ci(github): Add workflows for PR checks

These are based on ORT's workflows. Signed-off-by: Sebastian Schuberth <[email protected]>
oss-review-toolkit · Jul 12, 2024 · 783c3c1 · 783c3c1
1 parent f1aa55e
commit 783c3c1
Show file tree

Hide file tree

Showing 3 changed files with 177 additions and 0 deletions.
diff --git a/.commitlintrc.yml b/.commitlintrc.yml
@@ -0,0 +1,67 @@
+# Commitlint configuration.
+# See: https://github.com/conventional-changelog/commitlint/blob/master/docs/reference-rules.md
+---
+parserPreset:
+  parserOpts:
+    headerPattern: '^(\w*)(?:\((.*)\))?!?: (.*)$'
+    breakingHeaderPattern: '^(\w*)(?:\((.*)\))?!: (.*)$'
+    headerCorrespondence: ['type', 'scope', 'subject']
+    noteKeywords: ['BREAKING CHANGE', 'BREAKING-CHANGE', '\[\d+\]:', 'Signed-off-by:']
+    revertPattern: '/^(?:Revert|revert:)\s"?([\s\S]+?)"?\s*This reverts commit (\w*)\./i'
+    revertCorrespondence: ['header', 'hash']
+rules:
+  body-leading-blank:
+    - 2
+    - always
+  body-max-line-length:
+    - 2
+    - always
+    - 75
+  footer-leading-blank:
+    - 2
+    - always
+  header-max-length:
+    - 2
+    - always
+    - 75
+  scope-case:
+    - 0
+  subject-case:
+    - 1
+    - always
+    - - pascal-case
+      - sentence-case
+      - start-case
+      - upper-case
+  subject-empty:
+    - 2
+    - never
+  subject-full-stop:
+    - 2
+    - never
+    - .
+  type-case:
+    - 2
+    - always
+    - lower-case
+  type-empty:
+    - 2
+    - never
+  type-enum:
+    - 2
+    - always
+    - - build
+      - chore
+      - ci
+      - deps
+      - docs
+      - feat
+      - fix
+      - perf
+      - refactor
+      - revert
+      - style
+      - test
+  signed-off-by:
+    - 2
+    - always
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -0,0 +1,64 @@
+name: Build and Test
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+env:
+  GRADLE_OPTS: -Dorg.gradle.daemon=false -Dkotest.assertions.multi-line-diff=unified
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3
+      with:
+        gradle-home-cache-cleanup: true
+    - name: Build all classes
+      run: ./gradlew classes
+  codeql-analysis:
+    needs: build
+    runs-on: ubuntu-22.04
+    permissions:
+      # Needed for SARIF scanning upload.
+      security-events: write
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3
+      with:
+        languages: java
+        tools: linked
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3
+      with:
+        gradle-home-cache-cleanup: true
+    - name: Build all classes
+      run: ./gradlew -Dorg.gradle.jvmargs=-Xmx1g classes
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3
+  test:
+    needs: build
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3
+      with:
+        gradle-home-cache-cleanup: true
+    - name: Run tests
+      run: ./gradlew --scan test funTest
+    - name: Create Test Summary
+      uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2
+      with:
+        paths: "**/test-results/**/TEST-*.xml"
+      if: always()
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -0,0 +1,46 @@
+name: Static Analysis
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+env:
+  GRADLE_OPTS: -Dorg.gradle.daemon=false
+
+jobs:
+  commit-lint:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          fetch-depth: 0
+      - name: Check Commit Messages
+        uses: wagoid/commitlint-github-action@7f0a61df502599e1f1f50880aaa7ec1e2c0592f2 # v6
+        with:
+          configFile: .commitlintrc.yml
+  detekt-issues:
+    runs-on: ubuntu-22.04
+    permissions:
+      # Needed for SARIF scanning upload.
+      security-events: write
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3
+      with:
+        gradle-home-cache-cleanup: true
+    - name: Check for Detekt Issues
+      run: ./gradlew detekt
+    - name: Check for Detekt Issues with type resolution
+      run: ./gradlew detektMain detektTest detektFunTest
+    - name: Upload SARIF File
+      uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3
+      if: always() # Upload even if the previous step failed.
+      with:
+        sarif_file: build/reports/detekt/detekt.sarif