Fix potential github action smells #2684
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
- Use fixed version for runs-on argument - Avoid jobs without timeouts - Steps should only perform a single command
There was a problem hiding this comment.
Thanks!
To me this looks reasonable. I have added a few review comments but they are mainly about formatting.
A few general points though:
- The hardcoded Ubuntu version might add some (very small) maintenance overhead due to having to remember to update it in the future
But I assume that is acceptable. - The timeouts might be a bit too low, especially since the run duration probably depends on external factors we cannot control
- "GraalVM Native Image test" should maybe have 10 minutes as timeout; for example here is a run where it took 4 minutes: https://github.com/google/gson/actions/runs/8910979694/job/24471354114
- the other jobs should probably have 5 minutes as timeout, to be safe
- It probably makes sense to apply these changes also to the other workflows under
.github/workflows
Would you like to do that as well?
@eamonnmcmanus, what do you think?
.github/workflows/build.yml
Outdated
| run: | | ||
| mvn clean install --batch-mode --no-transfer-progress -Dproguard.skip -DskipTests |
There was a problem hiding this comment.
Could simplify this by moving the command in the same line:
| run: | | |
| mvn clean install --batch-mode --no-transfer-progress -Dproguard.skip -DskipTests | |
| run: mvn clean install --batch-mode --no-transfer-progress -Dproguard.skip -DskipTests |
There was a problem hiding this comment.
I've fixed this. Also for the other files I've made the same change to keep everything consistent.
.github/workflows/build.yml
Outdated
| # Run with `-Dbuildinfo.attach=false`; otherwise `artifact:compare` fails because it creates a `.buildinfo` file which | ||
| # erroneously references the existing `.buildinfo` file (respectively because it is overwriting it, a file with size 0) | ||
| # See https://issues.apache.org/jira/browse/MARTIFACT-57 |
There was a problem hiding this comment.
Since these # Run with ... comments are only relevant for the mvn command below, it would be good to move them down (and adjust their indentation), so that they are between the name and the run below.
| @@ -65,11 +65,12 @@ jobs: | |||
| - name: "Verify no plugin issues" | |||
| run: mvn artifact:check-buildplan --batch-mode --no-transfer-progress | |||
|
|
|||
| - name: "Verify reproducible build" | |||
| - name: "Do clean install of dependencies" | |||
| # See https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility | |||
There was a problem hiding this comment.
Might be good to move this # See ... comment above the name: "Do clean ... since it applies to both steps now and not just the mvn clean install.
There was a problem hiding this comment.
Ah oke yes makes sense. I've updated this.
.github/workflows/build.yml
Outdated
| @@ -65,11 +65,12 @@ jobs: | |||
| - name: "Verify no plugin issues" | |||
| run: mvn artifact:check-buildplan --batch-mode --no-transfer-progress | |||
|
|
|||
| - name: "Verify reproducible build" | |||
| - name: "Do clean install of dependencies" | |||
There was a problem hiding this comment.
This should probably rather say "Build project" or similar.
In Maven install is a lifecycle phase, and it includes all previous phases and therefore performs a full build (except for deployment), see https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html#a-build-lifecycle-is-made-up-of-phases
There was a problem hiding this comment.
Thank you for the suggestion, changed it!
- Increase timeout - Change name for build step - Move documentation closer to run.
- Use fixed version for runs-on argument - Avoid jobs without timeouts - Steps should only perform a single command
|
@Marcono1234 Thank you for the review! I've made the changes you've suggested, including bumping the timeouts. I've also made the same fixes to the other workflow files! |
|
Thank you for doing this! Overall it looks good, but I'm not entirely convinced by this:
Would Dependabot or something else notify us if the latest supported version changes? Otherwise I'm afraid we'll never think to update it. I think I might rather discover that an Ubuntu update breaks our build as soon as it happens rather than months later, even if that means the CI mysteriously failing. |
| mvn --batch-mode --no-transfer-progress org.codehaus.mojo:versions-maven-plugin:2.11.0:set -DnewVersion=JAPICMP-OLD | ||
| # Install artifacts with dummy version in local repository; used later by Maven plugin for comparison | ||
| mvn --batch-mode --no-transfer-progress install -DskipTests | ||
| - name: Set dummy version |
There was a problem hiding this comment.
Maybe the "used later by Maven plugin for comparison" should be preserved in some way (e.g. as comment) to make it clearer why this is done.
What about this?
| - name: Set dummy version | |
| # First sets a dummy project version, then installs the artifacts with that version in the local | |
| # Maven repository, and in a later step uses it as 'old version' for the API compatibility check. | |
| - name: Set dummy version |
No, that does not seem to be supported yet, see dependabot/dependabot-core#7182. |
Thanks for that pointer. In that case, I'd suggest we leave this part as it is (with |
Purpose
Hey! 🙂
I've made the following changes to your workflow:
(These changes are part of a research Study at TU Delft looking at GitHub Action Smells. Find out more)
Description
Checklist
This is automatically checked by
mvn verify, but can also be checked on its own usingmvn spotless:check.Style violations can be fixed using
mvn spotless:apply; this can be done in a separate commit to verify that it did not cause undesired changes.null@since $next-version$(
$next-version$is a special placeholder which is automatically replaced during release)TestCase)mvn clean verify javadoc:jarpasses without errors