timefold-solver-benchmarks/.github/workflows/pull_request.yml at main · TimefoldAI/timefold-solver-benchmarks · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Pull Request

on:
  # Enables the workflow to run on PRs from forks;
  # token sharing is safe here, because enterprise is a private repo and therefore fully under our control.
  pull_request_target:
    branches: [main, '*.x']
    types:
      - opened
      - reopened
      - synchronize
    paths-ignore:
      - 'LICENSE*'
      - '.gitignore'
      - '**.md'
      - '**.adoc'
      - '*.txt'

jobs:
  # Check if the user is a member of the organization; if so, allow the PR to sail through.
  known_user:
    runs-on: ubuntu-latest
    outputs:
      is_member_of_org: ${{ steps.auth_check.outputs.authorized }}
    steps:
      - id: auth_check
        env:
          GH_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }}  # Release account is a Solver Gatekeeper.
        shell: bash
        run: |
          # -g to allow actors such as dependabot[bot]
          ORG_MEMBERSHIP=`curl -g -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'`
          echo "authorized=$ORG_MEMBERSHIP" >> "$GITHUB_OUTPUT"
      - id: validation
        shell: bash
        run: |
          echo "Authorized user: ${{ steps.auth_check.outputs.authorized }}"
  # If the user is not a member, require a member to approve the PR.
  approval_required:
    needs: known_user
    environment:
      ${{
      github.event_name == 'pull_request_target' &&
      github.event.pull_request.head.repo.full_name != github.repository &&
      (needs.known_user.outputs.is_member_of_org != 'true' || github.actor == 'dependabot[bot]') &&
      'external' || 'internal'
      }}
    runs-on: ubuntu-latest
    steps:
      - run: true
  build:
    needs: approval_required
    runs-on: ubuntu-latest
    concurrency:
      group: pr-${{ github.event_name }}-${{ github.head_ref }}
      cancel-in-progress: true
    timeout-minutes: 120
    steps:
      # Need to check for stale repo, since Github is not aware of the build chain and therefore doesn't automate it.
      - name: Checkout timefold-solver (PR) # Checkout the PR branch first, if it exists
        if: github.head_ref # Only true if this is a PR.
        id: checkout-solver
        uses: actions/checkout@v6
        continue-on-error: true
        with:
          repository: ${{ github.actor }}/timefold-solver
          ref: ${{ github.head_ref }}
          path: ./timefold-solver
          fetch-depth: 0 # Otherwise merge will fail on account of not having history.
      - name: Checkout timefold-solver (main) # Checkout the main branch if the PR branch does not exist
        if: ${{ steps.checkout-solver.outcome != 'success' }}
        uses: actions/checkout@v6
        with:
          repository: TimefoldAI/timefold-solver
          ref: main
          path: ./timefold-solver
          fetch-depth: 0 # Otherwise merge will fail on account of not having history.

      - name: Setup Temurin OpenJDK and Maven
        uses: actions/setup-java@v5
        with:
          java-version: '25'
          distribution: 'temurin'
          cache: 'maven'

      - name: Quickly build timefold-solver
        working-directory: ./timefold-solver
        shell: bash
        run: ./mvnw -B -Dquickly clean install

      # Clone timefold-solver-enterprise
      # Need to check for stale repo, since Github is not aware of the build chain and therefore doesn't automate it.
      - name: Checkout timefold-solver-enterprise (PR) # Checkout the PR branch first, if it exists
        if: github.head_ref # Only true if this is a PR.
        id: checkout-solver-enterprise
        uses: actions/checkout@v6
        continue-on-error: true
        with:
          repository: TimefoldAI/timefold-solver-enterprise
          ref: ${{ github.head_ref }}
          token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Safe; only used to clone the repo and not stored in the fork.
          path: ./timefold-solver-enterprise
          fetch-depth: 0 # Otherwise merge will fail on account of not having history.
      - name: Checkout timefold-solver-enterprise (main) # Checkout the main branch if the PR branch does not exist
        if: steps.checkout-solver-enterprise.outcome != 'success'
        uses: actions/checkout@v6
        with:
          repository: TimefoldAI/timefold-solver-enterprise
          ref: main
          token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Safe; only used to clone the repo and not stored in the fork.
          path: ./timefold-solver-enterprise
          fetch-depth: 0 # Otherwise merge will fail on account of not having history.
      - name: Quickly build timefold-solver-enterprise
        working-directory: ./timefold-solver-enterprise
        shell: bash
        run: ./mvnw -B -Dquickly clean install

      # Clone timefold-solver-benchmarks
      - name: Checkout timefold-solver-benchmarks
        uses: actions/checkout@v6
        with:
          repository: TimefoldAI/timefold-solver-benchmarks
          ref: ${{ github.head_ref }}
          path: ./timefold-solver-benchmarks
      - name: Build and test timefold-solver-benchmarks
        working-directory: ./timefold-solver-benchmarks
        shell: bash
        env:
          TIMEFOLD_ENTERPRISE_LICENSE: ${{ secrets.TIMEFOLD_SOLVER_CI_PROD_LICENSE }}
        run: ./mvnw -B clean verify