Publish build scans to develocity.apache.org for build insights

.github/workflows/gradle.yml

@@ -56,6 +56,7 @@ jobs:
         env:
           # publishToMavenLocal causes a GH API requests, use the token for those requests
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew check sourceTarball distTar distZip publishToMavenLocal \
             -x :polaris-runtime-service:test \
@@ -94,6 +95,8 @@ jobs:
       - name: Prepare Gradle build cache
         uses: ./.github/actions/ci-incr-build-cache-prepare
       - name: Run Quarkus tests
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
             :polaris-runtime-service:test \
@@ -133,6 +136,8 @@ jobs:
         uses: ./.github/actions/ci-incr-build-cache-prepare
       - name: Run integration tests
         run: ./gradlew intTest --continue
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       - name: Save partial Gradle build cache
         uses: ./.github/actions/ci-incr-build-cache-save
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -172,5 +177,8 @@ jobs:
         with:
           cache-read-only: false
       - name: Trigger Gradle home cleanup
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: ./gradlew --no-daemon :showVersion
+
       # Note: the "Post Gradle invocation" archives the updated build cache.

.github/workflows/helm.yml

@@ -83,6 +83,8 @@ jobs:
           minikube docker-env
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           eval $(minikube -p minikube docker-env)
           ./gradlew \

.github/workflows/nightly.yml

@@ -62,4 +62,5 @@ jobs:
           # publishToApache causes a GH API requests, use the token for those requests
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ORG_GRADLE_PROJECT_apacheUsername: ${{ secrets.NEXUS_USER }}
-          ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.NEXUS_PW }} 
+          ORG_GRADLE_PROJECT_apachePassword: ${{ secrets.NEXUS_PW }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}

.github/workflows/python-client.yml

@@ -64,6 +64,8 @@ jobs:
           make client-unit-test
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
             :polaris-server:assemble \

.github/workflows/regtest.yml

@@ -52,6 +52,8 @@ jobs:
         run: mkdir -p regtests/output && chmod 777 regtests/output && chmod 777 regtests/t_*/ref/*
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
               :polaris-server:assemble \

.github/workflows/spark_client_regtests.yml

@@ -55,9 +55,12 @@ jobs:
         env:
           # publishToMavenLocal causes a GH API requests, use the token for those requests
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: ./gradlew assemble publishToMavenLocal
 
       - name: Image build
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew \
               :polaris-server:assemble \

README.md

@@ -136,6 +136,19 @@ Default configuration values can be found in `runtime/defaults/src/main/resource
   ```
 - See [README in `site/`](site/README.md) for more information.
 
+#### Publishing Build Scans to develocity.apache.org
+
+All authenticated builds of Apache Polaris will automatically publish build scans to the ASF Develocity instance at 
+[develocity.apache.org](https://develocity.apache.org/scans?search.rootProjectNames=polaris). 
+
+CI builds originating from the `apache/polaris` repository will have access to the Apache organization-level secret 
+`DEVELOCITY_ACCESS_KEY` and publish build scans using the secret. CI builds originating from pull requests from forks 
+will not have access to the secret and will silently skip build scan publication.
+
+Apache committers can publish build scans from their local machine by 
+[provisioning an access key](https://docs.gradle.com/develocity/gradle-plugin/current/#automated_access_key_provisioning) 
+using ASF LDAP credentials. Builds by anonymous, unauthenticated contributors will silently skip build scan publication.
+
 ## License
 
 Apache Polaris is under the Apache License Version 2.0. See the [LICENSE](LICENSE).

settings.gradle.kts

@@ -109,6 +109,11 @@ pluginManagement {
   }
 }
 
+plugins {
+  id("com.gradle.develocity") version "4.1.1"
+  id("com.gradle.common-custom-user-data-gradle-plugin") version "2.3"
+}
+
 dependencyResolutionManagement {
   repositoriesMode = RepositoriesMode.FAIL_ON_PROJECT_REPOS
   repositories {
@@ -126,3 +131,15 @@ gradle.beforeProject {
   version = baseVersion
   group = "org.apache.polaris"
 }
+
+val isCI = System.getenv("CI") != null
+
+develocity {
+  server = "https://develocity.apache.org"
+  projectId = "polaris"
+  buildScan {
+    uploadInBackground = !isCI
+    publishing.onlyIf { it.isAuthenticated }
+    obfuscation { ipAddresses { addresses -> addresses.map { _ -> "0.0.0.0" } } }
+  }
+}