This is an automated email from the ASF dual-hosted git repository. pkarwasz pushed a commit to branch feature/reproducibility-check in repository https://gitbox.apache.org/repos/asf/logging-parent.git
commit ca3a9f8c079f19c61e3ff217ce1ab80aa6c92bd4 Author: Piotr P. Karwasz <[email protected]> AuthorDate: Thu Oct 17 10:23:07 2024 +0200 Add separate reproducibility check workflow Adds a reproducibility check workflow based on a Nexus repository and not the local Maven repo. We also deprecate the reproducibility check in `build-reusable.yaml`. --- .github/workflows/build-reusable.yaml | 3 +- .../workflows/verify-reproducibility-reusable.yaml | 87 ++++++++++++++++++++++ .../.11.x.x/verify_reproducibility_reusable.xml | 11 +++ src/site/antora/modules/ROOT/pages/features.adoc | 4 +- 4 files changed, 103 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-reusable.yaml b/.github/workflows/build-reusable.yaml index 6b0b488..8862bcc 100644 --- a/.github/workflows/build-reusable.yaml +++ b/.github/workflows/build-reusable.yaml @@ -33,6 +33,7 @@ on: type: string reproducibility-check-enabled: description: Runs a reproducibility check on the build + deprecationMessage: Use `verify-reproducibility-reusable` instead default: true type: boolean site-enabled: @@ -115,7 +116,7 @@ jobs: --show-version --batch-mode --errors --no-transfer-progress \ -DtrimStackTrace=false \ -DinstallAtEnd=true \ - clean install + clean ${{ inputs.reproducibility-check-enabled && 'install' || 'verify' }} # We upload tests results. - name: Upload test reports diff --git a/.github/workflows/verify-reproducibility-reusable.yaml b/.github/workflows/verify-reproducibility-reusable.yaml new file mode 100644 index 0000000..e023161 --- /dev/null +++ b/.github/workflows/verify-reproducibility-reusable.yaml @@ -0,0 +1,87 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: verify-reproducibility-reusable + +on: + workflow_call: + inputs: + java-version: + description: The Java compiler version + default: 17 + type: string + maven-args: + description: Additional Maven arguments + type: string + nexus-url: + description: The URL of the reference Nexus repository + type: string + ref: + description: The branch, tag or SHA to checkout + default: ${{ github.ref }} + type: string + runner: + description: The type of runner to use + default: ubuntu-latest + type: string + +env: + MAVEN_ARGS: ${{ inputs.maven-args }} + +jobs: + + build: + + runs-on: ${{ inputs.runner }} + + steps: + + - name: Checkout repository + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # 4.2.1 + with: + ref: ${{ inputs.ref }} + + - name: Set up Java + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # 4.4.0 + with: + distribution: zulu + java-version: ${{ inputs.java-version }} + cache: maven + + # `clean verify artifact:compare` is required to generate the build reproducibility report. + # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility + - name: Verify build reproducibility + shell: bash + run: | + ./mvnw \ + --show-version --batch-mode --errors --no-transfer-progress \ + -DskipTests=true \ + -Dreference.repo=${{ inputs.nexus-url }} \ + clean verify artifact:compare + + # Upload reproducibility results if the build fails. + - name: Upload reproducibility results + if: failure() + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # 4.4.3 + with: + name: reproducibility-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}} + path: | + **/target/bom.xml + **/target/*.buildcompare + **/target/*.jar + **/target/*.zip + **/target/reference/** diff --git a/src/changelog/.11.x.x/verify_reproducibility_reusable.xml b/src/changelog/.11.x.x/verify_reproducibility_reusable.xml new file mode 100644 index 0000000..e978f63 --- /dev/null +++ b/src/changelog/.11.x.x/verify_reproducibility_reusable.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns="https://logging.apache.org/xml/ns"; + xsi:schemaLocation="https://logging.apache.org/xml/ns https://logging.apache.org/xml/ns/log4j-changelog-0.xsd"; + type="changed"> + <issue id="246" link="https://github.com/apache/logging-parent/pull/246"/> + <description format="asciidoc"> + Adds a `verify_reproducibility-reusable.yaml` workflow to check reproducibility of artifacts in a Maven repo. + Deprecates the reproducibility check in `build-reusable.yaml`. + </description> +</entry> diff --git a/src/site/antora/modules/ROOT/pages/features.adoc b/src/site/antora/modules/ROOT/pages/features.adoc index 0d19572..f421823 100644 --- a/src/site/antora/modules/ROOT/pages/features.adoc +++ b/src/site/antora/modules/ROOT/pages/features.adoc @@ -53,7 +53,6 @@ The provided reusable GitHub Actions workflows feature the following convenience {project-github-url}/blob/main/.github/workflows/build-reusable.yaml[`build-reusable.yaml`]:: * Compiles using the specified Java compiler version -* Verifies reproducibility * Submits build scans to the Develocity server {project-github-url}/blob/main/.github/workflows/deploy-release-reusable.yaml[`deploy-release-reusable.yaml`]:: @@ -72,6 +71,9 @@ The provided reusable GitHub Actions workflows feature the following convenience {project-github-url}/blob/main/.github/workflows/merge-dependabot-reusable.yaml[`merge-dependabot-reusable.yaml`]:: * Merges `dependabot` PRs along with changelog entries +{project-github-url}/blob/main/.github/workflows/merge-dependabot-reusable.yaml[`verify-reproducibility-reusable.yaml`]:: +* Verifies reproducibility of a previous deployment workflow. + [#release-instructions] === Release instructions
