
# Adjust severity of non-security issues
55+
gh-code-scanning-compat: true
56+
# Force 0 exit code to allow SARIF file generation
57+
# This will handover control about PR rejection to the GitHub side
58+
max-allowed-issues: 2147483647
59+
60+
61+
62+
63+
# Upload the SARIF file generated in the previous step
64+
- name: Upload SARIF results file
65+
uses: github/codeql-action/upload-sarif@v3
66+
with:
67+
sarif_file: results.sarif
Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
name: Create Upstream PR Branch
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
issue_number:
7+
description: 'Issue number (used for branch name: upstream-pr/issue-{number})'
8+
required: true
9+
type: string
10+
source_branch:
11+
description: 'Source branch containing the commits to cherry-pick'
12+
required: true
13+
type: string
14+
commit_shas:
15+
description: 'Comma-separated list of commit SHAs to cherry-pick onto upstream/master'
16+
required: true
17+
type: string
18+
pr_title:
19+
description: 'Title for the upstream PR (informational only)'
20+
required: false
21+
type: string
22+
23+
jobs:
24+
create-upstream-pr-branch:
25+
name: Create Clean Upstream PR Branch
26+
runs-on: ubuntu-latest
27+
permissions:
28+
contents: write
29+
steps:
30+
- name: Checkout repository
31+
uses: actions/checkout@v4
32+
with:
33+
fetch-depth: 0
34+
token: ${{ secrets.GITHUB_TOKEN }}
35+
36+
- name: Configure Git
37+
run: |
38+
git config user.name "github-actions[bot]"
39+
git config user.email "github-actions[bot]@users.noreply.github.com"
40+
41+
- name: Fetch upstream master
42+
run: |
43+
git remote add upstream https://github.com/eclipse-jdt/eclipse.jdt.ui.git
44+
git fetch upstream master
45+
46+
- name: Create branch based on upstream/master
47+
run: |
48+
BRANCH_NAME="upstream-pr/issue-${{ inputs.issue_number }}"
49+
git checkout -b "$BRANCH_NAME" upstream/master
50+
echo "Created branch: $BRANCH_NAME"
51+
52+
- name: Cherry-pick specified commits
53+
id: cherry_pick
54+
run: |
55+
BRANCH_NAME="upstream-pr/issue-${{ inputs.issue_number }}"
56+
COMMIT_SHAS="${{ inputs.commit_shas }}"
57+
58+
# Convert comma-separated list to space-separated
59+
SHAS=$(echo "$COMMIT_SHAS" | tr ',' ' ' | tr -s ' ')
60+
61+
echo "Cherry-picking commits: $SHAS"
62+
63+
SUCCESS=true
64+
for SHA in $SHAS; do
65+
SHA=$(echo "$SHA" | xargs) # trim whitespace
66+
if [ -z "$SHA" ]; then
67+
continue
68+
fi
69+
echo "Cherry-picking $SHA..."
70+
if ! git cherry-pick "$SHA"; then
71+
echo "Cherry-pick failed for $SHA"
72+
git cherry-pick --abort 2>/dev/null || true
73+
SUCCESS=false
74+
break
75+
fi
76+
done
77+
78+
if [ "$SUCCESS" = "true" ]; then
79+
echo "success=true" >> $GITHUB_OUTPUT
80+
else
81+
echo "success=false" >> $GITHUB_OUTPUT
82+
fi
83+
84+
- name: Verify branch contents
85+
if: steps.cherry_pick.outputs.success == 'true'
86+
run: |
87+
echo "=== Commits on this branch (not in upstream/master) ==="
88+
git log upstream/master..HEAD --oneline
89+
echo ""
90+
echo "=== Files changed vs upstream/master ==="
91+
git diff upstream/master..HEAD --stat
92+
93+
- name: Force-push branch to fork
94+
if: steps.cherry_pick.outputs.success == 'true'
95+
run: |
96+
BRANCH_NAME="upstream-pr/issue-${{ inputs.issue_number }}"
97+
git push --force origin "$BRANCH_NAME"
98+
echo "✅ Branch '$BRANCH_NAME' pushed to fork"
99+
100+
- name: Output PR creation link
101+
if: steps.cherry_pick.outputs.success == 'true'
102+
run: |
103+
BRANCH_NAME="upstream-pr/issue-${{ inputs.issue_number }}"
104+
REPO_OWNER="${{ github.repository_owner }}"
105+
REPO_NAME="${{ github.event.repository.name }}"
106+
PR_LINK="https://github.com/eclipse-jdt/eclipse.jdt.ui/compare/master...${REPO_OWNER}:${REPO_NAME}:${BRANCH_NAME}"
107+
108+
echo ""
109+
echo "=========================================="
110+
echo "✅ Branch ready for upstream PR!"
111+
echo "=========================================="
112+
echo ""
113+
echo "Branch: $BRANCH_NAME"
114+
if [ -n "${{ inputs.pr_title }}" ]; then
115+
echo "PR Title: ${{ inputs.pr_title }}"
116+
fi
117+
echo ""
118+
echo "Create PR at:"
119+
echo "$PR_LINK"
120+
echo ""
121+
122+
- name: Fail if cherry-pick failed
123+
if: steps.cherry_pick.outputs.success == 'false'
124+
run: |
125+
echo "❌ Cherry-pick failed. Check the logs above for details."
126+
exit 1

.github/workflows/maven.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
2+
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
3+
4+
name: Java CI with Maven
5+
6+
on:
7+
push:
8+
branches: [ master ]
9+
pull_request:
10+
branches: [ master ]
11+
workflow_run:
12+
workflows: ["Sync Fork with Upstream"]
13+
types: [completed]
14+
branches: [master]
15+
16+
jobs:
17+
build:
18+
if: >-
19+
github.event_name != 'workflow_run' ||
20+
github.event.workflow_run.conclusion == 'success'
21+
runs-on: ubuntu-latest
22+
23+
steps:
24+
- uses: actions/checkout@v4
25+
- name: Set up JDK 21
26+
uses: actions/setup-java@v4
27+
with:
28+
java-version: '21'
29+
distribution: 'temurin'
30+
cache: maven
31+
- name: Set up Maven
32+
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
33+
with:
34+
maven-version: 3.9.9
35+
- name: Build with Maven
36+
run: mvn -B package -Pbuild-individual-bundles --file pom.xml

0 commit comments

Comments
 (0)