Fix #5601: Version upgrade for actions/cache (#5603) #13885
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Contains jobs corresponding to static checks (such as syntax correctness & prohibited patterns). | |
name: Static Checks | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- develop | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
check_codeowners: | |
name: Check CODEOWNERS & Repository files | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: mszostok/[email protected] | |
with: | |
checks: "duppatterns,files,syntax" | |
experimental_checks: "notowned" | |
check_base_branch: | |
name: Check base branch | |
runs-on: ubuntu-20.04 | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: "Branch is not based on develop or release branch" | |
if: ${{ github.base_ref != 'develop' && !startsWith(github.base_ref, 'release-') }} | |
run: | | |
echo "Current base branch: $BASE_BRANCH" | |
echo "Note: this check is expected to fail for chained PRs so that they can't accidentally be merged. PRs should only ever be merged directly into develop or a release branch." | |
exit 1 | |
env: | |
BASE_BRANCH: ${{ github.base_ref }} | |
- name: "Branch verified as based on develop/release branch" | |
if: ${{ github.base_ref == 'develop' || startsWith(github.base_ref, 'release-') }} | |
run: | | |
echo "Branch is correctly branched off of valid base branch to merge PRs into: $BASE_BRANCH" | |
env: | |
BASE_BRANCH: ${{ github.base_ref }} | |
linters: | |
name: Lint Tests | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Create oppia android tools directory | |
run: mkdir -p $HOME/oppia-android-tools | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Download Checkstyle | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_download.sh | |
- name: Download Ktlint | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_download.sh | |
- name: Download Buf | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_download.sh | |
- name: Download Buildifier | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_download.sh | |
- name: Java lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_lint_check.sh $HOME | |
- name: Kotlin lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_lint_check.sh $HOME | |
- name: Feature flag checks | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/feature_flags_check.sh $HOME | |
- name: Protobuf lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_lint_check.sh $HOME | |
- name: Bazel lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_lint_check.sh $HOME | |
script_checks: | |
name: Script Checks | |
runs-on: ubuntu-20.04 | |
env: | |
CACHE_DIRECTORY: ~/.bazel_cache | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 6.5.0 | |
- uses: actions/cache@v4 | |
id: scripts_cache | |
with: | |
path: ${{ env.CACHE_DIRECTORY }} | |
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel- | |
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a | |
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit) | |
# thereby only ever using the last successful cache version. This solution will result in a | |
# few slower CI actions around the time cache is detected to be too large, but it should | |
# incrementally improve thereafter. | |
- name: Ensure cache size | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
# See https://stackoverflow.com/a/27485157 for reference. | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1) | |
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB" | |
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem | |
# to only increase by a few hundred megabytes across changes for unrelated branches. This | |
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build | |
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB | |
# compressed cache). | |
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then | |
echo "Cache exceeds cut-off; resetting it (will result in a slow build)" | |
rm -rf $EXPANDED_BAZEL_CACHE_PATH | |
fi | |
- name: Configure Bazel to use a local cache | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path" | |
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc | |
shell: bash | |
- name: Regex Patterns Validation Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:regex_pattern_validation_check -- $(pwd) | |
- name: XML Syntax Validation Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:xml_syntax_check -- $(pwd) | |
- name: Testfile Presence Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:test_file_check -- $(pwd) | |
- name: Accessibility label Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:accessibility_label_check -- $(pwd) scripts/assets/accessibility_label_exemptions.pb app/src/main/AndroidManifest.xml | |
- name: KDoc Validation Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:kdoc_validity_check -- $(pwd) scripts/assets/kdoc_validity_exemptions.pb | |
- name: Todo Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
run: | | |
bazel run //scripts:todo_open_check -- $(pwd) scripts/assets/todo_open_exemptions.pb | |
- name: String Resource Validation Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:string_resource_validation_check -- $(pwd) | |
- name: Binary files check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/pre-commit.sh | |
echo "No binary files found in commit" | |
echo "BINARY FILES CHECK PASSED" | |
# Note that caching is intentionally not enabled for this check since licenses should always be | |
# verified without any potential influence from earlier builds (i.e. always from a clean build to | |
# ensure the results exactly match the current state of the repository). | |
third_party_dependencies_check: | |
name: Maven Dependencies Checks | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 6.5.0 | |
- name: Maven Repin Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
REPIN=1 bazel run @unpinned_maven//:pin | |
- name: Maven Dependencies Update Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:maven_dependencies_list_check -- $(pwd) third_party/maven_install.json scripts/assets/maven_dependencies.pb | |
- name: License Texts Check | |
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations, | |
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows. | |
if: ${{ !cancelled() }} | |
run: | | |
bazel run //scripts:license_texts_check -- $(pwd)/app/src/main/res/values/third_party_dependencies.xml |