[
https://issues.apache.org/jira/browse/HADOOP-19858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18075320#comment-18075320
]
ASF GitHub Bot commented on HADOOP-19858:
-----------------------------------------
pan3793 commented on code in PR #8412:
URL: https://github.com/apache/hadoop/pull/8412#discussion_r3121441011
##########
.github/workflows/tmpl_build_and_test.yml:
##########
@@ -0,0 +1,175 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Build and Test
+
+on:
+ workflow_call:
+ inputs:
+ java:
+ required: false
+ type: string
+ default: 17
+ branch:
+ required: false
+ type: string
+ description: Branch to run the build against
+ default: trunk
+ os:
+ required: false
+ type: string
+ description: Operating system to run the build on
+ default: ubuntu_24
+ jobs:
+ required: false
+ type: string
+ description: >-
+ Jobs to run, and should be in JSON Array format.
+ Candidates: "build-only".
+ default: '[ "build-only" ]'
+
+# Default to minimal permissions for workflow.
+permissions:
+ packages: read
+
+concurrency:
+ group: >-
+ build-and-test
+ ${{ github.workflow }}
+ ${{ github.repository == 'apache/hadoop' && github.run_id || github.ref }}
+ ${{ inputs.java }}
+ ${{ inputs.branch }}
+ ${{ inputs.os }}
+ ${{ inputs.jobs }}
+ cancel-in-progress: true
+
+env:
+ MAVEN_ARGS:
+ --batch-mode
+ --no-transfer-progress
+ -Pyarn-ui
+ -Pnative
+ -Drequire.test.libhadoop
+ -Drequire.fuse
+ -Drequire.openssl
+ -Drequire.snappy
+ -Drequire.valgrind
+ -Dmaven.test.failure.ignore=false
+
+jobs:
+ precondition:
+ name: Preparation
+ runs-on: ubuntu-24.04
+ outputs:
+ build_image_url: ${{ steps.variables.outputs.build_image_url }}
+ steps:
+ - name: Set up Outputs
+ id: variables
+ # Security: passing inputs.{os, branch} through workflow (above)
inputs removes
+ # ability to do shell injection below.
+ # See:
https://securitylab.github.com/resources/github-actions-untrusted-input/
+ run: |
+ # Convert to lowercase to meet Docker repo name requirement
+ REPO_OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]'
'[:lower:]')
+ echo "build_image_url=ghcr.io/${REPO_OWNER}/gha-build-${{ inputs.os
}}:${{ inputs.branch }}-${{ github.run_id }}" >> $GITHUB_OUTPUT
+ build-image:
+ name: Build Image ${{ inputs.os }}-${{ inputs.branch }}
+ runs-on: ubuntu-24.04
+ needs: [ precondition ]
+ # Security: this does not leak write access for our image repository to
+ # forked repos.
+ #
+ # We have `packages: write` permissions for our GITHUB_TOKEN below.
However:
+ #
+ # - For `pull_request`, GitHub downgrades GITHUB_TOKEN permissions to
+ # read-only.
+ # - For `push` triggers on a fork, the GITHUB_TOKEN retains write
+ # permissions, but the `push` is happening in the context of the fork,
not
+ # the upstream repo.
+ # - For `pull_request_target` (risky), the write permission is
+ # overridden by our repository's setting "Send write tokens to workflows
+ # from pull requests" which should be disabled.
Review Comment:
I reverted the pull that includes this comment and restored the code to the
snapshot (with additional squash to make Yetus happy) that gets approval.
So, merge this PR as-is after Yetus is happy, and revise those comments
later?
> Set up build workflow in GitHub Actions
> ---------------------------------------
>
> Key: HADOOP-19858
> URL: https://issues.apache.org/jira/browse/HADOOP-19858
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: build
> Reporter: Cheng Pan
> Priority: Major
> Labels: pull-request-available
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
