CI/Build: Add Gradle Build Scans #475
Conversation
snazy
requested review from
RussellSpitzer,
adutra,
ashvina,
collado-mike,
ebyhr,
eric-maynard,
flyrain,
jackye1995,
jbonofre,
takidau and
vvcephei
as code owners
|
@snazy what about using ASF Develocity ? It's hosted here: https://ge.apache.org/ and "hosted"/approved by the ASF. I would prefer to use ASF hosted platform here. |
|
For context: https://infra.apache.org/gradle.html |
snazy
force-pushed
the
gradle-build-scans
branch
from
4885d3b to
68dbd22
Compare
|
Good point, updated the PR. |
snazy
force-pushed
the
gradle-build-scans
branch
8 times, most recently
from
6b1b532 to
215632b
Compare
|
Well, Apache's instance rejects unauthenticated build scans, which is always the case for PR CI runs (no secrets in those GH workflows). So I think it's fine to let CI runs that don't have the access-key secret publish to Gradle's infra, and those that have it publish to Apache's infra. |
Why can't we configure our PR CI runs to authenticate? The section named "GitHub Actions" in in this page says:
|
Security thing - to not expose secrets in such CI runs. |
|
Two comments:
|
That still requires all GH workflow runs to have access to secrets, which is a big concern IMHO. |
|
@snazy For GitHub Actions builds in the Apache GitHub organization, an access token is stored in the organizational secret |
|
@jbonofre GH actions run from forks do NOT have any secrets, that's how GH workflows work. |
|
@snazy yes, that's expected. That's why I don't the security question :) If an user forks Polaris, if he's a Apache committer, he can use his Apache account, else he doesn't push. Sorry, I failed to see the point 😄 |
|
Yes, you failed the point. See the warning box under the discussion of |
|
TL;DR both scenarios, |
|
My point about Apache Committer is for local build (not related to GH Action). I think I understand your point about PR, but I was talking about "regular" GH Action build. |
Yes, that's basically the whole point - I want to inspect build scans for PRs, not just test results, but more than that. |
|
@snazy so like this one: https://ge.apache.org/s/7hwlge7hwhch4 So it seems to work on Apache Beam. |
|
@jbonofre that uses the insecure |
|
@snazy I'm checking this. |
|
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
Gradle Build Scans, free of use, collect a lot of information about a Gradle build, including the actual output of failed test. This becomes quite convenient when inspecting test failures in CI and a lot of other information about Gradle builds. [Example build scan](https://scans.gradle.com/s/jpuykotf4hac6)
snazy
force-pushed
the
gradle-build-scans
branch
from
215632b to
ed1054d
Compare
|
Any updates on this @jbonofre ? |
|
My apologize, I have been swamped by other stuff. Let me resume work on this. Sorry for the delay 😀 |
|
Hi folk, do you still need this? |
|
Build scans are very useful and much more convenient than downloading some archive, unpacking it, finding the right files, etc. |
|
Closed in favor of #2559 |
github-project-automation
bot
moved this from PRs In Progress
to Done
in Basic Kanban Board
4 participants
Gradle Build Scans, free of use, collect a lot of information about a Gradle build, including the actual output of failed test. This becomes quite convenient when inspecting test failures in CI and a lot of other information about Gradle builds.
Example build scan