[ci] Improve Github Actions Workflows

**Problem description:**
Currently we have one big job, that does all the things. If something goes wrong, one needs to drill down to the logs to figure out when and what exactly has failed.
Also the big job runs very long, which means we get slow feedback.

<details>
  <summary>Thoughts on improvements</summary>

* Have a first job, that just builds, to make the workflow fail fast. No need to run the workflows on other operating systems, if it fails already.
* Avoid to rebuild over and over again by using artifacts to exchange data between different jobs.
* The "regression tester run" should be a separate job. It should produce an artifact with the report, that can be downloaded from the run.
* The "dogfood run" should be a separate job.
* The pull request workflow should be restructured, so that we can make use of the full permissions. Currently we don't have access to the secrets, so we can do only limited things and basically need a public pmd-bot account, that comments the PR for us.
  * As described here: https://stackoverflow.com/questions/69499645/how-to-securely-allow-github-actions-to-check-pr-and-post-results-in-comment/71366152#71366152
  * The PR workflow would build PMD with that changes and trigger a QA workflow
  * The QA workflow would then run regression tester and upload the results and record the result as a PR check (and not just a comment)
* The current CI solution is heavily using bash scripts from build-tools. Maybe this can be simplified. Ideally we are still able to run a build/create release even if github is down (beware of vendor lock in).
* For the release task, maybe skip the tests? The tests have been executed anyway before, the only change would be the version change...
* For every job, that builds PMD, publish the artifacts from pmd-dist as build outputs, so that one can download the PMD version with that change included - that could make it easier to test, etc.
* Ideally, the jobs are idempotent and can be run again without doing harm. E.g. it should be easy to rerun a release build, if e.g. some external service failed. Ideally only the parts, that weren't executed yet would be executed again.
* Get rid of the extra https://github.com/pmd-bot account
* These are only some vague ideas that need to be fleshed out in detail

</details>

**Constraints:**
* when changing the workflows, we need to make sure we are still able to release a new version and also release a bugfix version from a maintenance branch. This might mean, that we need to backport/cherry-pick the change into the maintenance branch (when needed).

**Tasks:**

- [x] #5524 
- [x] #5556 
  - Publish artifacts from pull request builds
  - Applying best practices from secure access to secrets: https://stackoverflow.com/questions/69499645/how-to-securely-allow-github-actions-to-check-pr-and-post-results-in-comment/71366152#71366152
  - Get rid of public pmd-bot/pmd-test account
  - Using workflow trigger to upload to some hosting platform
  - Especially useful for documentation and regression tester report
- [x] #5728 
- [x] https://github.com/pmd/build-tools/pull/68
- [x] https://github.com/pmd/pmd-designer/pull/168
- [x] https://github.com/pmd/pmd-eclipse-plugin/pull/271
- [x] https://github.com/pmd/pmd-regression-tester/pull/131
- [x] #5584
- [x] Improvements via reuseable workflow
  - pmd/build-tools#70
  - pmd/pmd-eclipse-plugin#272
  - pmd/pmd-designer#170
  - pmd/pmd-regression-tester#133
  - pmd/pmd#5743
- [x] #5730
- [x] #5745
  - New optimized workflow for RELEASE builds from tags
  - do everything, what is currently done, plus:
  - api-docs - provide a stable latest symlink on release, e.g. https://docs.pmd-code.org/apidocs/pmd-core/LATEST/
  - Upload pmd-regression-tester baselines to sourceforge for archiving
  - Maybe don't use a cache for local maven repository, ensuring we don't use a stale dependencies on release. If there is something wrong with the dependencies, the release should fail
  - Consider idempotency - if some part fails for external reasons (network unavailable...), we want to redo it, if possible
  - Maybe start off with a copy of publish-snapshot
- [x] #5909
  - [ci] New nightly build workflow to publish a pre-release
  - that's an extension to publish-snapshot
- [x] Get rid of the extra https://github.com/pmd-bot account
  - This is not needed anymore. It was needed to push branch gh-pages in pmd/pmd. But that is now handled via custom GitHub App "PMD Actions Helper".
- [x] Cleanup/delete old scripts and keys
  - e.g. from pmd/build-tools and pmd/pmd:.ci/README.md
  - in all repos ".ci/build.sh" etc.
  - pmd/pmd: already done: #5745
  - pmd/eclipse-plugin: already done: https://github.com/pmd/pmd-eclipse-plugin/commit/cee1d218b6432ce15484d6b354076b1a88ad2f91
  - pmd/pmd-designer: https://github.com/pmd/pmd-designer/pull/207
  - pmd/build-tools: https://github.com/pmd/build-tools/pull/86


**Related issues:**
* #4130 


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[ci] Improve Github Actions Workflows #4328

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[ci] Improve Github Actions Workflows #4328

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions