Поддержка запуска анализа форков по метке

.github/workflows/build.yml

@@ -0,0 +1,104 @@
+name: Reusable build with analyze
+
+on:
+  workflow_call:
+    inputs:
+      analyze:
+        default: false
+        required: false
+        type: boolean
+    secrets:
+      sonar_token:
+        required: true
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      if: inputs.analyze
+      with:
+        fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+        ref: ${{ github.event.pull_request.head.sha }}
+    - uses: actions/checkout@v2
+        if: ${{ !inputs.analyze }}
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v1
+      with:
+        java-version: 11
+        java-package: jdk+fx
+
+    - name: Free disk space
+      run: |
+        sudo swapoff -a
+        sudo rm -f /swapfile
+        sudo apt clean
+        docker rmi $(docker image ls -aq)
+        df -h
+
+    - name: Cache maven repo
+      uses: actions/cache@v2
+      if: github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-latest-${{ hashFiles('**/pom.xml') }}-${{ hashFiles('targets/default/default.target') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-latest-
+
+    - name: Cache SonarCloud packages
+      uses: actions/cache@v2
+      if: inputs.analyze
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+  
+    - name: Build with Maven
+      env:
+        # Do not start Sonar-scanning for forks without label
+        SONAR_PARAM: "${{ inputs.analyze && 'org.sonarsource.scanner.maven:sonar-maven-plugin:sonar' || '' }}"
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ secrets.sonar_token }}
+      working-directory: ./
+      run: |
+        Xvfb :5 -screen 0 1280x1024x8 -fbdir /tmp &
+        export DISPLAY=:5
+        echo "Sonar param: \"${SONAR_PARAM}\""
+        mvn clean verify ${SONAR_PARAM} -PSDK,find-bugs -Dtycho.localArtifacts=ignore -B -V -T 1C
+
+    - name: Publish Test Report
+      uses: scacap/action-surefire-report@v1
+      if: inputs.analyze
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    
+    - name: Upload repo
+      uses: actions/upload-artifact@v2
+      with:
+        name: v8-code-style-repository
+        path: repositories/com.e1c.v8codestyle.repository/target/repository/
+        
+    - name: Upload SDK repo
+      uses: actions/upload-artifact@v2
+      with:
+        name: v8-code-style-repository-sdk
+        path: repositories/com.e1c.v8codestyle.repository.sdk/target/repository/
+    
+    - name: Upload JaCoCo exec data
+      uses: actions/upload-artifact@v2
+      if: always()
+      with:
+        name: jacoco
+        path: |
+          ./**/target/jacoco.exec
+          ./**/target/site/jacoco*/
+    
+    - name: Upload test logs on failure
+      uses: actions/upload-artifact@v2
+      if: failure()
+      with:
+        name: logs
+        path: ./**/.log

.github/workflows/ci-build.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - master
+      - release/*
   pull_request:
     branches: 
       - '*'
@@ -11,92 +12,10 @@ on:
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-
-    - name: Set up JDK 11
-      uses: actions/setup-java@v1
-      with:
-        java-version: 11
-        java-package: jdk+fx
-        server-id: dt_repository
-        server-username: MAVEN_USERNAME
-        server-password: MAVEN_CENTRAL_TOKEN
-
-    - name: Free disk space
-      run: |
-        sudo swapoff -a
-        sudo rm -f /swapfile
-        sudo apt clean
-        docker rmi $(docker image ls -aq)
-        df -h
-
-    - name: Cache maven repo
-      uses: actions/cache@v2
-      if: github.event_name == 'push' || github.event_name == 'pull_request'
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-latest-${{ hashFiles('**/pom.xml') }}-${{ hashFiles('targets/latest/latest.target') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-latest-
-
-    - name: Cache SonarCloud packages
-      uses: actions/cache@v2
-      if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.event.repository.full_name
-      with:
-        path: ~/.sonar/cache
-        key: ${{ runner.os }}-sonar
-        restore-keys: ${{ runner.os }}-sonar
-  
-    - name: Build with Maven
-      env:
-        MAVEN_USERNAME: ${{ secrets.P2_USER }}
-        MAVEN_CENTRAL_TOKEN: ${{ secrets.P2_TOKEN }}
-        # Do not start Sonar-scanning for forks
-        SONAR_PARAM: "${{ (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.event.repository.full_name) && 'org.sonarsource.scanner.maven:sonar-maven-plugin:sonar' || '' }}"
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      working-directory: ./
-      run: |
-        Xvfb :5 -screen 0 1280x1024x8 -fbdir /tmp &
-        export DISPLAY=:5
-        echo "Sonar param: \"${SONAR_PARAM}\""
-        mvn clean verify ${SONAR_PARAM} -PSDK,find-bugs -Dtycho.localArtifacts=ignore -B -V -T 1C
-
-    - name: Publish Test Report
-      uses: scacap/action-surefire-report@v1
-      if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.event.repository.full_name
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-    
-    - name: Upload repo
-      uses: actions/upload-artifact@v2
-      with:
-        name: v8-code-style-repository
-        path: repositories/com.e1c.v8codestyle.repository/target/repository/
-        
-    - name: Upload SDK repo
-      uses: actions/upload-artifact@v2
-      with:
-        name: v8-code-style-repository-sdk
-        path: repositories/com.e1c.v8codestyle.repository.sdk/target/repository/
-    
-    - name: Upload JaCoCo exec data
-      uses: actions/upload-artifact@v2
-      if: always()
-      with:
-        name: jacoco
-        path: |
-          ./**/target/jacoco.exec
-          ./**/target/site/jacoco*/
-    
-    - name: Upload test logs on failure
-      uses: actions/upload-artifact@v2
-      if: failure()
-      with:
-        name: logs
-        path: ./**/.log
+    # This build will run on master,release/* push, local PR and PR from forks without label Analyze
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.event.repository.full_name  || !contains(github.event.pull_request.labels.*.name, 'Analyze')
+    uses: 1C-company/v8-code-style/.github/workflows/build.yml@master
+    with:
+      analyze: ${{ github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.event.repository.full_name }}
+    secrets:
+      sonar_token: ${{ secrets.SONAR_TOKEN }}

.github/workflows/fork-pull.yml

@@ -0,0 +1,17 @@
+name: CI Analyze in forks
+
+on: 
+  # This event allows to use Sonar analyzing PR from forks by adding label
+  pull_request_target:
+    types: [opened, synchronize, reopened, labeled]
+
+jobs:
+  build:
+    # This build with analyze will run only on forks PR with label "Analyze"
+    if: github.event.pull_request.head.repo.full_name != github.event.repository.full_name && contains(github.event.pull_request.labels.*.name, 'Analyze')
+    uses: 1C-company/v8-code-style/.github/workflows/build.yml@master
+    with:
+      analyze: true
+    secrets:
+      sonar_token: ${{ secrets.SONAR_TOKEN }}
+

.github/workflows/release.yml

@@ -18,9 +18,6 @@ jobs:
       with:
         java-version: 11
         java-package: jdk+fx
-        server-id: dt_repository
-        server-username: MAVEN_USERNAME
-        server-password: MAVEN_CENTRAL_TOKEN
 
     - name: Cache maven repo
       uses: actions/cache@v1
@@ -32,9 +29,6 @@ jobs:
           ${{ runner.os }}-maven-base-  
   
     - name: Build with Maven
-      env:
-        MAVEN_USERNAME: ${{ secrets.P2_USER }}
-        MAVEN_CENTRAL_TOKEN: ${{ secrets.P2_TOKEN }}
       working-directory: ./
       run: |
         Xvfb :5 -screen 0 1280x1024x8 -fbdir /tmp &