Skip to content

Commit e77c673

Browse files
committed
[ci] Initial CI setup
Signed-off-by: Jiri Pechanec <jiri.pechanec@centrum.cz>
1 parent f98d2fe commit e77c673

8 files changed

Lines changed: 397 additions & 19 deletions

File tree

.github/dependabot.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
version: 2
2+
updates:
3+
# Updates for GitHub Actions
4+
- package-ecosystem: "github-actions"
5+
directory: "/"
6+
schedule:
7+
interval: "weekly"
8+
commit-message:
9+
prefix: "[ci] "
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
name: Commit Sign-off Check
2+
on:
3+
# ATTENTION: See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
4+
# re security implications of using this trigger; in particular, no code from PR branches must
5+
# be executed in any flows triggered by it
6+
- pull_request_target
7+
8+
jobs:
9+
# Checks that all commits contain sign-offs
10+
# Will add/remove comments as necessary based on the current status of the pull request.
11+
check-signed-commits:
12+
name: Check signed commits
13+
runs-on: ubuntu-latest
14+
steps:
15+
- uses: debezium/dbz/.github/actions/check-dco@main
16+
with:
17+
add-comments: "true"
Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
name: Contributor Check
2+
on:
3+
# ATTENTION: See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
4+
# re security implications of using this trigger; in particular, no code from PR branches must
5+
# be executed in any flows triggered by it
6+
pull_request_target:
7+
branches:
8+
- main
9+
- 1.*
10+
- 2.*
11+
- 3.*
12+
- 4.*
13+
types: [ opened ]
14+
jobs:
15+
build:
16+
runs-on: ubuntu-latest
17+
steps:
18+
- name: Check if COPYRIGHT.txt has author name?
19+
id: check
20+
env:
21+
pull_request_number: ${{ github.event.pull_request.number }}
22+
github_repository: ${{ github.repository }}
23+
run: |
24+
curl -H 'Accept: application/vnd.github.v3.raw' https://raw.githubusercontent.com/debezium/debezium/main/COPYRIGHT.txt >> COPYRIGHT.txt
25+
curl -H 'Accept: application/vnd.github.v3.raw' https://raw.githubusercontent.com/debezium/debezium/main/jenkins-jobs/scripts/config/Aliases.txt >> ALIASES.txt
26+
curl -H 'Accept: application/vnd.github.v3.raw' https://raw.githubusercontent.com/debezium/debezium/main/jenkins-jobs/scripts/config/FilteredNames.txt >> FILTEREDNAMES.txt
27+
28+
curl --silent -X "GET" https://api.github.com/repos/$github_repository/pulls/$pull_request_number/commits | jq '.[] | {author: .commit.author.name}' | jq -r '.author' | uniq >> AUTHOR_NAME.txt
29+
30+
while IFS=" " read -r AUTHOR;
31+
do
32+
if ! grep -qi "$AUTHOR" COPYRIGHT.txt; then
33+
if ! grep -qi "$AUTHOR" ALIASES.txt; then
34+
if ! grep -qi "$AUTHOR" FILTEREDNAMES.txt; then
35+
echo "USER_NOT_FOUND=true" >> $GITHUB_OUTPUT
36+
fi
37+
fi
38+
fi
39+
done < AUTHOR_NAME.txt
40+
- name: Create comment
41+
if: ${{ steps.check.outputs.USER_NOT_FOUND == 'true' }}
42+
uses: peter-evans/create-or-update-comment@v5
43+
with:
44+
issue-number: ${{ github.event.pull_request.number }}
45+
body: |
46+
Welcome as a new contributor to Debezium, @${{ github.event.pull_request.user.login }}. Reviewers, please add missing author name(s) and alias name(s) to the [COPYRIGHT.txt](https://github.com/debezium/debezium/blob/main/COPYRIGHT.txt) and [Aliases.txt](https://github.com/debezium/debezium/blob/main/jenkins-jobs/scripts/config/Aliases.txt) respectively.
47+
- name: Check failure
48+
if: ${{ steps.check.outputs.USER_NOT_FOUND == 'true' }}
49+
uses: actions/github-script@v9
50+
continue-on-error: false
51+
with:
52+
script: |
53+
throw new Error('Add new user, @${{ github.event.pull_request.user.login }} to COPYRIGHT.txt and Aliases.txt')

.github/workflows/cross-maven.yml

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
#
2+
# Copyright Debezium Authors
3+
#
4+
# Licensed under the Apache Software License version 2.0, available at http://www.apache.org/licenses/LICENSE-2.0
5+
#
6+
# Cross CI workflow is triggered on a `pull_request` event.
7+
# It builds the Debezium core before building the YashanDB connector basing on either the `master` branch or the `pull_request` branch.
8+
# If a `pull_request` with same branch name is present in the Debezium's upstream core repository, then the core build of this `pull_request`
9+
# will be based on `pull_request` branch of user's Debezium core repository.
10+
# Otherwise the core build of this `pull_request` will be based on the `master` branch of Debezium's upstream core repository.
11+
12+
name: Cross Maven CI
13+
14+
on:
15+
pull_request:
16+
branches:
17+
- main
18+
- 1.*
19+
- 2.*
20+
- 3.*
21+
- 4.*
22+
paths-ignore:
23+
- '*.md'
24+
25+
jobs:
26+
# Checks that all commits contain sign-offs
27+
check-signed-commits:
28+
name: Check signed commits
29+
runs-on: ubuntu-latest
30+
steps:
31+
- uses: debezium/dbz/.github/actions/check-dco@main
32+
build:
33+
needs: [ check-signed-commits ]
34+
runs-on: ubuntu-latest
35+
steps:
36+
- name: Checkout yashandb repository
37+
uses: actions/checkout@v6
38+
with:
39+
path: yashandb
40+
- name: Check if pull request branch exists in debezium main repository
41+
id: branch
42+
env:
43+
branch_name: ${{ github.head_ref }}
44+
run: |
45+
curl --silent -X "GET" https://api.github.com/repos/debezium/debezium/pulls | jq '.[] | {branch: .head.ref}' | jq -r '.branch' >> SORTED_PULLS.txt
46+
47+
while IFS=" " read -r BRANCH;
48+
do
49+
if grep -q "$branch_name" <<< "$BRANCH"; then
50+
echo "BRANCH_FOUND=true" >> $GITHUB_OUTPUT
51+
fi
52+
done < SORTED_PULLS.txt
53+
- name: Checkout core repository with pull request branch
54+
if: ${{ steps.branch.outputs.BRANCH_FOUND == 'true' }}
55+
uses: actions/checkout@v6
56+
with:
57+
repository: ${{ github.event.pull_request.user.login }}/debezium
58+
ref: ${{ github.head_ref }}
59+
path: core
60+
- name: Checkout core repository with default base branch
61+
if: ${{ steps.branch.outputs.BRANCH_FOUND != 'true' }}
62+
uses: actions/checkout@v6
63+
with:
64+
repository: debezium/debezium
65+
ref: ${{ github.base_ref }}
66+
path: core
67+
- name: Set up JDK
68+
uses: actions/setup-java@v5
69+
with:
70+
distribution: 'temurin'
71+
java-version: 21
72+
- name: Cache Maven packages
73+
uses: actions/cache@v5
74+
with:
75+
path: ~/.m2
76+
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
77+
restore-keys: ${{ runner.os }}-m2
78+
- name: Maven build core
79+
run: ./yashandb/mvnw clean install -f core/pom.xml -pl debezium-bom,debezium-connector-common,debezium-util,debezium-config,debezium-embedded,debezium-storage,debezium-connect-plugins -am -DskipTests -DskipITs -Dformat.formatter.goal=validate -Dformat.imports.goal=check -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
80+
- name: Maven build yashandb
81+
run: ./yashandb/mvnw clean install -f yashandb/pom.xml -Passembly -Dformat.formatter.goal=validate -Dformat.imports.goal=check -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -DfailFlakyTests=false -Ddebezium.test.records.waittime=5

.github/workflows/maven.yml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
#
2+
# Copyright Debezium Authors
3+
#
4+
# Licensed under the Apache Software License version 2.0, available at http://www.apache.org/licenses/LICENSE-2.0
5+
#
6+
name: Maven CI
7+
8+
on:
9+
push:
10+
branches:
11+
- main
12+
- 1.*
13+
- 2.*
14+
- 3.*
15+
- 4.*
16+
paths-ignore:
17+
- '*.md'
18+
19+
jobs:
20+
build:
21+
runs-on: ubuntu-latest
22+
23+
steps:
24+
- name: Checkout core repository
25+
uses: actions/checkout@v6
26+
with:
27+
repository: debezium/debezium
28+
ref: ${{ github.ref }}
29+
path: core
30+
- name: Checkout YashanDB connector
31+
uses: actions/checkout@v6
32+
with:
33+
path: yashandb
34+
- name: Set up JDK
35+
uses: actions/setup-java@v5
36+
with:
37+
distribution: 'temurin'
38+
java-version: 21
39+
- name: Cache Maven packages
40+
uses: actions/cache@v5
41+
with:
42+
path: ~/.m2
43+
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
44+
restore-keys: ${{ runner.os }}-m2
45+
- name: Maven build core
46+
run: ./yashandb/mvnw clean install -f core/pom.xml -pl debezium-bom,debezium-connector-common,debezium-util,debezium-config,debezium-embedded,debezium-storage,debezium-connect-plugins -am -DskipTests -DskipITs -Dformat.formatter.goal=validate -Dformat.imports.goal=check -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
47+
- name: Maven build YashanDB
48+
run: ./yashandb/mvnw clean install -f yashandb/pom.xml -Passembly -Dformat.formatter.goal=validate -Dformat.imports.goal=check -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -DfailFlakyTests=false -Ddebezium.test.records.waittime=5
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
name: Octocat commits check
2+
on:
3+
# ATTENTION: See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
4+
# re security implications of using this trigger; in particular, no code from PR branches must
5+
# be executed in any flows triggered by it
6+
pull_request_target:
7+
branches:
8+
- main
9+
- 1.*
10+
- 2.*
11+
- 3.*
12+
- 4.*
13+
jobs:
14+
build:
15+
runs-on: ubuntu-latest
16+
steps:
17+
- name: Check if octocat commits are present?
18+
id: octocat
19+
env:
20+
pull_request_number: ${{ github.event.pull_request.number }}
21+
github_repository: ${{ github.repository }}
22+
run: |
23+
curl --silent -X "GET" https://api.github.com/repos/$github_repository/pulls/$pull_request_number/commits | jq '.[] | {author: .author.login}' | jq -r '.author' >> SORTED_AUTHORS.txt
24+
25+
while IFS=" " read -r AUTHOR;
26+
do
27+
if [[ $AUTHOR == *"null"* ]]; then
28+
echo "OCTOCAT_COMMIT_FOUND=true" >> $GITHUB_OUTPUT
29+
fi
30+
done < SORTED_AUTHORS.txt
31+
- name: Create comment
32+
if: ${{ steps.octocat.outputs.OCTOCAT_COMMIT_FOUND == 'true' }}
33+
uses: peter-evans/create-or-update-comment@v5
34+
with:
35+
issue-number: ${{ github.event.pull_request.number }}
36+
body: |
37+
Hi @${{ github.event.pull_request.user.login }}. Thank you for your valuable contribution.
38+
Please author your commit(s) using an email [linked to your GitHub account](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-graphs-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile).
39+
- name: Check failure
40+
if: ${{ steps.check.outputs.OCTOCAT_COMMIT_FOUND == 'true' }}
41+
uses: actions/github-script@v9
42+
continue-on-error: false
43+
with:
44+
script: |
45+
throw new Error('Octocat commits found')

.github/workflows/sanity-check.yml

Lines changed: 105 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
name: Commit message format check
2+
on:
3+
# ATTENTION: See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
4+
# re security implications of using this trigger; in particular, no code from PR branches must
5+
# be executed in any flows triggered by it
6+
pull_request_target:
7+
branches:
8+
- main
9+
- 1.*
10+
- 2.*
11+
- 3.*
12+
- 4.*
13+
14+
jobs:
15+
build:
16+
name: Commit message
17+
runs-on: ubuntu-latest
18+
steps:
19+
- name: Commit messages in format debezium/dbz#xxx
20+
id: check
21+
env:
22+
pull_request_number: ${{ github.event.pull_request.number }}
23+
github_repository: ${{ github.repository }}
24+
run: |
25+
echo "PREFIX_COMMITS=false" >> $GITHUB_OUTPUT
26+
27+
make_api_call_with_retries() {
28+
local URL="$1"
29+
local MAX_RETRIES="${2:-3}"
30+
local DELAY="${3:-2}"
31+
local ATTEMPT=1
32+
33+
if [[ -z "$URL" ]]; then
34+
echo "::error:: No URL provided to call_api_with_retries." >&2
35+
return 1
36+
fi
37+
38+
while [ $ATTEMPT -le $MAX_RETRIES ]; do
39+
RESPONSE=$(curl --silent -w "%{http_code}" -X "GET" $URL)
40+
HTTP_CODE="${RESPONSE: -3}"
41+
BODY="${RESPONSE:: -3}"
42+
43+
if [ "$HTTP_CODE" -eq 200 ]; then
44+
echo "$BODY"
45+
return 0
46+
else
47+
sleep "$DELAY"
48+
DELAY=$((DELAY * 2))
49+
fi
50+
51+
ATTEMPT=$((ATTEMPT + 1))
52+
done
53+
54+
echo "::error:: No luck getting a successful response after $MAX_RETRIES retries." >&2
55+
return 1
56+
}
57+
58+
if ! RESPONSE=$(make_api_call_with_retries "https://api.github.com/repos/$github_repository/pulls/$pull_request_number/commits"); then
59+
echo "::error:: No luck getting the commit messages."
60+
exit 1
61+
fi
62+
63+
MESSAGE=$(echo "$RESPONSE" | jq -r '.[].commit.message // empty')
64+
if [[ "$MESSAGE" == "API rate limit exceeded"* ]]; then
65+
echo "::error:: Github API rate limit exceeded. Skipping commit message check."
66+
exit 1
67+
fi
68+
69+
NON_PREFIX_COMMITS=""
70+
echo "$RESPONSE" | jq -r '.[] | .commit.message | split("\n")[0]' > COMMIT_MSGS.txt
71+
72+
while IFS= read -r line;
73+
do
74+
echo "-> checking: $line"
75+
if [[ ! $line =~ (^debezium/dbz#[[:digit:]]+)|(DBZ-[[:digit:]]+)|(\[release\])|(\[jenkins-jobs\])|(\[docs\])|(\[maven-release-plugin\])|(\[ci\]) ]]; then
76+
NON_PREFIX_COMMITS="${NON_PREFIX_COMMITS} -> ${line}\n"
77+
fi
78+
done < COMMIT_MSGS.txt
79+
80+
if [[ -n $NON_PREFIX_COMMITS ]]; then
81+
echo "========================================================================"
82+
echo " COMMIT MESSAGES WITH MISSING \"debezium/dbz\" PREFIX"
83+
echo "========================================================================"
84+
echo -e "$NON_PREFIX_COMMITS"
85+
echo "PREFIX_COMMITS=false" >> $GITHUB_OUTPUT
86+
else
87+
echo "All commit messages are properly prefixed."
88+
echo "PREFIX_COMMITS=true" >> $GITHUB_OUTPUT
89+
fi
90+
91+
- name: Create Comment
92+
if: ${{ steps.check.outputs.PREFIX_COMMITS == 'false' }}
93+
uses: peter-evans/create-or-update-comment@v5
94+
with:
95+
issue-number: ${{ github.event.pull_request.number }}
96+
body: |
97+
Hi @${{ github.event.pull_request.user.login }}, thanks for your contribution. Please prefix the commit message(s) with the [debezium/dbz#xxx GitHub issue key](https://github.com/debezium/debezium/blob/main/CONTRIBUTING.md#making-changes).
98+
99+
- name: Check failure
100+
if: ${{ steps.check.outputs.PREFIX_COMMITS == 'false' }}
101+
uses: actions/github-script@v9
102+
continue-on-error: false
103+
with:
104+
script: |
105+
throw new Error('Commit has no debezium/dbz#xxx prefix')

0 commit comments

Comments
 (0)