Skip to content

feat: make jar release condition to unit and replay passing by default' #2469

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: arith-dev
Choose a base branch
from
Open

feat: make jar release condition to unit and replay passing by default' #2469

wants to merge 4 commits into from

Conversation

@amkCha
Copy link
Collaborator

@amkCha amkCha commented Nov 5, 2025
edited by cursor bot
Loading

Note

Refactors fast replay tests into a reusable workflow and makes release publishing wait for unit and fast replay tests by default, with an option to publish immediately.

  • CI/Workflows:
    • Reusable fast replay tests: Add /.github/workflows/reusable-fast-replay-tests.yml encapsulating checkout, environment setup, running :arithmetization:fastReplayTests, and uploading reports.
    • Tests:
      • Update gradle-tests.yml to use the reusable fast replay workflow; propagate tests-with-ssh input.
      • In manual-release.yml, switch fast replay tests to the reusable workflow and keep only unit-tests-prague.
    • Release publishing:
      • Add wait-for-tests-bef-publish input (default true).
      • Introduce publish-conditional-to-units-and-replay-tests job gated on passing unit (Prague) and fast replay tests; publish via ./gradlew publish with Cloudsmith creds.
      • Add publish-as-soon-as-ready job to publish immediately when the input is false.

Written by Cursor Bugbot for commit ba3d69d. This will update automatically on new commits. Configure here.

@amkCha amkCha marked this pull request as ready for review November 5, 2025 20:48
cursor[bot]
cursor bot reviewed Nov 5, 2025
View reviewed changes
@amkCha amkCha force-pushed the feat/unit-replays-condition-to-jar-release branch from 9107e69 to eb7d3d9 Compare November 5, 2025 20:49
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 5, 2025
View reviewed changes
.github/workflows/reusable-fast-replay-tests.yml
Comment on lines +15 to +53
runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-xxl
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
submodules: false

- name: Setup Environment
uses: ./.github/actions/setup-environment
with:
enable-ssh: ${{ inputs.tests-with-ssh }}

- name: Run replay tests
run: GOMEMLIMIT=26GiB ./gradlew :arithmetization:fastReplayTests
env:
JAVA_OPTS: -Dorg.gradle.daemon=false
JUNIT_TESTS_PARALLELISM: 4
GOCORSET_FLAGS: -b1024 -v --ansi-escapes=false --report --air

- name: Upload test report
if: ${{ always() }}
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: replay-tests-report
path: arithmetization/build/reports/tests/**/*

- name: Upload jacoco fast replay tests coverage report
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: jacoco-fast-replay-tests-coverage-report
path: arithmetization/build/reports/jacoco/jacocoFastReplayTestsReport/**/*

- name: Upload jacoco fast replay tests exec file
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: jacoco-fast-replay-tests-exec-file
path: arithmetization/build/jacoco/fastReplayTests.exec

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 11 hours ago

To address the problem, we should explicitly add a permissions block to the workflow. Since all jobs in the workflow only check out the repository, run tests, and upload artifacts, the minimum required is nearly always contents: read. This will prevent the workflow from inheriting more permissive defaults set at the repository or organization level. The permissions block should be added at the top level of the workflow file (just after the name and before on) to apply to all jobs by default. No changes to the workflow steps or additional configuration are required.

Suggested changeset 1
.github/workflows/reusable-fast-replay-tests.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/reusable-fast-replay-tests.yml b/.github/workflows/reusable-fast-replay-tests.yml
--- a/.github/workflows/reusable-fast-replay-tests.yml
+++ b/.github/workflows/reusable-fast-replay-tests.yml
@@ -1,4 +1,6 @@
 name: "Reusable fast replay tests workflow"
+permissions:
+  contents: read
 
 on:
   workflow_call:
EOF
@@ -1,4 +1,6 @@
name: "Reusable fast replay tests workflow"
permissions:
contents: read

on:
workflow_call:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@amkCha amkCha force-pushed the feat/unit-replays-condition-to-jar-release branch from eb7d3d9 to 44987a2 Compare November 5, 2025 21:08
cursor[bot]
cursor bot reviewed Nov 5, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@amkCha