Skip to content
Zeebe CI

SfvChecksum versioning #6124

Sign in to view logs

SfvChecksum versioning

SfvChecksum versioning #6124

Workflow file for this run

.github/workflows/zeebe-ci.yml at d5fd1ad
name: Zeebe CI
on:
push:
branches:
- main
- stable/*
- release-*
- trying
- staging
paths:
- '.ci/docker/test/*'
- '.github/actions/**'
- '.github/workflows/zeebe-*'
- 'Dockerfile'
- 'bom/*'
- 'build-tools/**'
- 'clients/**'
- 'dist/**'
- 'parent/*'
- 'pom.xml'
- 'zeebe/**'
pull_request:
paths:
- '.ci/docker/test/*'
- '.github/actions/**'
- '.github/workflows/zeebe-*'
- 'Dockerfile'
- 'bom/*'
- 'build-tools/**'
- 'clients/**'
- 'dist/**'
- 'parent/*'
- 'pom.xml'
- 'zeebe/**'
merge_group: { }
workflow_dispatch: { }
workflow_call: { }
concurrency:
cancel-in-progress: true
group: "${{ github.workflow }}-${{ github.ref }}"
defaults:
run:
# use bash shell by default to ensure pipefail behavior is the default
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
env:
DOCKER_PLATFORMS: "linux/amd64,linux/arm64"
jobs:
integration-tests:
name: "[IT] ${{ matrix.name }}"
timeout-minutes: 20
outputs:
flakyTests: ${{ steps.analyze-test-run.outputs.flakyTests }}
runs-on: [ self-hosted, linux, amd64, "16" ]
strategy:
fail-fast: false
matrix:
group: [ modules, qa-integration, qa-update ]
include:
- group: modules
name: "Module Integration Tests"
maven-modules: "'!qa/integration-tests,!qa/update-tests'"
maven-build-threads: 2
maven-test-fork-count: 7
tcc-enabled: 'false'
tcc-concurrency: 1
- group: qa-integration
name: "QA Integration Tests"
maven-modules: "qa/integration-tests"
maven-build-threads: 1
maven-test-fork-count: 10
tcc-enabled: ${{ vars.TCC_ENABLED }}
tcc-concurrency: 1
- group: qa-update
name: "QA Update Tests"
maven-modules: "qa/update-tests"
maven-build-threads: 1
maven-test-fork-count: 10
tcc-enabled: ${{ vars.TCC_ENABLED }}
tcc-concurrency: 2
env:
ZEEBE_TEST_DOCKER_IMAGE: localhost:5000/camunda/zeebe:current-test
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
maven-cache-key-modifier: it-${{ matrix.group }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
with:
maven-extra-args: -T1C -PskipFrontendBuild
- uses: ./.github/actions/build-zeebe-docker
with:
repository: localhost:5000/camunda/zeebe
version: current-test
push: true
distball: ${{ steps.build-zeebe.outputs.distball }}
- name: Setup TCC
if: ${{ matrix.tcc-enabled == 'true' }}
uses: atomicjar/testcontainers-cloud-setup-action@v1
env:
TC_CLOUD_LOGS_VERBOSE: true
TC_CLOUD_CONCURRENCY: ${{ matrix.tcc-concurrency }}
with:
token: ${{ secrets.TC_CLOUD_TOKEN }}
logfile: .testcontainers-agent.log
wait: true
args: >
--private-registry-url=http://localhost:5000
--private-registry-allowed-image-name-globs=camunda/zeebe
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
run: >
./mvnw -B -T ${{ matrix.maven-build-threads }} --no-snapshot-updates
-D forkCount=${{ matrix.maven-test-fork-count }}
-D maven.javadoc.skip=true
-D skipUTs -D skipChecks
-D failsafe.rerunFailingTestsCount=3 -D flaky.test.reportDir=failsafe-reports
-P parallel-tests,extract-flaky-tests
-pl ${{ matrix.maven-modules }}
-f zeebe
verify
| tee "${BUILD_OUTPUT_FILE_PATH}"
- name: Terminate TCC
if: ${{ matrix.tcc-enabled == 'true'}}
uses: atomicjar/testcontainers-cloud-setup-action@v1
with:
action: terminate
- name: Analyze Test Runs
id: analyze-test-run
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: "[IT] ${{ matrix.name }}"
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
job_name: "integration-tests/${{ matrix.group }}"
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
unit-tests:
name: Unit tests
runs-on: [ self-hosted, linux, amd64, "16" ]
timeout-minutes: 30
outputs:
flakyTests: ${{ steps.analyze-test-run.outputs.flakyTests }}
steps:
- uses: actions/checkout@v4
- name: Install and allow strace tests
run: |
sudo apt-get -qq update && sudo apt-get install -y strace
sudo sysctl -w kernel.yama.ptrace_scope=0
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
with:
go: false
maven-extra-args: -T1C -PskipFrontendBuild
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
# we use the verify goal here as flaky test extraction is bound to the post-integration-test
# phase of Maven https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html#default-lifecycle
run: >
./mvnw -T2 -B --no-snapshot-updates
-D skipITs -D skipChecks -D surefire.rerunFailingTestsCount=3
-D junitThreadCount=16
-P skip-random-tests,parallel-tests,extract-flaky-tests
-f zeebe
verify
| tee "${BUILD_OUTPUT_FILE_PATH}"
- name: Normalize artifact name
run: echo "ARTIFACT_NAME=$(echo ${{ matrix.project }} | sed 's/\//-/g')" >> $GITHUB_ENV
- name: Analyze Test Runs
id: analyze-test-run
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: "unit tests"
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
smoke-tests:
name: "[Smoke] ${{ matrix.os }} with ${{ matrix.arch }}"
timeout-minutes: 20
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
os: [ macos, windows, linux ]
arch: [ amd64 ]
include:
- os: macos
runner: macos-latest
- os: windows
runner: windows-latest
- os: linux
runner: [ self-hosted, linux, amd64 ]
- os: linux
runner: "aws-arm-core-4-default"
arch: arm64
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
docker: ${{ matrix.os != 'macos' && matrix.os != 'windows' }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
with:
go: false
maven-extra-args: -T1C -PskipFrontendBuild
- uses: ./.github/actions/build-zeebe-docker
id: build-zeebe-docker
# Currently only Linux runners support building docker images without further ado
if: ${{ runner.os == 'Linux' }}
with:
version: current-test
distball: ${{ steps.build-zeebe.outputs.distball }}
platforms: linux/${{ matrix.arch }}
push: false
- name: Run smoke test on ${{ matrix.arch }}
env:
# For non Linux runners there is no container available for testing, see build-zeebe-docker job
EXCLUDED_TEST_GROUPS: ${{ runner.os != 'Linux' && 'container' }}
run: >
./mvnw -B --no-snapshot-updates
-DskipUTs -DskipChecks -Dsurefire.rerunFailingTestsCount=3
-pl qa/integration-tests
-P smoke-test,extract-flaky-tests
-D excludedGroups=$EXCLUDED_TEST_GROUPS
-f zeebe
verify
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: "[Smoke] ${{ matrix.os }} with ${{ matrix.arch }}"
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
job_name: "smoke-tests/${{ matrix.os }}"
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
property-tests:
name: Property Tests
runs-on: [ self-hosted, linux, amd64, "16" ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
with:
go: false
maven-extra-args: -T1C -PskipFrontendBuild
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
run: >
./mvnw -T1C -B --no-snapshot-updates
-P parallel-tests,include-random-tests
-D junitThreadCount=16
-D skipChecks
-f zeebe
test
| tee "${BUILD_OUTPUT_FILE_PATH}"
- name: Analyze Test Runs
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
# workaround to avoid https://github.com/camunda/zeebe/issues/16604
skipSummary: true
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: Property Tests
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
performance-tests:
name: Performance Tests
runs-on: [ self-hosted, linux, amd64, "16" ]
timeout-minutes: 30
env:
ZEEBE_PERFORMANCE_TEST_RESULTS_DIR: "/tmp/jmh"
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
with:
go: false
maven-extra-args: -T1C -PskipFrontendBuild
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
run: >
./mvnw -B --no-snapshot-updates
-P include-performance-tests
-D skipChecks
-T1C
-f zeebe
test
| tee "${BUILD_OUTPUT_FILE_PATH}"
env:
LARGE_STATE_CONTROLLER_PERFORMANCE_TEST_SIZE_GB: "4"
- name: Analyze Test Runs
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
- name: Summarize test results
if: always()
run: |
echo '## Performance Test Results' >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
FILES="${ZEEBE_PERFORMANCE_TEST_RESULTS_DIR}/*.txt"
for file in $FILES; do
cat "${file}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
done
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: Performance Tests
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
go-client:
name: Go client tests
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
with:
maven-extra-args: -T1C -PskipFrontendBuild
- uses: ./.github/actions/build-zeebe-docker
id: build-zeebe-docker
with:
repository: camunda/zeebe
version: current-test
distball: ${{ steps.build-zeebe.outputs.distball }}
- name: Run Go tests
working-directory: clients/go
run: go test -mod=vendor -v ./...
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
go-lint:
name: Go linting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
java: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
# fixed to avoid triggering false positive; see https://github.com/golangci/golangci-lint-action/issues/535
version: v1.55.2
# caching issues, see: https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052190775
skip-pkg-cache: true
skip-build-cache: true
working-directory: clients/go
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
go-apidiff:
name: Go Backward Compatibility
runs-on: ubuntu-latest
env:
# bors-ng fails to set ${GITHUB_BASE_REF} to the target PR branch which breaks go-apidiff
# so we use this fixed value as a workaround
GO_CLIENT_BASE_REF: stable/8.5
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
java: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
# Fetching a shallow copy of the ${GITHUB_BASE_REF} branch to check the compatibility against
- name: Fetching Base Branch
run: |
git fetch --depth=1 origin ${{ env.GO_CLIENT_BASE_REF }}
- uses: joelanford/go-apidiff@main
with:
base-ref: origin/${{ env.GO_CLIENT_BASE_REF }}
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
java-checks:
name: Java checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
maven-cache-key-modifier: java-checks
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- run: ./mvnw -T1C -B -D skipTests -P !autoFormat,checkFormat,spotbugs,skipFrontendBuild verify
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
docker-checks:
name: Docker checks
runs-on: ubuntu-latest
services:
# local registry is used as this job needs to push as it builds multi-platform images
registry:
image: registry:2
ports:
- 5000:5000
env:
LOCAL_DOCKER_IMAGE: localhost:5000/camunda/zeebe
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@v3.1.0
with:
config: ./.hadolint.yaml
dockerfile: ./Dockerfile
format: sarif
output-file: ./hadolint.sarif
no-color: true
verbose: true
- name: Upload Hadolint Results
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./hadolint.sarif
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
with:
maven-extra-args: -T1C -PskipFrontendBuild
- uses: ./.github/actions/build-zeebe-docker
id: build-zeebe-docker
with:
# we use a local registry for pushing
repository: ${{ env.LOCAL_DOCKER_IMAGE }}
distball: ${{ steps.build-zeebe.outputs.distball }}
platforms: ${{ env.DOCKER_PLATFORMS }}
# push is needed for multi-arch images as buildkit does not support loading them locally
push: true
- name: Verify Docker image
uses: ./.github/actions/verify-platform-docker
with:
imageName: ${{ env.LOCAL_DOCKER_IMAGE }}
date: ${{ steps.build-zeebe-docker.outputs.date }}
revision: ${{ github.sha }}
version: ${{ steps.build-zeebe-docker.outputs.version }}
platforms: ${{ env.DOCKER_PLATFORMS }}
- name: Observe build status
if: always()
continue-on-error: true
uses: ./.github/actions/observe-build-status
with:
build_status: ${{ contains(steps.*.conclusion, 'failure') && 'failure' || 'success' }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
test-summary:
# Used by the merge queue to check all tests, including the unit test matrix.
# New test jobs must be added to the `needs` lists!
# This name is hard-coded in the branch rules; remember to update that if this name changes
name: Test summary
if: always()
runs-on: ubuntu-latest
outputs:
flakyUnitTests: ${{ needs.unit-tests.outputs.flakyTests }}
flakyIntegrationTests: ${{ needs.integration-tests.outputs.flakyTests }}
needs:
- integration-tests
- unit-tests
- smoke-tests
- property-tests
- performance-tests
- go-client
- java-checks
- go-lint
- go-apidiff
- docker-checks
steps:
- run: exit ${{ ((contains(needs.*.result, 'skipped') || contains(needs.*.result, 'failure')) && 1) || 0 }}
deploy-snapshots:
name: Deploy snapshot artifacts
needs: [ test-summary ]
runs-on: ubuntu-latest
if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
concurrency:
group: deploy-maven-snapshot
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@v3.0.0
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
secret/data/products/zeebe/ci/zeebe ARTIFACTS_USR;
secret/data/products/zeebe/ci/zeebe ARTIFACTS_PSW;
- uses: actions/setup-java@v4.2.1
with:
distribution: 'temurin'
java-version: '21'
# Use CI Nexus as co-located pull-through cache for Maven artifacts via ~/.m2/settings.xml
- name: 'Create settings.xml'
uses: s4u/maven-settings-action@v3.0.0
with:
githubServer: false
servers: |
[{
"id": "camunda-nexus",
"username": "${{ steps.secrets.outputs.ARTIFACTS_USR }}",
"password": "${{ steps.secrets.outputs.ARTIFACTS_PSW }}"
}]
mirrors: '[{"url": "https://repository.nexus.camunda.cloud/content/groups/internal/", "id": "camunda-nexus", "mirrorOf": "zeebe,zeebe-snapshots", "name": "camunda Nexus"}]'
# compile and generate-sources to ensure that the Javadoc can be properly generated; compile is
# necessary when using annotation preprocessors for code generation, as otherwise the symbols are
# not resolve-able by the Javadoc generator
- run: ./mvnw -B -D skipTests -D skipChecks compile generate-sources source:jar javadoc:jar deploy
env:
MAVEN_USERNAME: ${{ steps.secrets.outputs.ARTIFACTS_USR }}
MAVEN_PASSWORD: ${{ steps.secrets.outputs.ARTIFACTS_PSW }}
deploy-docker-snapshot:
name: Deploy snapshot Docker image
needs: [ test-summary ]
runs-on: ubuntu-latest
if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
concurrency:
group: deploy-docker-snapshot
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
docker-token: REGISTRY_HUB_DOCKER_COM_PSW
- uses: ./.github/actions/build-zeebe
id: build-zeebe
with:
maven-extra-args: -T1C -PskipFrontendBuild
- uses: ./.github/actions/build-zeebe-docker
id: build-zeebe-docker
with:
repository: camunda/zeebe
version: SNAPSHOT
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
distball: ${{ steps.build-zeebe.outputs.distball }}
deploy-benchmark-images:
name: Deploy benchmark images
needs: [ test-summary ]
runs-on: ubuntu-latest
if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
concurrency:
group: deploy-benchmark-images
cancel-in-progress: false
permissions:
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v4
- uses: google-github-actions/auth@v2
id: auth
with:
token_format: 'access_token'
workload_identity_provider: 'projects/628707732411/locations/global/workloadIdentityPools/zeebe-gh-actions/providers/gha-provider'
service_account: 'zeebe-gh-actions@zeebe-io.iam.gserviceaccount.com'
- name: Login to GCR
uses: docker/login-action@v3
with:
registry: gcr.io
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- run: ./mvnw -B -D skipTests -D skipChecks -pl zeebe/benchmarks/project -am package
- name: Build Starter Image
run: ./mvnw -pl zeebe/benchmarks/project jib:build -P starter
- name: Build Worker Image
run: ./mvnw -pl zeebe/benchmarks/project jib:build -P worker
deploy-snyk-projects:
name: Deploy Snyk development projects
needs: [ test-summary ]
if: |
github.repository == 'camunda/zeebe' &&
github.event_name == 'push' &&
(startsWith(github.ref_name, 'stable/') || github.ref_name == 'main')
concurrency:
group: deploy-snyk-projects
cancel-in-progress: false
uses: ./.github/workflows/zeebe-snyk.yml
with:
monitor: true
build: true
secrets: inherit
notify-if-failed:
name: Send slack notification on build failure
runs-on: ubuntu-latest
needs: [ test-summary, deploy-snapshots, deploy-docker-snapshot, deploy-snyk-projects ]
if: failure() && github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
steps:
- id: slack-notify
name: Send slack notification
uses: slackapi/slack-github-action@v1.26.0
with:
# For posting a rich message using Block Kit
payload: |
{
"text": ":alarm: Build on `main` failed! :alarm:\n${{ github.event.head_commit.url }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":alarm: Build on `main` failed! :alarm:"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Please check the related commit: ${{ github.event.head_commit.url }}\n \\cc @zeebe-medic"
}
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Detected flaky unit tests:* \n ${{ env.FLAKY_UNIT_TESTS }}"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Detected flaky integration tests:* \n ${{ env.FLAKY_INTEGRATION_TESTS }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
FLAKY_UNIT_TESTS: ${{needs.test-summary.outputs.flakyUnitTests}}
FLAKY_INTEGRATION_TESTS: ${{needs.test-summary.outputs.flakyIntegrationTests}}
auto-merge:
# This workflow will auto merge a PR authored by backport-action.
# It runs only on open PRs ready for review.
#
# It will merge the PR only if it is authored by backport-action and all CI checks are successful
# OR if it is authored by renovate[bot] and all CI checks are successful.
#
# The workflow is divided into multiple sequential jobs to allow giving only minimal permissions to
# the GitHub token passed around.
name: Auto-merge backport, release, and renovate PRs
runs-on: ubuntu-latest
needs: [ test-summary ]
if: |
github.repository == 'camunda/zeebe' &&
github.event_name == 'pull_request' &&
(github.actor == 'backport-action' || github.actor == 'camundait')
permissions:
checks: read
pull-requests: write
env:
GITHUB_TOKEN: ${{ secrets.AUTOMERGE_TOKEN }}
steps:
- uses: actions/checkout@v4
- id: approve-and-merge-backport-renovate
name: Approve and merge backport PR
run: |
gh pr review ${{ github.event.pull_request.number }} --approve
# Call the API directly to work around https://github.com/cli/cli/issues/8352
gh api graphql -f query='mutation PullRequestAutoMerge {enablePullRequestAutoMerge(input: {pullRequestId: "${{ github.event.pull_request.node_id }}"}) {clientMutationId}}'
# This job will trigger another workflow such that it will trigger a re-run of this failing workflow
# We can't automatically do this here, since you can only re-run a workflow if it has finished,
# and while this job is running, the workflow clearly hasn't finished
#
# It will only retry if the workflow failed, the run count is < 3 (to avoid infinite loops), and
# the author is backport-action, renovate, or camundait (for release PRs)
retry-workflow:
name: Retry release, renovate, or backport PRs automatically
needs: [ test-summary ]
if: |
failure() &&
fromJSON(github.run_attempt) < 3 &&
github.repository == 'camunda/zeebe' &&
(github.actor == 'backport-action' || github.actor == 'renovate[bot]' || github.actor == 'camundait') &&
github.event_name != 'merge_queue'
runs-on: ubuntu-latest
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
steps:
- name: Retry workflow run ${{ github.run_id }}
run: gh workflow run retry-workflow.yml -F run_id=${{ github.run_id }}