Guava + JPMS

.github/workflows/ci.build.yml

@@ -0,0 +1,215 @@
+# Guava GitHub CI
+# ---------------------------------------------------------------------------------------------------------------------
+# This is the main CI build on GitHub for the Google Guava project. This workflow is not invoked directly; instead, the
+# `on.pr.yml` and `on.push.yml` workflows kick in on PR and push events, respectively, and call this workflow as a
+# Reusable Workflow.
+#
+# This workflow can be tested independently of the entrypoint flow through the `workflow_dispatch` hook, which adds a
+# button within the UI of the GitHub repository. You can trigger the workflow from here:
+#
+# https://github.com/google/guava/actions/workflows/ci.build.yml
+#
+# ## Inputs
+#
+# See the set of input parameters underneath the `workflow_call` and `workflow_dispatch` hooks for ways this workflow
+# can be controlled when called.
+#
+# ## SLSA Provenance
+#
+# After building Guava in both JRE and Android variants, this workflow will (if enabled) generate provenance material
+# and upload it to an associated release. Learn more about SLSA here: https://slsa.dev.
+
+name: Build
+
+on:
+ workflow_call:
+ inputs:
+ provenance:
+ type: boolean
+ description: "Provenance"
+ default: false
+ provenance_publish:
+ type: boolean
+ description: "Publish: Provenance"
+ default: true
+ snapshot:
+ type: boolean
+ description: "Publish: Snapshot"
+ default: false
+ repository:
+ type: string
+ description: "Publish Repository"
+ default: "sonatype-nexus-snapshots"
+
+ workflow_dispatch:
+ inputs:
+ provenance:
+ type: boolean
+ description: "Provenance"
+ default: false
+ provenance_publish:
+ type: boolean
+ description: "Publish: Provenance"
+ default: false
+ snapshot:
+ type: boolean
+ description: "Publish: Snapshot"
+ default: true
+ repository:
+ type: string
+ description: "Publish Repository"
+ default: "sonatype-nexus-snapshots"
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+ strategy:
+ fail-fast: false
+ matrix:
+ mode: ["JRE", "Android"]
+ name: "Build Guava (${{ matrix.mode }})"
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ outputs:
+ hashes: ${{ steps.hash.outputs.hashes }}
+ env:
+ ROOT_POM: ${{ matrix.mode == 'Android' && 'android/pom.xml' || 'pom.xml' }}
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.azul.com:443
+ api.github.com:443
+ cdn.azul.com:443
+ dl.google.com:443
+ docs.oracle.com:443
+ errorprone.info:443
+ github.com:443
+ objects.githubusercontent.com:443
+ oss.sonatype.org:443
+ repo.maven.apache.org:443
+ services.gradle.org:443
+ - name: 'Check out repository'
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ persist-credentials: false
+ - name: 'Set up JDK 21'
+ uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
+ with:
+ java-version: 21
+ distribution: 'zulu'
+ cache: 'maven'
+ - name: 'Install'
+ shell: bash
+ run: |
+ ./mvnw \
+ --strict-checksums \
+ -B \
+ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
+ install \
+ -U \
+ -DskipTests=true \
+ -Dmaven.javadoc.skip=false \
+ -Dguava.build.spdx=true \
+ -Dgpg.skip \
+ -f $ROOT_POM
+ - name: Generate hashes
+ shell: bash
+ id: hash
+ if: matrix.mode == 'JRE'
+ run: |
+ echo "Building SLSA provenance material..."
+ ls guava/target/*.jar guava-gwt/target/*.jar guava-testlib/target/*.jar
+ echo "hashes=$(sha256sum guava/target/*.jar guava-gwt/target/*.jar guava-testlib/target/*.jar | base64 -w0)" >> ./provenance-hashes.txt
+ cat ./provenance-hashes.txt >> "$GITHUB_OUTPUT"
+ echo "Gathered provenance hashes:"
+ cat ./provenance-hashes.txt
+ - name: 'Upload artifacts'
+ uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+ if: matrix.mode == 'JRE'
+ with:
+ name: guava-artifacts-${{ matrix.mode == 'Android' && 'android' || 'jre' }}-${{ github.sha }}
+ path: |
+ guava/target/*.jar
+ guava-gwt/target/*.jar
+ guava-testlib/target/*.jar
+ ./provenance-hashes.txt
+ if-no-files-found: warn
+ retention-days: 7
+
+ # Generate SLSA provenance
+ provenance:
+ needs: [build]
+ if: inputs.provenance
+ name: "SLSA Provenance"
+ uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
+ permissions:
+ actions: read
+ id-token: write
+ contents: write
+ with:
+ base64-subjects: "${{ needs.build.outputs.hashes }}"
+ upload-assets: ${{ inputs.provenance_publish }}
+
+ # Publish snapshot JAR
+ publish_snapshot:
+ name: 'Publish Snapshot'
+ needs: [build, provenance]
+ if: inputs.snapshot
+ runs-on: ubuntu-latest
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+ - name: 'Check out repository'
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ - name: 'Set up JDK 21'
+ uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
+ with:
+ java-version: 21
+ distribution: 'zulu'
+ server-id: ${{ inputs.repository }}
+ server-username: CI_DEPLOY_USERNAME
+ server-password: CI_DEPLOY_PASSWORD
+ cache: 'maven'
+ - name: "Download artifacts"
+ uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+ with:
+ name: guava-artifacts-jre-${{ github.sha }}
+ - name: 'Publish'
+ env:
+ CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}
+ CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
+ run: ./util/deploy_snapshot.sh
+
+ generate_docs:
+ permissions:
+ contents: write
+ name: 'Generate Docs'
+ needs: build
+ if: github.event_name == 'push' && github.repository == 'google/guava'
+ runs-on: ubuntu-latest
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+ - name: 'Check out repository'
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ - name: 'Set up JDK 21'
+ uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
+ with:
+ java-version: 21
+ distribution: 'zulu'
+ cache: 'maven'
+ - name: 'Generate latest docs'
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: ./util/update_snapshot_docs.sh

.github/workflows/ci.test.yml

@@ -0,0 +1,116 @@
+# Guava GitHub CI
+# ---------------------------------------------------------------------------------------------------------------------
+# This is the main CI testsuite on GitHub for the Google Guava project. This workflow is not invoked directly; instead,
+# the `on.pr.yml` and `on.push.yml` workflows kick in on PR and push events, respectively, and call this workflow as a
+# Reusable Workflow.
+#
+# This workflow can be tested independently of the entrypoint flow through the `workflow_dispatch` hook, which adds a
+# button within the UI of the GitHub repository. You can trigger the workflow from here:
+#
+# https://github.com/google/guava/actions/workflows/ci.test.yml
+#
+# ## Inputs
+#
+# See the set of input parameters underneath the `workflow_call` and `workflow_dispatch` hooks for ways this workflow
+# can be controlled when called.
+#
+# ## Multi-OS and Multi-JVM Testing
+#
+# Guava is tested against each LTS release at JDK 8 through JDK 21, on Linux and on Windows (starting at JDK 17), and
+# in Android and JRE flavors.
+
+name: Tests
+
+on:
+ workflow_call: {}
+ workflow_dispatch: {}
+
+permissions:
+ contents: read
+
+jobs:
+ test:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ name: "JDK ${{ matrix.java }} ${{ matrix.mode }} (${{ matrix.os }})"
+ strategy:
+ matrix:
+ os: [ ubuntu-latest ]
+ java: [ 8, 11, 17, 21 ]
+ mode: [ 'JRE', 'Android' ]
+ include:
+ - os: windows-latest
+ java: 21
+ mode: JRE
+ - os: windows-latest
+ java: 21
+ mode: Android
+ runs-on: ${{ matrix.os }}
+ outputs:
+ hashes: ${{ steps.hash.outputs.hashes }}
+ env:
+ ROOT_POM: ${{ matrix.mode == 'Android' && 'android/pom.xml' || 'pom.xml' }}
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.azul.com:443
+ api.github.com:443
+ cdn.azul.com:443
+ dl.google.com:443
+ docs.oracle.com:443
+ errorprone.info:443
+ github.com:443
+ objects.githubusercontent.com:443
+ oss.sonatype.org:443
+ repo.maven.apache.org:443
+ services.gradle.org:443
+ - name: 'Check out repository'
+ uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+ with:
+ persist-credentials: false
+ - name: 'Set up JDK ${{ matrix.java }}'
+ uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+ with:
+ java-version: ${{ matrix.java }}
+ distribution: 'zulu'
+ cache: 'maven'
+ - name: 'Install'
+ shell: bash
+ run: |
+ ./mvnw \
+ --strict-checksums \
+ -B \
+ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
+ install \
+ -U \
+ -DskipTests=true \
+ -Dgpg.skip \
+ -Dguava.build.spdx=false \
+ -Dmaven.javadoc.skip=true \
+ -f $ROOT_POM
+ - name: 'Test'
+ shell: bash
+ run: |
+ ./mvnw \
+ --strict-checksums \
+ -B \
+ -P!standard-with-extra-repos \
+ verify \
+ -U \
+ -Dgpg.skip \
+ -Dguava.build.spdx=false \
+ -Dmaven.javadoc.skip=true \
+ -f $ROOT_POM
+ - name: 'Print Surefire reports'
+ # Note: Normally a step won't run if the job has failed, but this causes it to
+ if: ${{ failure() }}
+ shell: bash
+ run: ./util/print_surefire_reports.sh
+ - name: 'Integration Test'
+ if: matrix.java == 11
+ shell: bash
+ run: util/gradle_integration_tests.sh