Add testing latest changes using Maven Local #410
Conversation
… job to Verify Build workflow
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
ribafish
changed the title
I have, but it kinda seemed nice to apply it to itself :D On a second thought, it might make more sense to have a sample project, esp as I'll do the same for CCUD Maven and sbt if/when this is merged, we just need to agree on what to do. |
|
Actually, I created a sample project and was ready to open a different PR...but I'm not sure I'd include a sample project, in which we define |
That's why I would recommend building the sample project with CCUD plugin as an included build, you would get it applied without the need to publish to Maven local, nor specifying the version |
Hm, yes, that's also a possibility...but I still wouldn't call that a sample project 😄 more like integration test project.. |
|
I don't think we should confuse sample projects and projects used for testing. I also don't think we should use included builds as it's not how the plugin is consumed by users. What about writing out a minimal build file to a temporary directory and running the test there? Something like this is all you need: pluginManagement {
repositories {
mavenLocal()
gradlePluginPortal()
}
}
plugins {
id("com.gradle.develocity") version "4.0.2"
id("com.gradle.common-custom-user-data-gradle-plugin") version "..."
}
develocity {
server = "https://ge.solutions-team.gradle.com"Then run |
ribafish
force-pushed
the
gk/ghaSelfTest
branch
3 times, most recently
from
d077948 to
6f5f5f2
Compare
Good idea, probably the least convoluted and clearest among the discussed. I've implemented it, this is the run with it. |
| DISABLE_REQUIRED_SIGNING: true | ||
| - name: Create a test project | ||
| run: | | ||
| mkdir test-project |
There was a problem hiding this comment.
I suggest using runner.temp to avoid dirtying the working directory.
| develocity-access-key: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }} | ||
| - name: Publish to maven local | ||
| id: publish-to-maven-local | ||
| run: ./gradlew clean publishToMavenLocal -Dgradle.cache.remote.push=false |
There was a problem hiding this comment.
Did you consider adding the publish to the previous job, then storing/restoring the artifact? That way we test the exact artifact that was build/tested and wouldn't require invoking Gradle here.
| repositories { | ||
| mavenLocal() | ||
| gradlePluginPortal() | ||
| } |
There was a problem hiding this comment.
Since this test job should fail if CCUD ends up resolved from the portal instead of maven local as we expect, we could declare that CCUD should be found exclusively in maven local
…ccud exclusively from mavenLocal
| name: Test with Locally Published Plugin | ||
| runs-on: ubuntu-latest | ||
| needs: verification | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Set up JDK 21 | ||
| uses: actions/setup-java@v4 | ||
| with: | ||
| java-version: '21' | ||
| distribution: 'temurin' | ||
| - name: Set up Gradle | ||
| uses: gradle/actions/setup-gradle@v4 | ||
| with: | ||
| develocity-access-key: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }} | ||
| - name: Download plugin to maven local | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: common-custom-user-data-gradle-plugin | ||
| path: ~/.m2/repository/com/gradle | ||
| - name: Create a test project | ||
| run: | | ||
| echo """ | ||
| pluginManagement { | ||
| repositories { | ||
| gradlePluginPortal() | ||
| exclusiveContent { | ||
| forRepository { | ||
| mavenLocal() | ||
| } | ||
| filter { | ||
| includeModule(\"com.gradle\", \"common-custom-user-data-gradle-plugin\") | ||
| includeModule(\"com.gradle.common-custom-user-data-gradle-plugin\", \"com.gradle.common-custom-user-data-gradle-plugin.gradle.plugin\") | ||
| } | ||
| } | ||
| } | ||
| } | ||
| plugins { | ||
| id(\"com.gradle.develocity\") version \"4+\" | ||
| id(\"com.gradle.common-custom-user-data-gradle-plugin\") version \"2+\" | ||
| } | ||
| develocity { | ||
| server = \"https://ge.solutions-team.gradle.com\" | ||
| } | ||
| rootProject.name = \"ccud-gradle-integration-test\" | ||
| """ > ${{ runner.temp }}/settings.gradle.kts | ||
| - name: Run a build with the locally published plugin | ||
| id: build-with-local-plugin | ||
| run: gradle help | ||
| working-directory: ${{ runner.temp }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To resolve this issue, we should add an explicit permissions block at the root of the workflow and/or for specific jobs. Since the jobs in this workflow mainly interact with artifacts, Gradle, and Maven, the required permissions are minimal. For instance:
- Add
contents: readto allow the workflow to read repository contents if necessary. - Add other permissions only if required for the workflow to function correctly.
The permissions block can be added at the top level of the workflow file to apply to all jobs by default or specified individually for each job. In this case, we will add a permissions block at the root level to ensure all jobs share the same minimal permissions.
| @@ -2,6 +2,9 @@ | ||
|
|
||
| on: [ push, pull_request, workflow_dispatch ] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| verification: | ||
| name: Verification |
4 participants
Added a Publish to Maven Local and Test with Locally Published Plugin job to Verify Build workflow. This will publish the latest changes to Maven Local, modify
settings.gradle.ktsto use the locally published plugin and run a regular build, effectively giving us a build, built with the latest changes of CCUD Gradle plugin.I implemented it by modifying the CCUD version applied to the build to be dynamic (2+). I added this to the
build-verification.ymlworkflow. If you feel this makes more sense to live separately, let me know.Once this is merged, I will add a similar thing to CCUD Maven and sbt.