diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dd6457c7647..3fc7972c912 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,75 +1,11 @@ -name: "CodeQL Advanced" +name: CodeQL Advanced (disabled in fork) on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] + workflow_dispatch: jobs: - analyze: - name: Analyze (${{ matrix.language }}) - runs-on: 'ubuntu-latest' - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - strategy: - fail-fast: false - matrix: - include: - - language: java-kotlin - build-mode: autobuild - - language: javascript-typescript # Need to add this even though we don't want this; otherwise Github complains. - build-mode: none + disabled: + if: ${{ false }} + runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v5 - - # Add any setup steps before running the `github/codeql-action/init` action. - # This includes steps like installing compilers or runtimes (`actions/setup-node` - # or others). This is typically only required for manual builds. - # - name: Setup runtime (example) - # uses: actions/setup-example@v1 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - # JS is only used in Benchmarker, which runs locally and is irrelevant in terms of security. - # We do not want to analyze those. - config: | - paths-ignore: - - 'benchmark/**/*.html' - - 'benchmark/**/*.ftl' - - 'benchmark/**/*.js' - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash - run: | - echo 'If you are using a "manual" build mode for one or more of the' \ - 'languages you are analyzing, replace this with the commands to build' \ - 'your code, for example:' - echo ' make bootstrap' - echo ' make release' - exit 1 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 - with: - category: "/language:${{matrix.language}}" + - run: echo "Disabled in this fork. Use the manual Publish to GitHub Packages workflow." diff --git a/.github/workflows/finish_release.yml b/.github/workflows/finish_release.yml index 7b7c13345aa..ab7e1613f42 100644 --- a/.github/workflows/finish_release.yml +++ b/.github/workflows/finish_release.yml @@ -1,52 +1,11 @@ -name: Finish Release +name: Finish Release (disabled in fork) on: - release: - types: [published] + workflow_dispatch: jobs: - build: - env: - RELEASE_BRANCH_NAME: "__timefold_release_branch__" + disabled: + if: ${{ false }} runs-on: ubuntu-latest - timeout-minutes: 120 steps: - - name: Checkout timefold-solver - uses: actions/checkout@v5 - with: - ref: main - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - - name: Put back the 999-SNAPSHOT version on the release branch - run: | - git config user.name "Timefold Release Bot" - git config user.email "release@timefold.ai" - git checkout $RELEASE_BRANCH_NAME - ./mvnw -Dfull versions:set -DnewVersion=999-SNAPSHOT - git commit -am "build: move back to 999-SNAPSHOT" - git push origin $RELEASE_BRANCH_NAME - - - name: Update release branch - shell: bash - run: | - tag=${{ github.ref }} - tag_version=${tag##*/} - version=${tag_version%.*} - version="${version:1}.x" - echo $version - exists="$(git branch -a | grep -w $version || true)" - echo "branch $exists" - if [ -n "$exists" ]; then - git config user.name "Timefold Release Bot" - git config user.email "release@timefold.ai" - git checkout $RELEASE_BRANCH_NAME - git checkout $version - git merge -Xtheirs --no-edit --squash -m "build: release version $tag_version" $RELEASE_BRANCH_NAME - git push origin $version - git push -d origin $RELEASE_BRANCH_NAME - else - git checkout $RELEASE_BRANCH_NAME - git branch -m $RELEASE_BRANCH_NAME $version - git push origin -u $version - git push -d origin $RELEASE_BRANCH_NAME - fi \ No newline at end of file + - run: echo "Disabled in this fork. Use the manual Publish to GitHub Packages workflow." diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index cac8ee1936c..dd9e7238a8c 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,173 +1,11 @@ -name: "Base Workflow" - -env: - NODE_OPTIONS: "--max_old_space_size=4096" +name: Base Workflow (disabled in fork) on: - push: - branches: [main] - pull_request: - branches: [main] - paths-ignore: - - 'LICENSE*' - - '.gitignore' - - '**.md' - - '**.adoc' - - '*.txt' + workflow_dispatch: jobs: - java: - name: "Java Solver" - concurrency: - group: pull_request-${{ github.event_name }}-${{ github.head_ref }}-${{ matrix.os }}-${{ matrix.java-version }} - cancel-in-progress: true - runs-on: ${{matrix.os}} - strategy: - matrix: - os: [ ubuntu-latest, ubuntu-24.04-arm, macos-latest, windows-latest ] - java-version: [ 25 ] # Latest LTS if not Ubuntu - include: - - os: ubuntu-latest - java-version: 17 - - os: ubuntu-24.04-arm - java-version: 17 - - os: ubuntu-latest - java-version: 21 - - os: ubuntu-24.04-arm - java-version: 21 - timeout-minutes: 120 - steps: - - uses: actions/checkout@v5 - - - uses: actions/setup-java@v5 - with: - java-version: ${{matrix.java-version}} - distribution: 'temurin' - cache: 'maven' - - - name: Build and test timefold-solver - run: ./mvnw -B verify - - - name: Test Summary - uses: test-summary/action@2920bc1b1b377c787227b204af6981e8f41bbef3 - with: - paths: "**/TEST-*.xml" - show: "fail" - if: always() - - # Exists to check long-running goals, such as docs. - # Tests are skipped as there is plenty of CI that runs them. - java_full: - name: "Java Solver (with flag -Dfull, no tests)" + disabled: + if: ${{ false }} runs-on: ubuntu-latest - timeout-minutes: 120 steps: - - uses: actions/checkout@v5 - - - uses: actions/setup-java@v5 - with: - java-version: 25 - distribution: 'temurin' - cache: 'maven' - - - name: Build timefold-solver using flag -Dfull - run: ./mvnw -DskipTests -Dfull -B verify - - spring_boot: - name: "Spring Boot" - concurrency: - group: pull_request_native-${{ github.event_name }}-${{ github.head_ref }}-${{ matrix.spring-version }} - cancel-in-progress: true - runs-on: ubuntu-latest - strategy: - matrix: - spring-version: ["3.3", "3.4"] - - timeout-minutes: 120 - steps: - - uses: actions/checkout@v5 - - uses: actions/setup-java@v5 - with: - java-version: 25 # Latest LTS - distribution: 'temurin' - cache: 'maven' - - # Reading the latest Spring Boot version from Maven Central often fails. - # Since this information rarely changes, we can cache it, preventing CI failures. - - name: Cache Spring Boot version - id: cache-spring-boot-version - uses: actions/cache@v4 - with: - path: spring-boot-version - key: spring-boot-version-${{ matrix.spring-version }} - - name: Get Spring Boot version if not cached - if: steps.cache-spring-boot-version.outputs.cache-hit != 'true' - run: | - echo "$(curl -s 'https://search.maven.org/solrsearch/select?q=g:org.springframework.boot+AND+a:spring-boot-starter+AND+v:${{ matrix.spring-version }}.*' | jq -r '.response.docs[0].v')" >> spring-boot-version - if [ "$(head -n 1 spring-boot-version | cut -c1-3)" = "${{ matrix.spring-version }}" ]; then - exit 0 - else - exit 1 - fi - - name: Set Spring Boot version in Maven - run: | - SPRING_VERSION=$(cat spring-boot-version) - echo "Using Spring Boot version $SPRING_VERSION" - ./mvnw versions:set-property -Dproperty=version.org.springframework.boot -DnewVersion=$SPRING_VERSION - - - name: Quickly build timefold-solver - run: ./mvnw -B -Dquickly clean install - - name: Test Spring Boot - run: | - cd spring-integration - ../mvnw -B verify - - name: Test Summary - uses: test-summary/action@2920bc1b1b377c787227b204af6981e8f41bbef3 - with: - paths: "**/TEST-*.xml" - show: "fail" - if: always() - - native: - name: "Native Image" - concurrency: - group: pull_request_native-${{ github.event_name }}-${{ github.head_ref }}-${{matrix.os}}-${{ matrix.module }}-${{ matrix.java-version }} - cancel-in-progress: true - runs-on: ${{matrix.os}} - strategy: - matrix: - os: [ ubuntu-latest, ubuntu-24.04-arm ] # Windows doesn't work, Mac is not a deploy OS. - module: ["spring-integration", "quarkus-integration"] - java-version: [ 17, 21, 25 ] # LTS + latest. - exclude: - # Quarkus 3.17.2 has weird issues with Java 17 GraalVM, - # with Java 21+ GraalVM being recommended even for - # Java 17 projects. - # https://github.com/quarkusio/quarkus/issues/44877 - - module: "quarkus-integration" - java-version: 17 - timeout-minutes: 120 - steps: - - uses: actions/checkout@v5 - - - uses: graalvm/setup-graalvm@eec48106e0bf45f2976c2ff0c3e22395cced8243 # v1 - with: - java-version: ${{matrix.java-version}} - distribution: 'graalvm-community' - github-token: ${{ secrets.GITHUB_TOKEN }} - cache: 'maven' - - - name: Quickly build timefold-solver - run: ./mvnw -B -Dquickly clean install - - - name: Test timefold-solver in Native mode - run: | - cd ${{matrix.module}} - ../mvnw -B -Dnative verify - - - name: Test Summary - uses: test-summary/action@2920bc1b1b377c787227b204af6981e8f41bbef3 - with: - paths: "**/TEST-*.xml" - show: "fail" - if: always() + - run: echo "Disabled in this fork. Use the manual Publish to GitHub Packages workflow." diff --git a/.github/workflows/pull_request_quickstarts.yml b/.github/workflows/pull_request_quickstarts.yml index dafad0ae0b7..576f2906a59 100644 --- a/.github/workflows/pull_request_quickstarts.yml +++ b/.github/workflows/pull_request_quickstarts.yml @@ -1,79 +1,11 @@ -name: Quickstarts Workflow - -env: - NODE_OPTIONS: "--max_old_space_size=4096" +name: Quickstarts Workflow (disabled in fork) on: - push: - branches: [main] - pull_request: - branches: [main, '*.x'] - types: - - opened - - reopened - - synchronize - paths-ignore: - - 'LICENSE*' - - '.gitignore' - - '**.md' - - '**.adoc' - - '*.txt' + workflow_dispatch: jobs: - java: - name: "Java Quickstarts" + disabled: + if: ${{ false }} runs-on: ubuntu-latest - concurrency: - group: downstream-quickstarts-${{ github.event_name }}-${{ github.head_ref }} - cancel-in-progress: true - timeout-minutes: 120 steps: - # Clone timefold-solver - # No need to check for stale repo, as Github merges the main repo into the fork automatically. - - name: Checkout timefold-solver - uses: actions/checkout@v5 - with: - path: ./timefold-solver - - # Clone timefold-quickstarts - # Need to check for stale repo, since Github is not aware of the build chain and therefore doesn't automate it. - - name: Checkout timefold-quickstarts (PR) # Checkout the PR branch first, if it exists - if: github.head_ref # Only true if this is a PR. - id: checkout-quickstarts-pr - uses: actions/checkout@v5 - continue-on-error: true - with: - repository: ${{ github.actor }}/timefold-quickstarts - ref: ${{ github.head_ref }} - path: ./timefold-quickstarts - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - name: Checkout timefold-quickstarts (development) # Checkout the development branch if the PR branch does not exist - if: ${{ steps.checkout-quickstarts-pr.outcome != 'success' }} - uses: actions/checkout@v5 - with: - repository: TimefoldAI/timefold-quickstarts - ref: development - path: ./timefold-quickstarts - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - # Build and test - - name: Setup Temurin 25 and Maven - uses: actions/setup-java@v5 - with: - java-version: '25' - distribution: 'temurin' - cache: 'maven' - - name: Quickly build timefold-solver - working-directory: ./timefold-solver - shell: bash - run: ./mvnw -B -Dquickly clean install - - name: Build and test timefold-quickstarts - working-directory: ./timefold-quickstarts - shell: bash - run: mvn -B clean verify - - name: Test Summary - uses: test-summary/action@2920bc1b1b377c787227b204af6981e8f41bbef3 - with: - paths: "**/TEST-*.xml" - show: "fail" - if: always() + - run: echo "Disabled in this fork. Use the manual Publish to GitHub Packages workflow." diff --git a/.github/workflows/pull_request_secure.yml b/.github/workflows/pull_request_secure.yml index 3dd96c3db5d..f853cc88a64 100644 --- a/.github/workflows/pull_request_secure.yml +++ b/.github/workflows/pull_request_secure.yml @@ -1,312 +1,11 @@ -# Jobs in this workflow deal with secrets. -# Since they may be executed from forks by untrusted users, -# we need to ensure that the user is a member of the organization -# or that there is explicit approval for their jobs to run. -name: Secured Workflow - -env: - NODE_OPTIONS: "--max_old_space_size=4096" +name: Secured Workflow (disabled in fork) on: - push: - branches: [ main ] - # There are two differences to "pull_request" here: - # - The workflow will receive secrets, even in PRs from forks. - # - The workflow will be executed automatically, without requiring a manual approval. - # Therefore the workflow needs to be explicitly secured; see "known_user" and "approval_required" jobs below. - pull_request_target: - branches: [ main ] # Benchmarks aren't branched, so they will only ever work against current main. - types: - - opened - - reopened - - synchronize - paths-ignore: - - 'LICENSE*' - - '.gitignore' - - '**.md' - - '*.txt' + workflow_dispatch: jobs: - # Check if the user is a member of the organization; if so, allow the PR to sail through. - known_user: - runs-on: ubuntu-latest - outputs: - is_member_of_org: ${{ steps.auth_check.outputs.authorized }} - steps: - - id: auth_check - env: - GH_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Release account is a Solver Gatekeeper. - shell: bash - run: | - # -g to allow actors such as dependabot[bot] - ORG_MEMBERSHIP=`curl -g -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` - echo "authorized=$ORG_MEMBERSHIP" >> "$GITHUB_OUTPUT" - - id: validation - shell: bash - run: | - echo "Authorized user: ${{ steps.auth_check.outputs.authorized }}" - # If the user is not a member, require a member to approve the PR. - approval_required: - needs: known_user - environment: - ${{ - github.event_name == 'pull_request_target' && - github.event.pull_request.head.repo.full_name != github.repository && - (needs.known_user.outputs.is_member_of_org != 'true' || github.actor == 'dependabot[bot]') && - 'external' || 'internal' - }} - runs-on: ubuntu-latest - steps: - - run: true - integration-tests: - needs: approval_required - name: Integration Tests - runs-on: ubuntu-latest - concurrency: - group: pr-${{ github.event_name }}-${{ github.head_ref }} - cancel-in-progress: true - steps: - # Clone timefold-solver - # No need to check for stale repo, as Github merges the main repo into the fork automatically. - - name: Checkout timefold-solver - uses: actions/checkout@v5 - with: - path: ./timefold-solver - ref: ${{ github.event.pull_request.head.sha }} # The GHA event will pull the main branch by default, and we must specify the PR reference version - - - name: Setup Temurin 25 and Maven - uses: actions/setup-java@v5 - with: - java-version: '25' - distribution: 'temurin' - cache: 'maven' - - - name: Quickly build timefold-solver - working-directory: ./timefold-solver - shell: bash - run: ./mvnw -B -Dquickly clean install - - # Clone timefold-solver-enterprise - - name: Checkout timefold-solver-enterprise (PR) # Checkout the PR branch first, if it exists - id: checkout-solver-enterprise - uses: actions/checkout@v5 - continue-on-error: true - with: - repository: TimefoldAI/timefold-solver-enterprise - ref: ${{ github.head_ref }} - token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Safe; only used to clone the repo and not stored in the fork. - path: ./timefold-solver-enterprise - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - name: Checkout timefold-solver-enterprise (main) # Checkout the main branch if the PR branch does not exist - if: steps.checkout-solver-enterprise.outcome != 'success' - uses: actions/checkout@v5 - with: - repository: TimefoldAI/timefold-solver-enterprise - ref: main - token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Safe; only used to clone the repo and not stored in the fork. - path: ./timefold-solver-enterprise - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - - name: Quickly build timefold-solver-enterprise - working-directory: ./timefold-solver-enterprise - shell: bash - run: ./mvnw -B -Dquickly clean install - - # Clone timefold-solver-benchmarks - - name: Checkout timefold-solver-benchmarks (PR) # Checkout the PR branch first, if it exists - if: github.head_ref # Only true if this is a PR. - id: checkout-solver-benchmarks-pr - uses: actions/checkout@v5 - continue-on-error: true - with: - repository: TimefoldAI/timefold-solver-benchmarks - ref: ${{ github.head_ref }} - path: ./timefold-solver-benchmarks - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - name: Checkout timefold-solver-benchmarks (main) # Checkout the main branch if the PR branch does not exist - if: ${{ steps.checkout-solver-benchmarks-pr.outcome != 'success' }} - uses: actions/checkout@v5 - with: - repository: TimefoldAI/timefold-solver-benchmarks - ref: main - path: ./timefold-solver-benchmarks - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - - name: Build and test timefold-solver-benchmarks - working-directory: ./timefold-solver-benchmarks - shell: bash - run: ./mvnw -B -DskipJMH clean verify - - name: Test Summary - uses: test-summary/action@2920bc1b1b377c787227b204af6981e8f41bbef3 - with: - paths: "**/TEST-*.xml" - show: "fail" - if: always() - enterprise-java: - needs: approval_required - name: Enterprise Edition (Java) + disabled: + if: ${{ false }} runs-on: ubuntu-latest - concurrency: - group: downstream-enterprise-${{ github.event_name }}-${{ github.head_ref }} - cancel-in-progress: true - timeout-minutes: 120 steps: - # Clone timefold-solver - # No need to check for stale repo, as Github merges the main repo into the fork automatically. - - name: Checkout timefold-solver - uses: actions/checkout@v5 - with: - path: ./timefold-solver - ref: ${{ github.event.pull_request.head.sha }} # The GHA event will pull the main branch by default, and we must specify the PR reference version - - # Clone timefold-solver-enterprise - # Need to check for stale repo, since Github is not aware of the build chain and therefore doesn't automate it. - - name: Checkout timefold-solver-enterprise (PR) # Checkout the PR branch first, if it exists - id: checkout-solver-enterprise - uses: actions/checkout@v5 - continue-on-error: true - with: - repository: TimefoldAI/timefold-solver-enterprise - ref: ${{ github.head_ref }} - token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Safe; only used to clone the repo and not stored in the fork. - path: ./timefold-solver-enterprise - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - name: Checkout timefold-solver-enterprise (main) # Checkout the main branch if the PR branch does not exist - if: steps.checkout-solver-enterprise.outcome != 'success' - uses: actions/checkout@v5 - with: - repository: TimefoldAI/timefold-solver-enterprise - ref: main - token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Safe; only used to clone the repo and not stored in the fork. - path: ./timefold-solver-enterprise - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - # Build and test - - name: Setup Temurin 17 and Maven - uses: actions/setup-java@v5 - with: - java-version: '17' - distribution: 'temurin' - cache: 'maven' - - name: Quickly build timefold-solver - working-directory: ./timefold-solver - shell: bash - run: ./mvnw -B -Dquickly clean install - - name: Build and test timefold-solver-enterprise - working-directory: ./timefold-solver-enterprise - shell: bash - run: ./mvnw -B clean verify - - name: Test Summary - uses: test-summary/action@2920bc1b1b377c787227b204af6981e8f41bbef3 - with: - paths: "**/TEST-*.xml" - show: "fail" - if: always() - - build_documentation: - runs-on: ubuntu-latest - needs: approval_required - name: Build Documentation - environment: - name: "documentation (preview)" - url: ${{ steps.deploy.outputs.deployment-url }} - env: - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - steps: - - name: Checkout frontend - id: checkout-frontend - uses: actions/checkout@v5 - with: - repository: TimefoldAI/frontend - token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Safe; only used to clone the repo and not stored in the fork. - fetch-depth: 0 # Otherwise merge will fail on account of not having history. - - name: Install pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 - - name: Set up NodeJs - uses: actions/setup-node@v6 - with: - node-version-file: .nvmrc - cache: pnpm - - - name: Checkout timefold-solver - uses: actions/checkout@v5 - with: - repository: "${{ github.event.pull_request.head.repo.owner.login || 'TimefoldAI' }}/timefold-solver" - ref: ${{ github.event.pull_request.head.sha || 'main' }} # The GHA event will pull the main branch by default, and we must specify the PR reference version - path: "./timefold-solver" - fetch-depth: 0 - - - name: Install yq - run: | - sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq - sudo chmod +x /usr/bin/yq - - - name: Updating Antora configuration - working-directory: "./timefold-solver" - run: | - echo "=== Updating antora.yml" - sed -i "s/\${project\.version}b0/SNAPSHOT/g" docs/src/antora.yml - sed -i "s/\${project\.version}/SNAPSHOT/g" docs/src/antora.yml - sed -i "s/\${maven\.compiler\.release}/$(find build/build-parent/ -name pom.xml -exec grep '' {} \;|tail -n 1|cut -d\> -f1 --complement|cut -d\< -f1)/g" docs/src/antora.yml - sed -i "s/\${maven\.min\.version}/$(find build/build-parent/ -name pom.xml -exec grep '' {} \;|tail -n 1|cut -d\> -f1 --complement|cut -d\< -f1)/g" docs/src/antora.yml - sed -i "s/\${version\.io\.quarkus}/$(find build/build-parent/ -name pom.xml -exec grep '' {} \;|tail -n 1|cut -d\> -f1 --complement|cut -d\< -f1)/g" docs/src/antora.yml - sed -i "s/\${version\.org\.springframework\.boot}/$(find build/build-parent/ -name pom.xml -exec grep '' {} \;|tail -n 1|cut -d\> -f1 --complement|cut -d\< -f1)/g" docs/src/antora.yml - sed -i "s/\${version\.ch\.qos\.logback}/$(find build/build-parent/ -name pom.xml -exec grep '' {} \;|tail -n 1|cut -d\> -f1 --complement|cut -d\< -f1)/g" docs/src/antora.yml - sed -i "s/\${version\.exec\.plugin}/$(find build/build-parent/ -name pom.xml -exec grep '' {} \;|tail -n 1|cut -d\> -f1 --complement|cut -d\< -f1)/g" docs/src/antora.yml - sed -i "s/\${version\.rewrite\.plugin}/$(find . -name pom.xml -exec grep '' {} \;|tail -n 1|cut -d\> -f1 --complement|cut -d\< -f1)/g" docs/src/antora.yml - cat docs/src/antora.yml - - - name: Build Documentation - working-directory: "./" - env: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - run: | - yq -i e 'del(.content.sources)' apps/docs/antora-playbook.yml - yq -i e 'del(.site.keys)' apps/docs/antora-playbook.yml - yq -i e '.content.sources += [{"url": "../../timefold-solver", "start_path": "docs/src"}]' apps/docs/antora-playbook.yml - pnpm install --frozen-lockfile - pnpm build --filter @timefoldai/docs - - - name: Deploy Documentation (Preview Mode) - if: ${{ env.BRANCH_NAME != 'main' }} - id: deploy - uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3 - with: - apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} - accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - workingDirectory: ./apps/docs - command: pages deploy ./public-serve --project-name=timefold-docs --branch=${{ github.ref }} - packageManager: pnpm - - sonarcloud: - needs: approval_required - name: SonarCloud - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - ref: ${{ github.event.pull_request.head.sha }} # The GHA event will pull the main branch by default, and we must specify the PR reference version - - name: Set up JDK 17 - uses: actions/setup-java@v5 - with: - java-version: 17 - distribution: 'temurin' - cache: 'maven' - - name: Cache SonarCloud packages - uses: actions/cache@v4 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Build with Maven to measure code coverage # The ENV variables are limited to the scope of the current step. Avoid adding sensitive ENV variables here as the tests could leak them. - run: ./mvnw -B clean install -Prun-code-coverage - - - name: Run analysis - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Needed to run the SonarCloud analysis - PR_NUMBER: ${{ github.event.pull_request.number }} - PR_BRANCH: ${{ github.event.pull_request.head.ref }} - PR_SHA: ${{ github.event.pull_request.head.sha }} - run: ./mvnw -B -Psonarcloud-analysis validate org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.organization=timefold -Dsonar.projectKey=ai.timefold:timefold-solver -Dsonar.host.url=https://sonarcloud.io -Dsonar.pullrequest.key="$PR_NUMBER" -Dsonar.pullrequest.branch="$PR_BRANCH" -Dsonar.scm.revision="$PR_SHA" + - run: echo "Disabled in this fork. Use the manual Publish to GitHub Packages workflow." diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 82ef4553a14..763d9af38ae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,93 +1,41 @@ -# Axioms of the release pipeline: -# - Each release starts from timefold-solver by running this Github Action. -# - Each individual repository can only start its own release when its dependencies are fully released. -# timefold-solver-enterprise depends on timefold-solver -# timefold-quickstarts depends on timefold-solver -# timefold-website releases last -# - Each individual repository uses 999-SNAPSHOT as its development version, even on micro branches. -# -# Should any of these axioms change, the release pipeline will need to be (significantly) refactored. -# 0.8.x releases existed before this pipeline; they are done differently, similarities are coincidental. - -name: Release +name: Publish to GitHub Packages on: workflow_dispatch: inputs: version: - description: 'Release version (e.g. 1.0.0)' + description: "Release version (e.g. 1.0.0)" required: true sourceBranch: - description: 'Branch to cut the release from' + description: "Branch or tag to build from" default: main required: true - dryRun: - description: 'Do a dry run? (true or false)' - default: true - required: true jobs: - build: - env: - MAVEN_ARGS: "--no-transfer-progress --batch-mode" - RELEASE_BRANCH_NAME: "__timefold_release_branch__" - runs-on: self-hosted + publish: + runs-on: ubuntu-latest permissions: - contents: write # IMPORTANT: required for action to create release branch - pull-requests: write # IMPORTANT: so release PR can be created - id-token: write # IMPORTANT: mandatory for trusted publishing - attestations: write # IMPORTANT: mandatory for attestations + contents: read + packages: write steps: - - name: Checkout timefold-solver + - name: Checkout uses: actions/checkout@v5 with: fetch-depth: 0 - ref: ${{ github.event.inputs.sourceBranch }} - - - name: Delete release branch (if exists) - continue-on-error: true - run: git push -d origin $RELEASE_BRANCH_NAME + ref: ${{ inputs.sourceBranch }} - - name: Create release branch and switch to it - run: | - git config user.name "Timefold Release Bot" - git config user.email "release@timefold.ai" - git checkout -b $RELEASE_BRANCH_NAME - - - uses: actions/setup-java@v5 + - name: Set up Java and Maven for GitHub Packages + uses: actions/setup-java@v5 with: - java-version: '17' - distribution: 'temurin' - cache: 'maven' + java-version: "17" + distribution: "temurin" + cache: "maven" + server-id: github + server-username: GITHUB_ACTOR + server-password: GITHUB_TOKEN - # We skip tests in dry run, to make the process faster. - # Technically, this goes against the main reason for doing a dry run; to eliminate potential problems. - # But unless something catastrophic happened, PR checks on source branch already ensured that all tests pass. - - name: Set release version and build release - run: | - ./mvnw -Dfull versions:set -DnewVersion=${{ github.event.inputs.version }} - ./mvnw -Dfull deploy -DskipTests=${{ github.event.inputs.dryRun }} -DaltDeploymentRepository=local::default::file://`pwd`/target/staging-deploy - cp docs/target/antora.yml docs/src/antora.yml - git add docs/src/antora.yml - find . -name 'pom.xml' | xargs git add - git commit -m "build: release version ${{ github.event.inputs.version }}" - git push origin $RELEASE_BRANCH_NAME + - name: Set project version + run: ./mvnw --batch-mode -Dfull versions:set -DnewVersion=${{ inputs.version }} -DgenerateBackupPoms=false - - name: Run JReleaser - uses: jreleaser/release-action@80ffb38fa759704eed4db5c7fcaae3ac1079473e # v2 + - name: Build and publish to GitHub Packages + run: ./mvnw --batch-mode -Dfull deploy env: - JRELEASER_DRY_RUN: ${{ github.event.inputs.dryRun }} - JRELEASER_PROJECT_VERSION: ${{ github.event.inputs.version }} - JRELEASER_GITHUB_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} - JRELEASER_GPG_PASSPHRASE: ${{ secrets.JRELEASER_GPG_PASSPHRASE }} - JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.JRELEASER_GPG_PUBLIC_KEY }} - JRELEASER_GPG_SECRET_KEY: ${{ secrets.JRELEASER_GPG_SECRET_KEY }} - JRELEASER_MAVENCENTRAL_USERNAME: ${{ secrets.JRELEASER_MAVEN_CENTRAL_TOKEN_USER }} - JRELEASER_MAVENCENTRAL_PASSWORD: ${{ secrets.JRELEASER_MAVEN_CENTRAL_TOKEN }} - - - name: JReleaser release output - uses: actions/upload-artifact@v5 - if: always() - with: - name: jreleaser-release - path: | - out/jreleaser/trace.log - out/jreleaser/output.properties + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/pom.xml b/pom.xml index 55e41b256d3..c48935b67f6 100644 --- a/pom.xml +++ b/pom.xml @@ -27,6 +27,8 @@ + + ${env.GITHUB_REPOSITORY} 3.12.0 6.23.0 3.3.1 @@ -70,6 +72,14 @@ migration + + + github + GitHub Packages + https://maven.pkg.github.com/${github.repository} + + +