Migrate to jackson 3 #85
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Check | |
| on: | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| check-changes: | |
| name: Check what files changed | |
| runs-on: ubuntu-latest | |
| outputs: | |
| opa-evaluator: ${{ steps.changes.outputs.opa-evaluator }} | |
| opa-jackson: ${{ steps.changes.outputs.opa-jackson }} | |
| opa-services: ${{ steps.changes.outputs.opa-services }} | |
| opa-builtins: ${{ steps.changes.outputs.opa-builtins }} | |
| opa-slf4j: ${{ steps.changes.outputs.opa-slf4j }} | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Download OPA | |
| uses: open-policy-agent/setup-opa@v2 | |
| with: | |
| version: latest | |
| - name: Check for file changes | |
| id: changes | |
| run: | | |
| set -e | |
| echo "opa-evaluator=true" >> $GITHUB_OUTPUT | |
| echo "opa-jackson=true" >> $GITHUB_OUTPUT | |
| echo "opa-services=true" >> $GITHUB_OUTPUT | |
| echo "opa-builtins=true" >> $GITHUB_OUTPUT | |
| echo "opa-slf4j=true" >> $GITHUB_OUTPUT | |
| if ! curl -s -o changed_files.json -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"; then | |
| echo "Failed to fetch changed files, defaulting to running all checks" | |
| exit 0 | |
| fi | |
| if [ ! -s changed_files.json ]; then | |
| echo "No changed files found, defaulting to running all checks" | |
| exit 0 | |
| fi | |
| echo "Changed files:" | |
| jq -r '.[].filename' changed_files.json | |
| opa eval \ | |
| --data tools/policy/pr-check/pr_check.rego \ | |
| --input changed_files.json \ | |
| --format pretty \ | |
| 'data.policy["pr-check"]' > opa_result.json | |
| echo "OPA result:" | |
| cat opa_result.json | |
| opa_evaluator=$(jq -r '.changes["opa-evaluator"] // false' opa_result.json) | |
| opa_jackson=$(jq -r '.changes["opa-jackson"] // false' opa_result.json) | |
| opa_services=$(jq -r '.changes["opa-services"] // false' opa_result.json) | |
| opa_builtins=$(jq -r '.changes["opa-builtins"] // false' opa_result.json) | |
| opa_slf4j=$(jq -r '.changes["opa-slf4j"] // false' opa_result.json) | |
| echo "opa-evaluator=${opa_evaluator}" >> $GITHUB_OUTPUT | |
| echo "opa-jackson=${opa_jackson}" >> $GITHUB_OUTPUT | |
| echo "opa-services=${opa_services}" >> $GITHUB_OUTPUT | |
| echo "opa-builtins=${opa_builtins}" >> $GITHUB_OUTPUT | |
| echo "opa-slf4j=${opa_slf4j}" >> $GITHUB_OUTPUT | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| lint: | |
| name: Checkstyle & PMD | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: ./gradlew checkstyleMain checkstyleTest pmdMain pmdTest | |
| validate-pom: | |
| name: Validate Publish POMs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - name: Generate POMs | |
| run: ./gradlew generatePomFileForMavenPublication | |
| # Maven's built-in model validator catches the rule that bit us at v0.1.0: | |
| # `'dependencies.dependency.version' for X is missing`. Resolves BOM imports | |
| # (jackson-bom etc.), so deps managed via <dependencyManagement> are accepted. | |
| # Does NOT check Central-specific completeness rules (name/description/license/scm) — | |
| # the release gate (publishToMavenCentral against Central Portal) covers those. | |
| - name: Validate POMs via Maven's model validator | |
| run: | | |
| set -e | |
| failed=0 | |
| for pom in $(find . -path '*/build/publications/maven/pom-default.xml'); do | |
| echo "::group::$pom" | |
| mvn -B --no-transfer-progress -f "$pom" validate || failed=1 | |
| echo "::endgroup::" | |
| done | |
| exit $failed | |
| test-opa-evaluator: | |
| needs: check-changes | |
| if: needs.check-changes.outputs.opa-evaluator == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: ./gradlew :opa-evaluator:test | |
| test-opa-jackson: | |
| needs: check-changes | |
| if: needs.check-changes.outputs.opa-jackson == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: ./gradlew :opa-jackson:test | |
| test-opa-services: | |
| needs: check-changes | |
| if: needs.check-changes.outputs.opa-services == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: ./gradlew :opa-services:test | |
| test-opa-builtins: | |
| needs: check-changes | |
| if: needs.check-changes.outputs.opa-builtins == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: ./gradlew :opa-builtins:test | |
| test-opa-slf4j: | |
| needs: check-changes | |
| if: needs.check-changes.outputs.opa-slf4j == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - uses: gradle/actions/setup-gradle@v6 | |
| - run: ./gradlew :opa-slf4j:test | |
| pr-check-summary: | |
| name: PR Check Summary | |
| runs-on: ubuntu-latest | |
| needs: | |
| - check-changes | |
| - lint | |
| - validate-pom | |
| - test-opa-evaluator | |
| - test-opa-jackson | |
| - test-opa-services | |
| - test-opa-builtins | |
| - test-opa-slf4j | |
| if: always() | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Download OPA | |
| uses: open-policy-agent/setup-opa@v2 | |
| with: | |
| version: latest | |
| - name: Check job results | |
| run: | | |
| echo '${{ toJSON(needs) }}' > input.json | |
| opa eval -d .github/workflows/pull-request.yml \ | |
| --input=input.json \ | |
| '{job | some _, job in data.jobs["pr-check-summary"].needs} & {job | input[job].result in {"failure", "cancelled"}}' \ | |
| --format=raw > failed_jobs.json | |
| if [ "$(cat failed_jobs.json)" != "[]" ]; then | |
| echo "The following required jobs did not complete successfully:" | |
| jq -r '.[]' failed_jobs.json | sed 's/^/- /' | |
| exit 1 | |
| fi | |
| echo "All jobs completed successfully or were skipped" |