From 15169f808e2a691e953ce9d43744ea302a079c26 Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Tue, 23 Sep 2025 12:56:47 -0400 Subject: [PATCH 01/10] collect CI metric --- .github/actions/workflow-metrics/action.yml | 100 +++++++++++++++++++ .github/workflows/codebuild-ci.yml | 12 +++ .github/workflows/continuous-integration.yml | 15 ++- 3 files changed, 126 insertions(+), 1 deletion(-) create mode 100644 .github/actions/workflow-metrics/action.yml diff --git a/.github/actions/workflow-metrics/action.yml b/.github/actions/workflow-metrics/action.yml new file mode 100644 index 00000000000..5f907dab016 --- /dev/null +++ b/.github/actions/workflow-metrics/action.yml @@ -0,0 +1,100 @@ +name: Workflow Metrics +description: > + Track and upload workflow metrics to CloudWatch + +runs: + using: composite + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + # will change this to AWS CI role before merging + role-to-assume: arn:aws:iam::886436966712:role/Admin + aws-region: us-west-2 + - name: Upload workflow metrics + shell: bash + run: | + # Determine build job name with matrix values + job_name="${{ github.job }}" + if [ ! -z "${{ matrix.java-version || '' }}" ]; then + job_name="${job_name}(${{ matrix.java-version }})" + fi + if [ ! -z "${{ matrix.os || '' }}" ]; then + job_name="${job_name}(${{ matrix.os }})" + fi + + # Determine success/failure (1 for success, 0 for failure) + if [ "${{ job.status }}" == "success" ]; then + success_value=1 + else + success_value=0 + fi + + # Determine branch (PR target branch or current branch) + if [ ! -z "${{ github.base_ref }}" ]; then + branch_name="${{ github.base_ref }}" + else + branch_name="${{ github.ref_name }}" + fi + + aws cloudwatch put-metric-data \ + --namespace "GitHub/Workflows" \ + --metric-data '[{ + "MetricName": "Success", + "Value": '$success_value', + "Unit": "Count", + "Dimensions": [ + { + "Name": "WorkflowName", + "Value": "${{ github.workflow }}" + }, + { + "Name": "JobName", + "Value": "'$job_name'" + }, + { + "Name": "Repository", + "Value": "${{ github.repository }}" + }, + { + "Name": "Branch", + "Value": "'$branch_name'" + } + ] + }]' + + if [ -z "$WORKFLOW_START_TIME" ]; then + echo "Warning: WORKFLOW_START_TIME not set, skipping metrics upload" + exit 0 + fi + + duration=$(($(date +%s) - $WORKFLOW_START_TIME)) + + # Only track duration for successful workflows + if [ "$success_value" -eq 1 ]; then + aws cloudwatch put-metric-data \ + --namespace "GitHub/Workflows" \ + --metric-data '[{ + "MetricName": "Duration", + "Value": '$duration', + "Unit": "Seconds", + "Dimensions": [ + { + "Name": "WorkflowName", + "Value": "${{ github.workflow }}" + }, + { + "Name": "JobName", + "Value": "'$job_name'" + }, + { + "Name": "Repository", + "Value": "${{ github.repository }}" + }, + { + "Name": "Branch", + "Value": "'$branch_name'" + } + ] + }]' + fi \ No newline at end of file diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml index a20ac4bb3ef..b08a6a96f7e 100644 --- a/.github/workflows/codebuild-ci.yml +++ b/.github/workflows/codebuild-ci.yml @@ -43,6 +43,10 @@ jobs: if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: + - name: Checkout sources + uses: actions/checkout@v2 + - name: Set start time + run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV - name: Verify PRs are not running malicious code if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }} run: | @@ -68,11 +72,16 @@ jobs: echo "cancelling in-progress build: id=$BUILD_ID" aws codebuild stop-build --id $BUILD_ID fi + - name: Upload metrics + if: always() + uses: ./.github/actions/workflow-metrics service-check-batch-and-artifact-size-metrics: if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: + - name: Set start time + run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV - name: Verify PRs are not running malicious code if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }} run: | @@ -155,6 +164,9 @@ jobs: echo If this is expected please add the 'acknowledge-artifact-size-increase' label to this pull request. exit 1 } + - name: Upload metrics + if: always() + uses: ./.github/actions/workflow-metrics release-artifact-size-metrics: if: github.event_name == 'release' diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 8adadc7fa2c..1b7e3a393c1 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -4,7 +4,9 @@ on: pull_request: workflow_dispatch: -permissions: { } +permissions: + id-token: write + contents: read # Allow one instance of this workflow per pull request, and cancel older runs when new changes are pushed concurrency: @@ -29,6 +31,8 @@ jobs: - 17 - 21 steps: + - name: Set start time + run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV - name: Checkout sources uses: actions/checkout@v4 with: @@ -46,6 +50,9 @@ jobs: pwd ls -lsa ./gradlew -Ptest.java.version=${{ matrix.java-version }} jvmTest --stacktrace + - name: Upload metrics + if: always() + uses: ./aws-sdk-kotlin/.github/actions/workflow-metrics - name: Save Test Reports if: failure() uses: actions/upload-artifact@v4 @@ -60,6 +67,9 @@ jobs: matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] steps: + - name: Set start time + shell: bash + run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV - name: Checkout sources uses: actions/checkout@v4 with: @@ -99,6 +109,9 @@ jobs: ./gradlew apiCheck ./gradlew test jvmTest ./gradlew testAllProtocols + - name: Upload metrics + if: always() + uses: ./aws-sdk-kotlin/.github/actions/workflow-metrics - name: Save Test Reports if: failure() uses: actions/upload-artifact@v4 From 57238f95fd63fcef09fd1f0e836f37b21a0514c6 Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 12:57:45 -0400 Subject: [PATCH 02/10] use workflow from repotools --- .github/actions/workflow-metrics/action.yml | 100 ------------------- .github/workflows/codebuild-ci.yml | 52 ++++++++-- .github/workflows/continuous-integration.yml | 53 ++++++++-- 3 files changed, 84 insertions(+), 121 deletions(-) delete mode 100644 .github/actions/workflow-metrics/action.yml diff --git a/.github/actions/workflow-metrics/action.yml b/.github/actions/workflow-metrics/action.yml deleted file mode 100644 index 5f907dab016..00000000000 --- a/.github/actions/workflow-metrics/action.yml +++ /dev/null @@ -1,100 +0,0 @@ -name: Workflow Metrics -description: > - Track and upload workflow metrics to CloudWatch - -runs: - using: composite - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - # will change this to AWS CI role before merging - role-to-assume: arn:aws:iam::886436966712:role/Admin - aws-region: us-west-2 - - name: Upload workflow metrics - shell: bash - run: | - # Determine build job name with matrix values - job_name="${{ github.job }}" - if [ ! -z "${{ matrix.java-version || '' }}" ]; then - job_name="${job_name}(${{ matrix.java-version }})" - fi - if [ ! -z "${{ matrix.os || '' }}" ]; then - job_name="${job_name}(${{ matrix.os }})" - fi - - # Determine success/failure (1 for success, 0 for failure) - if [ "${{ job.status }}" == "success" ]; then - success_value=1 - else - success_value=0 - fi - - # Determine branch (PR target branch or current branch) - if [ ! -z "${{ github.base_ref }}" ]; then - branch_name="${{ github.base_ref }}" - else - branch_name="${{ github.ref_name }}" - fi - - aws cloudwatch put-metric-data \ - --namespace "GitHub/Workflows" \ - --metric-data '[{ - "MetricName": "Success", - "Value": '$success_value', - "Unit": "Count", - "Dimensions": [ - { - "Name": "WorkflowName", - "Value": "${{ github.workflow }}" - }, - { - "Name": "JobName", - "Value": "'$job_name'" - }, - { - "Name": "Repository", - "Value": "${{ github.repository }}" - }, - { - "Name": "Branch", - "Value": "'$branch_name'" - } - ] - }]' - - if [ -z "$WORKFLOW_START_TIME" ]; then - echo "Warning: WORKFLOW_START_TIME not set, skipping metrics upload" - exit 0 - fi - - duration=$(($(date +%s) - $WORKFLOW_START_TIME)) - - # Only track duration for successful workflows - if [ "$success_value" -eq 1 ]; then - aws cloudwatch put-metric-data \ - --namespace "GitHub/Workflows" \ - --metric-data '[{ - "MetricName": "Duration", - "Value": '$duration', - "Unit": "Seconds", - "Dimensions": [ - { - "Name": "WorkflowName", - "Value": "${{ github.workflow }}" - }, - { - "Name": "JobName", - "Value": "'$job_name'" - }, - { - "Name": "Repository", - "Value": "${{ github.repository }}" - }, - { - "Name": "Branch", - "Value": "'$branch_name'" - } - ] - }]' - fi \ No newline at end of file diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml index b08a6a96f7e..3f9e68be845 100644 --- a/.github/workflows/codebuild-ci.yml +++ b/.github/workflows/codebuild-ci.yml @@ -45,8 +45,9 @@ jobs: steps: - name: Checkout sources uses: actions/checkout@v2 - - name: Set start time - run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV + - name: Set start timestamp + id: start + run: printf 'timestamp=%(%s)T\n' >> "$GITHUB_OUTPUT" - name: Verify PRs are not running malicious code if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }} run: | @@ -72,16 +73,32 @@ jobs: echo "cancelling in-progress build: id=$BUILD_ID" aws codebuild stop-build --id $BUILD_ID fi - - name: Upload metrics - if: always() - uses: ./.github/actions/workflow-metrics + - name: Calculate duration + id: end + run: | + printf -v now '%(%s)T' + duration=$(( now - ${{ steps.start.outputs.timestamp }} )) + echo "duration=$duration" >> "$GITHUB_OUTPUT" + - name: Emit metrics + if: always() # run this step even if previous steps failed or the job is canceled + uses: aws/aws-kotlin-repo-tools/.github/actions/emit-metrics@main + with: + namespace: CI Metrics + dimensions: | + Product=aws-sdk-kotlin + JobName=${{ github.job }} + Branch=${{ github.base_ref || github.ref_name }} + metrics: | + WorkflowSucceeded:${{ job.status == 'success' && '1' || '0' }}:Count + WorkflowDuration:${{ steps.end.outputs.duration }}:Seconds service-check-batch-and-artifact-size-metrics: if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: - - name: Set start time - run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV + - name: Set start timestamp + id: start + run: printf 'timestamp=%(%s)T\n' >> "$GITHUB_OUTPUT" - name: Verify PRs are not running malicious code if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }} run: | @@ -164,9 +181,24 @@ jobs: echo If this is expected please add the 'acknowledge-artifact-size-increase' label to this pull request. exit 1 } - - name: Upload metrics - if: always() - uses: ./.github/actions/workflow-metrics + - name: Calculate duration + id: end + run: | + printf -v now '%(%s)T' + duration=$(( now - ${{ steps.start.outputs.timestamp }} )) + echo "duration=$duration" >> "$GITHUB_OUTPUT" + - name: Emit metrics + if: always() # run this step even if previous steps failed or the job is canceled + uses: aws/aws-kotlin-repo-tools/.github/actions/emit-metrics@main + with: + namespace: CI Metrics + dimensions: | + Product=aws-sdk-kotlin + JobName=${{ github.job }} + Branch=${{ github.base_ref || github.ref_name }} + metrics: | + WorkflowSucceeded:${{ job.status == 'success' && '1' || '0' }}:Count + WorkflowDuration:${{ steps.end.outputs.duration }}:Seconds release-artifact-size-metrics: if: github.event_name == 'release' diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 1b7e3a393c1..eb6b5482320 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -31,8 +31,9 @@ jobs: - 17 - 21 steps: - - name: Set start time - run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV + - name: Set start timestamp + id: start + run: printf 'timestamp=%(%s)T\n' >> "$GITHUB_OUTPUT" - name: Checkout sources uses: actions/checkout@v4 with: @@ -50,9 +51,24 @@ jobs: pwd ls -lsa ./gradlew -Ptest.java.version=${{ matrix.java-version }} jvmTest --stacktrace - - name: Upload metrics - if: always() - uses: ./aws-sdk-kotlin/.github/actions/workflow-metrics + - name: Calculate duration + id: end + run: | + printf -v now '%(%s)T' + duration=$(( now - ${{ steps.start.outputs.timestamp }} )) + echo "duration=$duration" >> "$GITHUB_OUTPUT" + - name: Emit metrics + if: always() # run this step even if previous steps failed or the job is canceled + uses: aws/aws-kotlin-repo-tools/.github/actions/emit-metrics@main + with: + namespace: CI Metrics + dimensions: | + Product=aws-sdk-kotlin + JobName=${{ github.job }}(${{ matrix.java-version }}) + Branch=${{ github.base_ref || github.ref_name }} + metrics: | + WorkflowSucceeded:${{ job.status == 'success' && '1' || '0' }}:Count + WorkflowDuration:${{ steps.end.outputs.duration }}:Seconds - name: Save Test Reports if: failure() uses: actions/upload-artifact@v4 @@ -67,9 +83,9 @@ jobs: matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] steps: - - name: Set start time - shell: bash - run: echo "WORKFLOW_START_TIME=$(date +%s)" >> $GITHUB_ENV + - name: Set start timestamp + id: start + run: printf 'timestamp=%(%s)T\n' >> "$GITHUB_OUTPUT" - name: Checkout sources uses: actions/checkout@v4 with: @@ -109,9 +125,24 @@ jobs: ./gradlew apiCheck ./gradlew test jvmTest ./gradlew testAllProtocols - - name: Upload metrics - if: always() - uses: ./aws-sdk-kotlin/.github/actions/workflow-metrics + - name: Calculate duration + id: end + run: | + printf -v now '%(%s)T' + duration=$(( now - ${{ steps.start.outputs.timestamp }} )) + echo "duration=$duration" >> "$GITHUB_OUTPUT" + - name: Emit metrics + if: always() # run this step even if previous steps failed or the job is canceled + uses: aws/aws-kotlin-repo-tools/.github/actions/emit-metrics@main + with: + namespace: CI Metrics + dimensions: | + Product=aws-sdk-kotlin + JobName=${{ github.job }}(${{ matrix.os }}) + Branch=${{ github.base_ref || github.ref_name }} + metrics: | + WorkflowSucceeded:${{ job.status == 'success' && '1' || '0' }}:Count + WorkflowDuration:${{ steps.end.outputs.duration }}:Seconds - name: Save Test Reports if: failure() uses: actions/upload-artifact@v4 From ee06b777866931057daae8057fa0bad04597e1ea Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 13:01:28 -0400 Subject: [PATCH 03/10] use bash --- .github/workflows/continuous-integration.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index eb6b5482320..354cf436564 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -85,6 +85,7 @@ jobs: steps: - name: Set start timestamp id: start + shell: bash run: printf 'timestamp=%(%s)T\n' >> "$GITHUB_OUTPUT" - name: Checkout sources uses: actions/checkout@v4 @@ -127,6 +128,7 @@ jobs: ./gradlew testAllProtocols - name: Calculate duration id: end + shell: bash run: | printf -v now '%(%s)T' duration=$(( now - ${{ steps.start.outputs.timestamp }} )) From 27a68bc3201f6d26d7474ae72c56157eaa828aac Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 13:06:17 -0400 Subject: [PATCH 04/10] set up kat --- .github/workflows/codebuild-ci.yml | 4 ++++ .github/workflows/continuous-integration.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml index 3f9e68be845..bcf61422fbd 100644 --- a/.github/workflows/codebuild-ci.yml +++ b/.github/workflows/codebuild-ci.yml @@ -58,6 +58,8 @@ jobs: with: role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} aws-region: us-west-2 + - name: Setup kat + uses: aws/aws-kotlin-repo-tools/.github/actions/setup-kat@main - name: Run E2E Tests id: e2e-tests uses: aws-actions/aws-codebuild-run-build@v1 @@ -111,6 +113,8 @@ jobs: with: role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} aws-region: us-west-2 + - name: Setup kat + uses: aws/aws-kotlin-repo-tools/.github/actions/setup-kat@main - name: Configure Gradle uses: aws/aws-kotlin-repo-tools/.github/actions/configure-gradle@main - name: Run Service Check Batch and Calculate Artifact Size Metrics diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 354cf436564..eee7636177a 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -44,6 +44,8 @@ jobs: uses: aws/aws-kotlin-repo-tools/.github/actions/configure-gradle@main with: working-directory: ./aws-sdk-kotlin + - name: Setup kat + uses: aws/aws-kotlin-repo-tools/.github/actions/setup-kat@main - name: Test working-directory: ./aws-sdk-kotlin shell: bash @@ -93,6 +95,8 @@ jobs: path: 'aws-sdk-kotlin' - name: Setup Build uses: ./aws-sdk-kotlin/.github/actions/setup-build + - name: Setup kat + uses: aws/aws-kotlin-repo-tools/.github/actions/setup-kat@main - name: Configure Gradle - smithy-kotlin uses: aws/aws-kotlin-repo-tools/.github/actions/configure-gradle@main with: From f61d2b74e8c20c6819a98bd0e7118f8536dac28e Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 13:09:47 -0400 Subject: [PATCH 05/10] configure credentials --- .github/workflows/continuous-integration.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index eee7636177a..65d9864e024 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -44,6 +44,11 @@ jobs: uses: aws/aws-kotlin-repo-tools/.github/actions/configure-gradle@main with: working-directory: ./aws-sdk-kotlin + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 - name: Setup kat uses: aws/aws-kotlin-repo-tools/.github/actions/setup-kat@main - name: Test @@ -95,6 +100,11 @@ jobs: path: 'aws-sdk-kotlin' - name: Setup Build uses: ./aws-sdk-kotlin/.github/actions/setup-build + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 - name: Setup kat uses: aws/aws-kotlin-repo-tools/.github/actions/setup-kat@main - name: Configure Gradle - smithy-kotlin From 39c5975d858d8a2b9b91d096913d0d741d38cf5f Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 13:39:28 -0400 Subject: [PATCH 06/10] use mac compatible format --- .github/workflows/continuous-integration.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 65d9864e024..2acad2cf444 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -93,7 +93,7 @@ jobs: - name: Set start timestamp id: start shell: bash - run: printf 'timestamp=%(%s)T\n' >> "$GITHUB_OUTPUT" + run: echo "timestamp=$(date +%s)" >> "$GITHUB_OUTPUT" - name: Checkout sources uses: actions/checkout@v4 with: @@ -144,7 +144,7 @@ jobs: id: end shell: bash run: | - printf -v now '%(%s)T' + now=$(date +%s) duration=$(( now - ${{ steps.start.outputs.timestamp }} )) echo "duration=$duration" >> "$GITHUB_OUTPUT" - name: Emit metrics From e183e8707c08914872a7b879dbc7372396ec52bd Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 16:39:56 -0400 Subject: [PATCH 07/10] bump repo tools version --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index aeb94018585..08df17351d6 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -4,7 +4,7 @@ ksp-version = "2.2.0-2.0.2" # Keep in sync with kotlin-version dokka-version = "2.0.0" -aws-kotlin-repo-tools-version = "0.4.54" +aws-kotlin-repo-tools-version = "0.4.58" # libs coroutines-version = "1.10.2" From 89b344a8fa1b74760eb537070b3be68eb0ce738c Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 17:01:40 -0400 Subject: [PATCH 08/10] cleanup --- .github/workflows/codebuild-ci.yml | 2 -- .github/workflows/continuous-integration.yml | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml index bcf61422fbd..414ebf57e9d 100644 --- a/.github/workflows/codebuild-ci.yml +++ b/.github/workflows/codebuild-ci.yml @@ -43,8 +43,6 @@ jobs: if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: - - name: Checkout sources - uses: actions/checkout@v2 - name: Set start timestamp id: start run: printf 'timestamp=%(%s)T\n' >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 2acad2cf444..0a7c24bec15 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -4,10 +4,7 @@ on: pull_request: workflow_dispatch: -permissions: - id-token: write - contents: read - +permissions: { } # Allow one instance of this workflow per pull request, and cancel older runs when new changes are pushed concurrency: group: ci-pr-${{ github.ref }} From d0f6209024f0197c704e3e292f079c1aa055d5ac Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 17:03:41 -0400 Subject: [PATCH 09/10] permission --- .github/workflows/continuous-integration.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 0a7c24bec15..1e2bd5fa93c 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -4,7 +4,9 @@ on: pull_request: workflow_dispatch: -permissions: { } +permissions: + id-token: write + contents: read # Allow one instance of this workflow per pull request, and cancel older runs when new changes are pushed concurrency: group: ci-pr-${{ github.ref }} From 2337354bb74513f9d35236d31e8cb22651010fee Mon Sep 17 00:00:00 2001 From: Xinsong Cui Date: Wed, 24 Sep 2025 17:28:33 -0400 Subject: [PATCH 10/10] always calculate duration --- .github/workflows/codebuild-ci.yml | 2 ++ .github/workflows/continuous-integration.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml index 414ebf57e9d..0951c5eff69 100644 --- a/.github/workflows/codebuild-ci.yml +++ b/.github/workflows/codebuild-ci.yml @@ -75,6 +75,7 @@ jobs: fi - name: Calculate duration id: end + if: always() run: | printf -v now '%(%s)T' duration=$(( now - ${{ steps.start.outputs.timestamp }} )) @@ -185,6 +186,7 @@ jobs: } - name: Calculate duration id: end + if: always() run: | printf -v now '%(%s)T' duration=$(( now - ${{ steps.start.outputs.timestamp }} )) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 1e2bd5fa93c..da5eb187d8c 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -59,6 +59,7 @@ jobs: ./gradlew -Ptest.java.version=${{ matrix.java-version }} jvmTest --stacktrace - name: Calculate duration id: end + if: always() run: | printf -v now '%(%s)T' duration=$(( now - ${{ steps.start.outputs.timestamp }} )) @@ -141,6 +142,7 @@ jobs: ./gradlew testAllProtocols - name: Calculate duration id: end + if: always() shell: bash run: | now=$(date +%s)