diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml deleted file mode 100644 index f546111133..0000000000 --- a/.github/workflows/actionlint.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: actionlint -permissions: read-all -on: [ push, pull_request ] - -jobs: - actionlint: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.github.com:443 - github.com:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: actionlint - uses: reviewdog/action-actionlint@08ef4afa963243489a457cca426f705ce4e0d1a5 # v1.60.0 - env: - SHELLCHECK_OPTS: -e SC2001 -e SC2035 -e SC2046 -e SC2061 -e SC2086 -e SC2156 - with: - reporter: github-check - github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml deleted file mode 100644 index 2bb936fba5..0000000000 --- a/.github/workflows/analysis.yml +++ /dev/null @@ -1,79 +0,0 @@ -name: analysis -permissions: read-all -on: [ push, pull_request ] - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - ALLOWED_ENDPOINTS: > - api.adoptium.net:443 - api.github.com:443 - caffeine.gradle-enterprise.cloud:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - github.com:443 - jcenter.bintray.com:443 - objects.githubusercontent.com:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - services.gradle.org:443 - -jobs: - forbiddenApis: - runs-on: ubuntu-latest - env: - JAVA_VERSION: 23 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Forbidden Apis - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - arguments: forbiddenApis -DforbiddenApis - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - pmd: - runs-on: ubuntu-latest - env: - JAVA_VERSION: 23 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Pmd - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: pmdJavaPoet pmdMain pmdCodeGen pmdJmh pmdTest -Dpmd - - spotbugs: - runs-on: ubuntu-latest - env: - JAVA_VERSION: 23 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Spotbugs - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - spotbugsJavaPoet spotbugsMain spotbugsCodeGen spotbugsJmh spotbugsTest -Dspotbugs diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml deleted file mode 100644 index 2f56447956..0000000000 --- a/.github/workflows/benchmarks.yml +++ /dev/null @@ -1,205 +0,0 @@ -name: benchmarks -permissions: read-all -on: [ push, pull_request ] - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - PUBLISH_JDK: 21 - -jobs: - benchmarks: - runs-on: ubuntu-latest - strategy: - matrix: - java: [ 11, 21, 25, GraalVM ] - env: - JAVA_VERSION: ${{ matrix.java }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.adoptium.net:443 - api.github.com:443 - caffeine.gradle-enterprise.cloud:443 - download.java.net:443 - download.oracle.com:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - gds.oracle.com:443 - github.com:443 - jcenter.bintray.com:443 - objects.githubusercontent.com:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - raw.githubusercontent.com:443 - services.gradle.org:443 - www.graalvm.org:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Compute JMH Benchmark - uses: ./.github/actions/run-gradle - with: - java: ${{ matrix.java }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - caffeine:jmh - --no-configuration-cache - -PincludePattern=ComputeBenchmark - -PbenchmarkParameters=computeType=Caffeine,Guava,ConcurrentHashMap - - name: Upload Compute JMH Results to Gist - uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 - if: > - github.event_name == 'push' - && github.event.repository.fork == false - continue-on-error: true - with: - auth: ${{ secrets.GIST_TOKEN }} - gist_description: Compute JMH Results - gist_title: compute_results_${{ matrix.java }}.json - github_file: ./caffeine/build/reports/jmh/results.json - gist_url: https://gist.githubusercontent.com/ben-manes/511298014cc5629cbc5e57f09fd4c430 - - name: Get/Put JMH Benchmark - uses: ./.github/actions/run-gradle - with: - java: ${{ matrix.java }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - caffeine:jmh - --no-configuration-cache - -PincludePattern=GetPutBenchmark - -PbenchmarkParameters=cacheType=Caffeine,Guava,ConcurrentHashMap - - name: Upload Get/Put JMH Results to Gist - uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 - if: > - github.event_name == 'push' - && github.event.repository.fork == false - continue-on-error: true - with: - auth: ${{ secrets.GIST_TOKEN }} - gist_description: Get/Put JMH Results - gist_title: getput_results_${{ matrix.java }}.json - github_file: ./caffeine/build/reports/jmh/results.json - gist_url: https://gist.githubusercontent.com/ben-manes/b231cf57cf8e144e2247716e777edcf3 - - name: Put/Remove JMH Benchmark - uses: ./.github/actions/run-gradle - with: - java: ${{ matrix.java }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - caffeine:jmh - --no-configuration-cache - -PincludePattern=PutRemoveBenchmark - -PbenchmarkParameters=cacheType=Caffeine,Guava,ConcurrentHashMap - - name: Upload Put/Remove JMH Results to Gist - uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 - if: > - github.event_name == 'push' - && github.event.repository.fork == false - continue-on-error: true - with: - auth: ${{ secrets.GIST_TOKEN }} - gist_description: Put/Remove JMH Results - gist_title: putremove_results_${{ matrix.java }}.json - github_file: ./caffeine/build/reports/jmh/results.json - gist_url: https://gist.githubusercontent.com/ben-manes/1359c399cb717e81976ee635c513340b - - name: EvictionBenchmark JMH Benchmark - uses: ./.github/actions/run-gradle - with: - java: ${{ matrix.java }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - caffeine:jmh - --no-configuration-cache - -PincludePattern=EvictionBenchmark - -PbenchmarkParameters=cacheType=Caffeine,Guava - - name: Upload EvictionBenchmark JMH Results to Gist - uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 - if: > - github.event_name == 'push' - && github.event.repository.fork == false - continue-on-error: true - with: - auth: ${{ secrets.GIST_TOKEN }} - gist_description: Eviction JMH Results - gist_title: eviction_results_${{ matrix.java }}.json - github_file: ./caffeine/build/reports/jmh/results.json - gist_url: https://gist.githubusercontent.com/ben-manes/2f5b54540c2e67edc0d1a7f28a1139f5 - - name: FrequencySketch JMH Benchmark - uses: ./.github/actions/run-gradle - with: - java: ${{ matrix.java }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - caffeine:jmh - --no-configuration-cache - -PincludePattern=FrequencySketchBenchmark - - name: Upload FrequencySketch JMH Results to Gist - uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 - if: > - github.event_name == 'push' - && github.event.repository.fork == false - continue-on-error: true - with: - auth: ${{ secrets.GIST_TOKEN }} - gist_description: FrequencySketch JMH Results - gist_title: freq_results_${{ matrix.java }}.json - github_file: ./caffeine/build/reports/jmh/results.json - gist_url: https://gist.githubusercontent.com/ben-manes/f93df1b66aa210bc23a1e672ef9bee16 - - name: TimerWheelBenchmark JMH Benchmark - uses: ./.github/actions/run-gradle - with: - java: ${{ matrix.java }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - caffeine:jmh - --no-configuration-cache - -PincludePattern=TimerWheelBenchmark - - name: Upload TimerWheelBenchmark JMH Results to Gist - uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 - if: > - github.event_name == 'push' - && github.event.repository.fork == false - continue-on-error: true - with: - auth: ${{ secrets.GIST_TOKEN }} - gist_description: TimerWheel JMH Results - gist_title: timerwheel_results_${{ matrix.java }}.json - github_file: ./caffeine/build/reports/jmh/results.json - gist_url: https://gist.githubusercontent.com/ben-manes/9abafdbc76fe34c0e63cef386b0b9ac0 - - name: Publish JMH benchmarks - if: > - matrix.java == env.PUBLISH_JDK - && github.event_name == 'push' - run: | - { - echo '#### [Compute](https://jmh.morethan.io/?gists=511298014cc5629cbc5e57f09fd4c430)' - echo -n 'This benchmark that evaluates the overhead due to locking when the entry is ' - echo -n 'present. The scenarios graphed are all threads retrieving a single entry ' - echo -n '("sameKey") and threads retrieving different keys based on a Zipf ' - echo -n 'distribution ("spread").' - echo -e '\n' - echo '#### [Get/Put](https://jmh.morethan.io/?gists=b231cf57cf8e144e2247716e777edcf3)' - echo -n 'A benchmark that evaluates the read/write performance of a cache. The cache ' - echo -n 'is pre-populated for a 100% hit rate and a Zipf distribution of keys is used ' - echo -n 'to mimic application usage patterns.' - echo -e '\n' - echo '#### [Put/Remove](https://jmh.morethan.io/?gists=1359c399cb717e81976ee635c513340b)' - echo -n 'A benchmark that evaluates the insert/update/remove performance of a cache. ' - echo -n 'A Zipf distribution of keys is used but it is unpredictable if the entry is ' - echo -n 'present given the competing operations.' - echo -e '\n' - echo '#### [Eviction](https://jmh.morethan.io/?gists=2f5b54540c2e67edc0d1a7f28a1139f5)' - echo -n 'A benchmark that evaluates the evictions rate by always inserting a new entry.' - echo -e '\n' - echo '#### [FrequencySketch](https://jmh.morethan.io/?gists=f93df1b66aa210bc23a1e672ef9bee16)' - echo -n 'A benchmark that evaluates the performance of a frequency sketch for use by ' - echo -n 'size eviction.' - echo -e '\n' - echo '#### [TimerWheel](https://jmh.morethan.io/?gists=9abafdbc76fe34c0e63cef386b0b9ac0)' - echo -n 'A benchmark that evaluates the performance of the timer wheel for use by ' - echo -n 'variable expiration.' - } >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 3214b425df..0000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,368 +0,0 @@ -name: build -on: - pull_request: {} - push: - branches: [master, v2.dev, v3.dev] -permissions: read-all - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - ALLOWED_ENDPOINTS: > - *.actions.githubusercontent.com:443 - api.adoptium.net:443 - api.github.com:443 - api.snapcraft.io:443 - caffeine.gradle-enterprise.cloud:443 - cdn.azul.com:443 - cloudflare.com:443 - docker.io:443 - download.java.net:443 - download.oracle.com:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - gds.oracle.com:443 - ghcr.io:443 - github.com:443 - jdk.java.net:443 - jcenter.bintray.com:443 - objects.githubusercontent.com:443 - oss.sonatype.org:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - raw.githubusercontent.com:443 - registry.npmjs.org:443 - repo.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - scans-in.gradle.com:443 - services.gradle.org:443 - schemastore.org:443 - www.graalvm.org:443 - PUBLISH_JDK: 11 - -jobs: - compile: - name: Compile - timeout-minutes: 15 - runs-on: ubuntu-latest - strategy: - matrix: - java: [ 11, 23, 25, GraalVM ] - env: - JAVA_VERSION: ${{ matrix.java }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Compile - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - arguments: check -x test ${{ env.GRADLE_ARGS }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - name: Cancel if failed - uses: andymckay/cancel-action@a955d435292c0d409d104b57d8e78435a93a6ef1 # 0.5 - continue-on-error: true - if: failure() - - tests: - name: Tests - timeout-minutes: 60 - runs-on: ubuntu-latest - needs: compile - strategy: - matrix: - suite: - - caffeine:weakKeysAndStrongValuesStatsAsyncCaffeineSlowTest - - caffeine:weakKeysAndStrongValuesStatsSyncCaffeineSlowTest - - caffeine:strongKeysAndWeakValuesStatsSyncCaffeineSlowTest - - caffeine:strongKeysAndSoftValuesStatsSyncCaffeineSlowTest - - caffeine:strongKeysAndStrongValuesStatsAsyncCaffeineTest - - caffeine:weakKeysAndWeakValuesStatsSyncCaffeineSlowTest - - caffeine:weakKeysAndSoftValuesStatsSyncCaffeineSlowTest - - caffeine:strongKeysAndStrongValuesStatsSyncCaffeineTest - - caffeine:weakKeysAndStrongValuesStatsAsyncCaffeineTest - - caffeine:weakKeysAndStrongValuesStatsSyncCaffeineTest - - caffeine:weakKeysAndStrongValuesAsyncCaffeineSlowTest - - caffeine:strongKeysAndWeakValuesStatsSyncCaffeineTest - - caffeine:strongKeysAndSoftValuesStatsSyncCaffeineTest - - caffeine:weakKeysAndStrongValuesSyncCaffeineSlowTest - - caffeine:strongKeysAndWeakValuesSyncCaffeineSlowTest - - caffeine:strongKeysAndSoftValuesSyncCaffeineSlowTest - - caffeine:weakKeysAndWeakValuesStatsSyncCaffeineTest - - caffeine:weakKeysAndSoftValuesStatsSyncCaffeineTest - - caffeine:strongKeysAndStrongValuesAsyncCaffeineTest - - caffeine:weakKeysAndWeakValuesSyncCaffeineSlowTest - - caffeine:weakKeysAndSoftValuesSyncCaffeineSlowTest - - caffeine:strongKeysAndStrongValuesSyncCaffeineTest - - caffeine:weakKeysAndStrongValuesAsyncCaffeineTest - - caffeine:weakKeysAndStrongValuesSyncCaffeineTest - - caffeine:strongKeysAndWeakValuesSyncCaffeineTest - - caffeine:strongKeysAndSoftValuesSyncCaffeineTest - - caffeine:weakKeysAndWeakValuesSyncCaffeineTest - - caffeine:weakKeysAndSoftValuesSyncCaffeineTest - - caffeine:lincheckTest - - caffeine:isolatedTest - - caffeine:junitTest - - simulator:check - - jcache:check - - guava:check - java: [ 11, 23 ] - include: - - suite: caffeine:weakKeysAndStrongValuesStatsSyncGuavaSlowTest - java: 11 - - suite: caffeine:strongKeysAndWeakValuesStatsSyncGuavaSlowTest - java: 11 - - suite: caffeine:strongKeysAndSoftValuesStatsSyncGuavaSlowTest - java: 11 - - suite: caffeine:weakKeysAndWeakValuesStatsSyncGuavaSlowTest - java: 11 - - suite: caffeine:weakKeysAndSoftValuesStatsSyncGuavaSlowTest - java: 11 - - suite: caffeine:strongKeysAndStrongValuesStatsSyncGuavaTest - java: 11 - - suite: caffeine:weakKeysAndStrongValuesStatsSyncGuavaTest - java: 11 - - suite: caffeine:strongKeysAndWeakValuesStatsSyncGuavaTest - java: 11 - - suite: caffeine:strongKeysAndSoftValuesStatsSyncGuavaTest - java: 11 - - suite: caffeine:weakKeysAndStrongValuesSyncGuavaSlowTest - java: 11 - - suite: caffeine:strongKeysAndWeakValuesSyncGuavaSlowTest - java: 11 - - suite: caffeine:strongKeysAndSoftValuesSyncGuavaSlowTest - java: 11 - - suite: caffeine:weakKeysAndWeakValuesStatsSyncGuavaTest - java: 11 - - suite: caffeine:weakKeysAndSoftValuesStatsSyncGuavaTest - java: 11 - - suite: caffeine:weakKeysAndWeakValuesSyncGuavaSlowTest - java: 11 - - suite: caffeine:weakKeysAndSoftValuesSyncGuavaSlowTest - java: 11 - - suite: caffeine:strongKeysAndStrongValuesSyncGuavaTest - java: 11 - - suite: caffeine:weakKeysAndStrongValuesSyncGuavaTest - java: 11 - - suite: caffeine:strongKeysAndWeakValuesSyncGuavaTest - java: 11 - - suite: caffeine:strongKeysAndSoftValuesSyncGuavaTest - java: 11 - - suite: caffeine:weakKeysAndWeakValuesSyncGuavaTest - java: 11 - - suite: caffeine:weakKeysAndSoftValuesSyncGuavaTest - java: 11 - - suite: caffeine:fuzzTest - java: 11 - env: - JAVA_VERSION: ${{ matrix.java }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Run tests (${{ env.JAVA_VERSION }}) - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - arguments: ${{ matrix.suite }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - name: Format Test Artifact Name - if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) - run: | - RAW_NAME=${{ matrix.suite }}-${{ env.JAVA_VERSION }} - ARTIFACT_NAME=$(echo $RAW_NAME | sed 's/:/-/g') - echo "ARTIFACT_NAME=$ARTIFACT_NAME" >> $GITHUB_ENV - - name: Compress test results - if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) - run: > - find . -path */jacoco/*.exec -o -path */results/*.xml - | tar czf ${{ env.ARTIFACT_NAME }}.tar.gz --files-from - - - name: Upload test results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 - if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) - with: - retention-days: 1 - name: ${{ env.ARTIFACT_NAME }}-results - path: ${{ env.ARTIFACT_NAME }}.tar.gz - - name: Cancel if failed - uses: andymckay/cancel-action@a955d435292c0d409d104b57d8e78435a93a6ef1 # 0.5 - continue-on-error: true - if: failure() - - coverage: - name: Coverage - runs-on: ubuntu-latest - needs: tests - if: (github.event_name == 'push') && (github.event.repository.fork == false) - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - ${{ env.ALLOWED_ENDPOINTS }} - artifacts.codacy.com:443 - api.codacy.com:443 - app.deepsource.com:443 - codecov.io:443 - coveralls.io:443 - deepsource.io:443 - fastly.com:443 - nodejs.org:443 - raw.githubusercontent.com - sonarcloud.io:443 - scanner.sonarcloud.io:443 - storage.googleapis.com:443 - uploader.codecov.io:443 - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - - name: Download Tests Results - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - - name: Decompress - run: find . -type f -name '*.tar.gz' -exec sh -c 'tar -zxf {} --one-top-level' \; - - name: Combine Jacoco Reports - uses: ./.github/actions/run-gradle - with: - arguments: check -x test - java: ${{ env.PUBLISH_JDK }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - name: Publish to Coveralls - uses: ./.github/actions/run-gradle - env: - COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} - with: - arguments: coveralls - java: ${{ env.PUBLISH_JDK }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - continue-on-error: true - - name: Publish to Codecov - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 - with: - token: ${{ secrets.CODECOV_TOKEN }} - - name: Publish to Codacy - uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1.3.0 - with: - project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} - continue-on-error: true - - name: Publish to DeepSource - uses: deepsourcelabs/test-coverage-action@e02a039827236fa21a95866e7cd0b1c52ca61e76 # v1.1.2 - continue-on-error: true - with: - key: java - dsn: ${{ secrets.DEEPSOURCE_DSN }} - coverage-file: ./build/reports/jacoco/jacocoFullReport/jacocoFullReport.xml - - name: Publish to SonarQube - uses: ./.github/actions/run-gradle - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - with: - java: ${{ env.PUBLISH_JDK }} - arguments: sonar -Dsonar.branch.name=${GITHUB_REF##*/} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - continue-on-error: true - - test-results: - name: Test Results - runs-on: ubuntu-latest - needs: tests - if: github.event_name == 'push' - permissions: - checks: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - ${{ env.ALLOWED_ENDPOINTS }} - badgen.net:443 - - name: Download Tests - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - - name: Decompress - run: find . -type f -name '*.tar.gz' -exec sh -c 'tar -zxf {} --one-top-level' \; - - name: Publish Test Results - uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 - continue-on-error: true - id: test-results - with: - json_thousands_separator: ',' - junit_files: '**/TEST-*.xml' - comment_mode: off - ignore_runs: true - job_summary: true - - name: Create badge - id: test-badge - env: - LABEL: tests - COLOR: 31c653 - STATUS: ${{ fromJSON(steps.test-results.outputs.json).formatted.stats.runs }} - continue-on-error: true - run: curl -s -f https://badgen.net/badge/${{env.LABEL}}/${{env.STATUS}}/${{env.COLOR}} > badge.svg - - name: Upload badge to Gist - uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 - if: > - github.event.repository.fork == false - && steps.test-badge.outcome == 'success' - && endsWith(github.ref, github.event.repository.default_branch) - with: - gist_url: https://gist.githubusercontent.com/ben-manes/c20eb418f0e0bd6dfe1c25beb35faae4 - auth: ${{ secrets.GIST_TOKEN }} - gist_description: Test Results - github_file: badge.svg - gist_title: badge.svg - - publish-snapshot: - name: Publish Snapshot - runs-on: ubuntu-latest - needs: tests - if: > - github.event_name == 'push' - && github.event.repository.fork == false - && endsWith(github.ref, github.event.repository.default_branch) - permissions: - id-token: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - ${{ env.ALLOWED_ENDPOINTS }} - docs.oracle.com:443 - errorprone.info:443 - guava.dev:443 - jspecify.dev:443 - lightbend.github.io:443 - oauth2.sigstore.dev:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Publish Snapshot - uses: ./.github/actions/run-gradle - env: - ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.NEXUS_USERNAME }} - ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.NEXUS_PASSWORD }} - ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }} - ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.OSSRH_GPG_SECRET_KEY_ID }} - ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} - with: - attempt-limit: 3 - attempt-delay: 2 - java: ${{ env.PUBLISH_JDK }} - arguments: publishToSonatype --no-configuration-cache - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml deleted file mode 100644 index 6d1e02a22b..0000000000 --- a/.github/workflows/codacy.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Codacy -permissions: read-all -on: [ push, pull_request ] - -jobs: - security-scan: - runs-on: ubuntu-latest - timeout-minutes: 15 - permissions: - actions: read - contents: read - security-events: write - if: github.event.repository.fork == false - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.codacy.com:443 - api.github.com:443 - auth.docker.io:443 - github.com:443 - golang.org:443 - objects.githubusercontent.com:443 - production.cloudflare.docker.com:443 - raw.githubusercontent.com:443 - registry-1.docker.io:443 - *.blob.core.windows.net:443 - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Run Codacy Analysis - uses: codacy/codacy-analysis-cli-action@97bf5df3c09e75f5bcd72695998f96ebd701846e # v4.4.5 - continue-on-error: true - with: - format: sarif - output: results.sarif - gh-code-scanning-compat: true - max-allowed-issues: 2147483647 - - name: Check file existence - id: check_files - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 - with: - files: results.sarif - - name: Remove duplicate runs - if: steps.check_files.outputs.files_exists == 'true' - run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - if: steps.check_files.outputs.files_exists == 'true' - continue-on-error: true - with: - sarif_file: codacy.sarif diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml deleted file mode 100644 index 28f31d61b5..0000000000 --- a/.github/workflows/dependency-check.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Dependency Check -on: - push: - pull_request: - schedule: - - cron: '0 0 * * 4' -permissions: read-all - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 23 - -jobs: - dependency-check: - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - if: > - github.actor != 'dependabot[bot]' - && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.adoptium.net:443 - api.github.com:443 - caffeine.gradle-enterprise.cloud:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - github.com:443 - jcenter.bintray.com:443 - jeremylong.github.io:443 - nvd.nist.gov:443 - objects.githubusercontent.com:443 - ossindex.sonatype.org:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - raw.githubusercontent.com:443 - services.gradle.org:443 - www.cisa.gov:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Run dependency-check - uses: ./.github/actions/run-gradle - continue-on-error: true - env: - NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - with: - java: ${{ env.JAVA_VERSION }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: dependencyCheckAggregate --no-configuration-cache - - name: Check file existence - id: check_files - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 - with: - files: build/reports/dependency-check-report.sarif - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - if: steps.check_files.outputs.files_exists == 'true' - with: - sarif_file: build/reports/dependency-check-report.sarif diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml deleted file mode 100644 index d0bb5aa57a..0000000000 --- a/.github/workflows/dependency-review.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Dependency Review -permissions: read-all -on: [pull_request] - -jobs: - dependency-review: - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.deps.dev:443 - api.github.com:443 - github.com:443 - - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Dependency Review - uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 - with: - license-check: false - comment-summary-in-pr: on-failure - retry-on-snapshot-warnings: true - retry-on-snapshot-warnings-timeout: 600 diff --git a/.github/workflows/dependency-submission-pr-retreive.yml b/.github/workflows/dependency-submission-pr-retreive.yml deleted file mode 100644 index aafa88acbf..0000000000 --- a/.github/workflows/dependency-submission-pr-retreive.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Retrieve and submit dependency graph -permissions: read-all -on: - workflow_run: - workflows: ['Generate and save dependency graph'] - types: [completed] - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 23 - -jobs: - submit-dependency-graph: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.adoptium.net:443 - api.github.com:443 - caffeine.gradle-enterprise.cloud:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - github.com:443 - jcenter.bintray.com:443 - objects.githubusercontent.com:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - services.gradle.org:443 - - name: Retrieve and submit dependency graph - uses: gradle/actions/dependency-submission@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - with: - dependency-graph: download-and-submit diff --git a/.github/workflows/dependency-submission-pr-submit.yml b/.github/workflows/dependency-submission-pr-submit.yml deleted file mode 100644 index 844372bc89..0000000000 --- a/.github/workflows/dependency-submission-pr-submit.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Generate and save dependency graph -permissions: read-all -on: [ pull_request ] - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 21 - -jobs: - dependency-submission: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.adoptium.net:443 - api.github.com:443 - caffeine.gradle-enterprise.cloud:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - github.com:443 - jcenter.bintray.com:443 - objects.githubusercontent.com:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - services.gradle.org:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Set up JDK ${{ env.JAVA_VERSION }} - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 - with: - java-version: ${{ env.JAVA_VERSION }} - distribution: temurin - - name: Submit Dependency Graph - uses: gradle/actions/dependency-submission@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - with: - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - dependency-graph: generate-and-upload diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml deleted file mode 100644 index 513de8d5e5..0000000000 --- a/.github/workflows/dependency-submission.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Dependency Submission -permissions: read-all -on: [ push ] - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 21 - -jobs: - dependency-submission: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.adoptium.net:443 - api.github.com:443 - caffeine.gradle-enterprise.cloud:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - github.com:443 - jcenter.bintray.com:443 - objects.githubusercontent.com:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - services.gradle.org:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Set up JDK ${{ env.JAVA_VERSION }} - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 - with: - java-version: ${{ env.JAVA_VERSION }} - distribution: temurin - - name: Submit Dependency Graph - uses: gradle/actions/dependency-submission@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - with: - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml deleted file mode 100644 index d9e6bdfd48..0000000000 --- a/.github/workflows/devskim.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: DevSkim -permissions: read-all - -on: - push: - branches: [master, v2.dev, v3.dev] - pull_request: - branches: [master, v2.dev, v3.dev] - schedule: - - cron: '40 22 * * 0' - -jobs: - lint: - name: DevSkim - runs-on: ubuntu-20.04 - permissions: - actions: read - contents: read - security-events: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.github.com:443 - github.com:443 - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Run DevSkim scanner - uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14 - - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - with: - sarif_file: devskim-results.sarif diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml deleted file mode 100644 index 5653921381..0000000000 --- a/.github/workflows/examples.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: examples -permissions: read-all -on: [ push, pull_request ] - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 21 - -jobs: - examples: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.github.com:443 - api.adoptium.net:443 - caffeine.gradle-enterprise.cloud:443 - download.oracle.com:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - gds.oracle.com:443 - github.com:443 - jcenter.bintray.com:443 - objects.githubusercontent.com:443 - plugins.gradle.org:443 - plugins-artifacts.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - services.gradle.org:443 - www.graalvm.org:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Setup Gradle - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - name: Simulator - run: > - ./gradlew simulator:run - -Dcaffeine.simulator.report.output=$(pwd)/simulation.md - -Dcaffeine.simulator.files.paths.0="corda:trace_vaultservice.gz" - -Dcaffeine.simulator.files.paths.1="lirs:loop.trace.gz" - -Dcaffeine.simulator.files.paths.2="corda:trace_vaultservice.gz" - - name: Publish Simulator Results - run: | - { - echo '### Adaptivity' - echo '```' - cat $(pwd)/simulation.md - echo '```' - } >> $GITHUB_STEP_SUMMARY - - name: Chart Simulation - run: ./gradlew -q simulator:simulate --maximumSize=100,200,300 - - name: Memory Overhead - run: ./gradlew -q caffeine:memoryOverhead - - name: Stresser (read) - run: > - timeout 1m ./gradlew -q caffeine:stress --workload=read - || ([[ $? -eq 124 ]] && echo "Timeout reached, but that's OK") - - name: Stresser (write) - run: > - timeout 1m ./gradlew -q caffeine:stress --workload=write - || ([[ $? -eq 124 ]] && echo "Timeout reached, but that's OK") - - name: Stresser (refresh) - run: > - timeout 1m ./gradlew -q caffeine:stress --workload=refresh - || ([[ $? -eq 124 ]] && echo "Timeout reached, but that's OK") - - name: Write-behind (rxjava) - working-directory: examples/write-behind-rxjava - run: ./gradlew build - - name: Coalescing Bulkloader (reactor) - working-directory: examples/coalescing-bulkloader-reactor - run: ./gradlew build - - name: Hibernate (jcache) - working-directory: examples/hibernate - run: ./gradlew build - - name: Indexable - working-directory: examples/indexable - run: ./gradlew build - - name: Resilience (failsafe) - working-directory: examples/resilience-failsafe - run: ./gradlew build - - name: Prepare for Graal Native Image - uses: ./.github/actions/run-gradle - env: - SNAPSHOT: true - with: - java: GraalVM - arguments: -q caffeine:clean caffeine:jar - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - name: Graal Native Image - uses: ./.github/actions/run-gradle - env: - SNAPSHOT: true - with: - java: GraalVM - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - --project-dir examples/graal-native - -Pagent run - metadataCopy --task run --dir src/main/resources/META-INF/native-image - nativeRun nativeTest diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml deleted file mode 100644 index 31157514ea..0000000000 --- a/.github/workflows/gitleaks.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: gitleaks -on: - pull_request: {} - push: - branches: [master, v3.dev] -permissions: read-all - -env: - ALLOWED_ENDPOINTS: > - api.github.com:443 - github.com:443 - objects.githubusercontent.com:443 - -jobs: - scan: - name: gitleaks - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - - name: Run gitleaks - uses: gitleaks/gitleaks-action@83373cf2f8c4db6e24b41c1a9b086bb9619e9cd3 # v2.3.7 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml deleted file mode 100644 index 3f3b921158..0000000000 --- a/.github/workflows/gradle-wrapper-validation.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Validate Gradle Wrapper -on: [push, pull_request] -permissions: read-all - -jobs: - validation: - name: Validation - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - github.com:443 - services.gradle.org:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml deleted file mode 100644 index 8e700e2578..0000000000 --- a/.github/workflows/qodana.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: Qodana -permissions: read-all -on: [ push, pull_request ] - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 11 - -jobs: - qodana: - runs-on: ubuntu-latest - permissions: - checks: write - actions: read - contents: read - security-events: write - if: > - github.actor != 'dependabot[bot]' - && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false) - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.adoptium.net:443 - api.foojay.io:443 - api.github.com:443 - auth.docker.io:443 - caffeine.gradle-enterprise.cloud:443 - docs.oracle.com:443 - download.jetbrains.com:443 - download-cdn.jetbrains.com:443 - downloads.gradle.org:443 - downloads.gradle-dn.com:443 - errorprone.info:443 - github.com:443 - guava.dev:443 - jcenter.bintray.com:443 - jspecify.dev:443 - lightbend.github.io:443 - objects.githubusercontent.com:443 - packages.jetbrains.team:443 - pkg-cdn.jetbrains.team:443 - plugins.gradle.org:443 - plugins.jetbrains.com:443 - plugins-artifacts.gradle.org:443 - prod.fus.aws.intellij.net:443 - production.cloudflare.docker.com:443 - registry-1.docker.io:443 - repo.gradle.org:443 - repo.maven.apache.org:443 - repo1.maven.org:443 - resources.jetbrains.com:443 - services.gradle.org:443 - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Build - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: check -x test - - name: Qodana - Code Inspection - uses: JetBrains/qodana-action@c9aae269126c597c4332ef4b11f0547262f240b5 # v2024.3.3 - env: - QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }} - with: - upload-result: true - github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - with: - sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 3b21a201c1..0000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: release -on: - release: - types: [created] -permissions: read-all - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 11 - -jobs: - release: - runs-on: ubuntu-latest - if: github.event.repository.fork == false - permissions: - id-token: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: audit - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Releasing - uses: ./.github/actions/run-gradle - env: - ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.NEXUS_USERNAME }} - ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.NEXUS_PASSWORD }} - ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }} - ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.OSSRH_GPG_SECRET_KEY_ID }} - ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} - with: - java: ${{ env.JAVA_VERSION }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - arguments: > - publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease - --no-configuration-cache diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml deleted file mode 100644 index a06f1ee94b..0000000000 --- a/.github/workflows/scorecards-analysis.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Scorecards -on: - branch_protection_rule: - schedule: - - cron: '45 17 * * 2' - push: - branches: [ master ] - -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - security-events: write - id-token: write - actions: read - contents: read - if: github.event.repository.fork == false - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.deps.dev:443 - api.github.com:443 - api.osv.dev:443 - api.securityscorecards.dev:443 - api.scorecard.dev:443 - auth.docker.io:443 - bestpractices.coreinfrastructure.org:443 - fulcio.sigstore.dev:443 - github.com:443 - index.docker.io:443 - oss-fuzz-build-logs.storage.googleapis.com:443 - rekor.sigstore.dev:443 - sigstore-tuf-root.storage.googleapis.com:443 - tuf-repo-cdn.sigstore.dev:443 - www.bestpractices.dev:443 - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - name: Run analysis - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 - with: - publish_results: true - results_format: sarif - results_file: results.sarif - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - - name: Upload artifact - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - with: - sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml deleted file mode 100644 index fb292ba71b..0000000000 --- a/.github/workflows/semgrep.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Semgrep -permissions: read-all -on: - pull_request: {} - push: - branches: [master, v2.dev, v3.dev] - -jobs: - semgrep: - name: Scan - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - container: - # Incompatible with Harden Runner - image: returntocorp/semgrep - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - run: semgrep scan --sarif --output=results.sarif - env: - SEMGREP_RULES: >- - p/java - p/github-actions - p/semgrep-rule-lints - p/semgrep-misconfigurations - - name: Check file existence - id: check_files - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 - with: - files: results.sarif - - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - if: steps.check_files.outputs.files_exists == 'true' - continue-on-error: true - with: - sarif_file: results.sarif diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index 6dd58346c0..0000000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: snyk -on: - push: - branches: [master, v2.dev, v3.dev] -permissions: read-all - -env: - DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - JAVA_VERSION: 21 - -jobs: - snyk: - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - container: - # Incompatible with Harden Runner - image: snyk/snyk:gradle-jdk21 - env: - SNYK_INTEGRATION_VERSION: gradle-jdk21 - SNYK_INTEGRATION_NAME: GITHUB_ACTIONS - FORCE_COLOR: 2 - if: github.event.repository.fork == false - steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Setup Gradle - uses: ./.github/actions/run-gradle - with: - java: ${{ env.JAVA_VERSION }} - cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - name: Run Snyk test - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - run: snyk test --sarif-file-output=snyk.sarif --all-sub-projects -- --no-configuration-cache - - name: Check file existence - id: check_files - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 - with: - files: snyk.sarif - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - if: steps.check_files.outputs.files_exists == 'true' - with: - sarif_file: snyk.sarif - - name: Run Snyk monitor - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - run: snyk monitor --all-sub-projects -- --no-configuration-cache diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml deleted file mode 100644 index 679c216263..0000000000 --- a/.github/workflows/spelling.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: spelling -permissions: read-all -on: [ push, pull_request ] - -jobs: - misspell: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.github.com:443 - github.com:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Misspell - uses: reviewdog/action-misspell@18ffb61effb93b47e332f185216be7e49592e7e1 # v1.26.1 - with: - reporter: github-check - github_token: ${{ secrets.GITHUB_TOKEN }} - - typos: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - github.com:443 - objects.githubusercontent.com:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Typos - uses: crate-ci/typos@9d890159570d5018df91fedfa40b4730cd4a81b1 # v1.28.4 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml deleted file mode 100644 index 86ef5303de..0000000000 --- a/.github/workflows/trivy.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: trivy -permissions: read-all -on: [ push, pull_request ] - -jobs: - trivy: - runs-on: ubuntu-20.04 - permissions: - checks: write - actions: read - contents: read - security-events: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.github.com:443 - ghcr.io:443 - github.com:443 - mirror.gcr.io:443 - objects.githubusercontent.com:443 - pkg-containers.githubusercontent.com:443 - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 - continue-on-error: true - with: - scan-type: fs - format: sarif - output: results.sarif - - name: Check file existence - id: check_files - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 - with: - files: results.sarif - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - if: steps.check_files.outputs.files_exists == 'true' - with: - sarif_file: results.sarif