diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index fd9f598a0a..282cc46abc 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -56,6 +56,7 @@ jobs: env: # publishToMavenLocal causes a GH API requests, use the token for those requests GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: | ./gradlew check sourceTarball distTar distZip publishToMavenLocal \ -x :polaris-runtime-service:test \ @@ -94,6 +95,8 @@ jobs: - name: Prepare Gradle build cache uses: ./.github/actions/ci-incr-build-cache-prepare - name: Run Quarkus tests + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: | ./gradlew \ :polaris-runtime-service:test \ @@ -133,6 +136,8 @@ jobs: uses: ./.github/actions/ci-incr-build-cache-prepare - name: Run integration tests run: ./gradlew intTest --continue + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - name: Save partial Gradle build cache uses: ./.github/actions/ci-incr-build-cache-save if: github.event_name == 'push' && github.ref == 'refs/heads/main' @@ -172,5 +177,8 @@ jobs: with: cache-read-only: false - name: Trigger Gradle home cleanup + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: ./gradlew --no-daemon :showVersion + # Note: the "Post Gradle invocation" archives the updated build cache. diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 1404ec3f63..8b1748c2f9 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -83,6 +83,8 @@ jobs: minikube docker-env - name: Image build + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: | eval $(minikube -p minikube docker-env) ./gradlew \ diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 4e002ce190..3463a39dd3 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -62,4 +62,5 @@ jobs: # publishToApache causes a GH API requests, use the token for those requests GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.NEXUS_USER }} - ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.NEXUS_PW }} + ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.NEXUS_PW }} + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} diff --git a/.github/workflows/python-client.yml b/.github/workflows/python-client.yml index 54a8e715e8..eba3de50cf 100644 --- a/.github/workflows/python-client.yml +++ b/.github/workflows/python-client.yml @@ -64,6 +64,8 @@ jobs: make client-unit-test - name: Image build + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: | ./gradlew \ :polaris-server:assemble \ diff --git a/.github/workflows/regtest.yml b/.github/workflows/regtest.yml index 459f8186b8..e0ea027d25 100644 --- a/.github/workflows/regtest.yml +++ b/.github/workflows/regtest.yml @@ -52,6 +52,8 @@ jobs: run: mkdir -p regtests/output && chmod 777 regtests/output && chmod 777 regtests/t_*/ref/* - name: Image build + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: | ./gradlew \ :polaris-server:assemble \ diff --git a/.github/workflows/spark_client_regtests.yml b/.github/workflows/spark_client_regtests.yml index 095262a64b..ec24f17da7 100644 --- a/.github/workflows/spark_client_regtests.yml +++ b/.github/workflows/spark_client_regtests.yml @@ -55,9 +55,12 @@ jobs: env: # publishToMavenLocal causes a GH API requests, use the token for those requests GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: ./gradlew assemble publishToMavenLocal - name: Image build + env: + DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} run: | ./gradlew \ :polaris-server:assemble \ diff --git a/README.md b/README.md index fa44717abb..13b5d64b5e 100644 --- a/README.md +++ b/README.md @@ -136,6 +136,19 @@ Default configuration values can be found in `runtime/defaults/src/main/resource ``` - See [README in `site/`](site/README.md) for more information. +#### Publishing Build Scans to develocity.apache.org + +All authenticated builds of Apache Polaris will automatically publish build scans to the ASF Develocity instance at +[develocity.apache.org](https://develocity.apache.org/scans?search.rootProjectNames=polaris). + +CI builds originating from the `apache/polaris` repository will have access to the Apache organization-level secret +`DEVELOCITY_ACCESS_KEY` and publish build scans using the secret. CI builds originating from pull requests from forks +will not have access to the secret and will silently skip build scan publication. + +Apache committers can publish build scans from their local machine by +[provisioning an access key](https://docs.gradle.com/develocity/gradle-plugin/current/#automated_access_key_provisioning) +using ASF LDAP credentials. Builds by anonymous, unauthenticated contributors will silently skip build scan publication. + ## License Apache Polaris is under the Apache License Version 2.0. See the [LICENSE](LICENSE). diff --git a/settings.gradle.kts b/settings.gradle.kts index cbfbc3a269..fa3f02300e 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -109,6 +109,11 @@ pluginManagement { } } +plugins { + id("com.gradle.develocity") version "4.1.1" + id("com.gradle.common-custom-user-data-gradle-plugin") version "2.3" +} + dependencyResolutionManagement { repositoriesMode = RepositoriesMode.FAIL_ON_PROJECT_REPOS repositories { @@ -126,3 +131,15 @@ gradle.beforeProject { version = baseVersion group = "org.apache.polaris" } + +val isCI = System.getenv("CI") != null + +develocity { + server = "https://develocity.apache.org" + projectId = "polaris" + buildScan { + uploadInBackground = !isCI + publishing.onlyIf { it.isAuthenticated } + obfuscation { ipAddresses { addresses -> addresses.map { _ -> "0.0.0.0" } } } + } +}