Adds lint workflow for yaml and link checking (#228)

originally added here openzipkin/zipkin-gcp#212

Signed-off-by: Adrian Cole <[email protected]>

Author: codefromthecrypt

.github/workflows/create_release.yml

@@ -1,13 +1,12 @@
-# yamllint --format github .github/workflows/create_release.yml
 ---
 name: create_release
 
-# We create a release version on a trigger tag, regardless of if the commit is documentation-only.
-#
-# See https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
-on:
+# We create a release version on a trigger tag, regardless of if the commit is
+# documentation-only.
+on:  # yamllint disable-line rule:truthy
   push:
-    tags: 'release-[0-9]+.[0-9]+.[0-9]+**'  # Ex. release-1.2.3
+    tags:  # e.g. release-1.2.3
+      - 'release-[0-9]+.[0-9]+.[0-9]+**'
 
 jobs:
   create_release:
@@ -16,8 +15,8 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@v4
         with:
-          # Prevent use of implicit GitHub Actions read-only token GITHUB_TOKEN. We don't deploy on
-          # the tag MAJOR.MINOR.PATCH event, but we still need to deploy the maven-release-plugin master commit.
+          # Prevent use of implicit GitHub Actions read-only GITHUB_TOKEN
+          # because maven-release-plugin pushes commits to master.
           token: ${{ secrets.GH_TOKEN }}
       - name: Setup java
         uses: actions/setup-java@v4
@@ -28,16 +27,16 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
+          key: ${{ runner.os }}-jdk-17-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-jdk-17-maven-
       - name: Create Release
         env:
           # GH_USER=<user that created GH_TOKEN>
           GH_USER: ${{ secrets.GH_USER }}
           # GH_TOKEN=<hex token value>
-          #   - makes release commits and tags
-          #   - needs repo:status, public_repo
-          #   - referenced in .settings.xml
+          # * makes release commits and tags
+          # * needs repo:status, public_repo
+          # * referenced in .settings.xml
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
         run: |  # GITHUB_REF will be refs/tags/release-MAJOR.MINOR.PATCH
           build-bin/git/login_git &&

.github/workflows/deploy.yml

@@ -4,24 +4,21 @@ name: deploy
 
 # We deploy on master and release versions, regardless of if the commit is
 # documentation-only or not.
-#
-# See https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
-on:
+on:  # yamllint disable-line rule:truthy
   push:
-    # Don't deploy tags as they conflict with [maven-release-plugin] prepare release MAJOR.MINOR.PATCH
-    tags: ''
-    branches: master
+    branches:
+      - master
+    # Don't deploy tags because the same commit for MAJOR.MINOR.PATCH is also
+    # on master: Redundant deployment of a release version will fail uploading.
+    tags-ignore:
+      - '*'
 
 jobs:
   deploy:
     runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
-        with:
-          # Prevent use of implicit GitHub Actions read-only token GITHUB_TOKEN.
-          # We push Javadocs to the gh-pages branch on commit.
-          token: ${{ secrets.GH_TOKEN }}
       - name: Setup java
         uses: actions/setup-java@v4
         with:
@@ -31,8 +28,8 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
+          key: ${{ runner.os }}-jdk-17-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-jdk-17-maven-
       # Don't attempt to cache Docker. Sensitive information can be stolen
       # via forks, and login session ends up in ~/.docker. This is ok because
       # we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner.
@@ -41,31 +38,30 @@ jobs:
           # GH_USER=<user that created GH_TOKEN>
           GH_USER: ${{ secrets.GH_USER }}
           # GH_TOKEN=<hex token value>
-          #   - pushes gh-pages during build-bin/javadoc_to_gh_pages
-          #   - pushes Docker images to ghcr.io
-          #   - create via https://github.com/settings/tokens
-          #   - needs repo:status, public_repo, write:packages, delete:packages
+          # * pushes gh-pages during build-bin/javadoc_to_gh_pages
+          # * pushes Docker images to ghcr.io
+          # * create via https://github.com/settings/tokens
+          # * needs repo:status, public_repo, write:packages, delete:packages
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
           GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
           # GPG_PASSPHRASE=<passphrase for GPG_SIGNING_KEY>
-          #   - referenced in .settings.xml
+          # * referenced in .settings.xml
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
           # SONATYPE_USER=<sonatype account token>
-          #   - deploys snapshots and releases to Sonatype
-          #   - needs access to io.zipkin via https://issues.sonatype.org/browse/OSSRH-16669
-          #   - generate via https://oss.sonatype.org/#profile;User%20Token
-          #   - referenced in .settings.xml
+          # * deploys snapshots and releases to Sonatype
+          # * needs access to io.zipkin via OSSRH-16669
+          # * generate via https://oss.sonatype.org/#profile;User%20Token
+          # * referenced in .settings.xml
           SONATYPE_USER: ${{ secrets.SONATYPE_USER }}
           # SONATYPE_PASSWORD=<password to sonatype account token>
-          #   - referenced in .settings.xml
+          #  * referenced in .settings.xml
           SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
           # DOCKERHUB_USER=<typically dockerzipkindeployer>
-          #   - only push top-level projects: zipkin zipkin-aws zipkin-dependencies zipkin-gcp to Docker Hub, only on release
-          #   - login like this: echo "$DOCKERHUB_TOKEN"| docker login -u "$DOCKERHUB_USER" --password-stdin
+          #  * only push repos in openzipkin org to Docker Hub on release
           DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
           # DOCKERHUB_TOKEN=<access token for DOCKERHUB_USER>
-          #   -  Access Token from here https://hub.docker.com/settings/security
+          #  * Access Token from here https://hub.docker.com/settings/security
           DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-        run: |  # GITHUB_REF will be refs/heads/master or refs/tags/MAJOR.MINOR.PATCH
+        run: |  # GITHUB_REF = refs/heads/master or refs/tags/MAJOR.MINOR.PATCH
           build-bin/configure_deploy &&
           build-bin/deploy $(echo ${GITHUB_REF} | cut -d/ -f 3)

.github/workflows/docker_push.yml

@@ -1,13 +1,12 @@
-# yamllint --format github .github/workflows/docker_push.yml
 ---
 name: docker_push
 
-# We re-push docker images on a trigger tag, regardless of if the commit is documentation-only.
-#
-# See https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
-on:
+# We re-push docker on a trigger tag, regardless of if the commit is
+# documentation-only.
+on:  # yamllint disable-line rule:truthy
   push:
-    tags: 'docker-[0-9]+.[0-9]+.[0-9]+**'  # Ex. docker-1.2.3
+    tags:  # e.g. docker-1.2.3
+      - 'docker-[0-9]+.[0-9]+.[0-9]+**'
 
 jobs:
   docker_push:
@@ -19,22 +18,21 @@ jobs:
       # via forks, and login session ends up in ~/.docker. This is ok because
       # we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner.
       - name: Docker Push
-        run: |  # GITHUB_REF will be refs/tags/docker-MAJOR.MINOR.PATCH
+        run: |  # GITHUB_REF = refs/tags/docker-MAJOR.MINOR.PATCH
           build-bin/git/login_git &&
           build-bin/docker/configure_docker_push &&
           build-bin/docker_push $(echo ${GITHUB_REF} | cut -d/ -f 3)
         env:
           # GH_USER=<user that created GH_TOKEN>
           GH_USER: ${{ secrets.GH_USER }}
           # GH_TOKEN=<hex token value>
-          #   - pushes Docker images to ghcr.io
-          #   - create via https://github.com/settings/tokens
-          #   - needs repo:status, public_repo, write:packages, delete:packages
+          # * pushes Docker images to ghcr.io
+          # * create via https://github.com/settings/tokens
+          # * needs repo:status, public_repo, write:packages, delete:packages
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
           # DOCKERHUB_USER=<typically dockerzipkindeployer>
-          #   - only push top-level projects: zipkin zipkin-aws zipkin-dependencies zipkin-gcp to Docker Hub, only on release
-          #   - login like this: echo "$DOCKERHUB_TOKEN"| docker login -u "$DOCKERHUB_USER" --password-stdin
+          #  * only push repos in openzipkin org to Docker Hub on release
           DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
           # DOCKERHUB_TOKEN=<access token for DOCKERHUB_USER>
-          #   -  Access Token from here https://hub.docker.com/settings/security
+          #  * Access Token from here https://hub.docker.com/settings/security
           DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/lint.yml

@@ -0,0 +1,36 @@
+---
+name: lint
+
+on:  # yamllint disable-line rule:truthy
+  push:  # non-tagged pushes to master
+    branches:
+      - master
+    tags-ignore:
+      - '*'
+    paths:
+      - '**/*.md'
+      - '.github/workflows/*.yml'
+      - './build-bin/*lint'
+      - ./build-bin/mlc_config.json
+  pull_request:  # pull requests targeted at the master branch.
+    branches:
+      - master
+    paths:
+      - '**/*.md'
+      - '.github/workflows/*.yml'
+      - './build-bin/*lint'
+      - ./build-bin/mlc_config.json
+
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    # skip commits made by the release plugin
+    if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+      - name: Lint
+        run: |
+          build-bin/configure_lint
+          build-bin/lint

.github/workflows/test.yml

@@ -1,42 +1,61 @@
-# yamllint --format github .github/workflows/test.yml
 ---
 name: test
 
 # We don't test documentation-only commits.
-on:
-  # We run tests on non-tagged pushes to master that aren't a commit made by the release plugin
-  push:
-    tags: ''
-    branches: master
-    paths-ignore: '**/*.md'
-  # We also run tests on pull requests targeted at the master branch.
-  pull_request:
-    branches: master
-    paths-ignore: '**/*.md'
+on:  # yamllint disable-line rule:truthy
+  push:  # non-tagged pushes to master
+    branches:
+      - master
+    tags-ignore:
+      - '*'
+    paths-ignore:
+      - '**/*.md'
+      - './build-bin/*lint'
+      - ./build-bin/mlc_config.json
+  pull_request:  # pull requests targeted at the master branch.
+    branches:
+      - master
+    paths-ignore:
+      - '**/*.md'
+      - './build-bin/*lint'
+      - ./build-bin/mlc_config.json
 
 jobs:
   test:
+    name: test (JDK 17)
     runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    # skip commits made by the release plugin
     if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
+    strategy:
+      fail-fast: false  # don't fail fast as some failures are LTS specific
+      matrix:  # match with maven-enforcer-plugin rules in pom.xml
+        include:
+          - java_version: 17  # earliest LTS supported by Spring Boot 3
+            maven_args: -Prelease -Dgpg.skip
+          - java_version: 21  # Most recent LTS
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
-      - name: Cache local Maven repository
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
       - name: Setup java
         uses: actions/setup-java@v4
         with:
           distribution: 'zulu'  # zulu as it supports a wide version range
           java-version: '17'  # until Spark 4 per SPARK-43831
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          # yamllint disable-line rule:line-length
+          key: ${{ runner.os }}-jdk-17-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-jdk-17-maven-
       - name: Test without Docker
-        run: build-bin/maven/maven_go_offline && build-bin/test -DexcludedGroups=docker
+        run: |
+          build-bin/maven/maven_go_offline &&
+          build-bin/test -DexcludedGroups=docker
+
   test_docker:
-    name: test_docker (${{ matrix.name }})
-    runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
+    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    # skip commits made by the release plugin
     if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
     strategy:
       matrix:
@@ -59,20 +78,21 @@ jobs:
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'zulu'  # zulu as it supports a wide version range
+          java-version: '17'  # until Spark 4 per SPARK-43831
       - name: Cache local Maven repository
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
+          # yamllint disable-line rule:line-length
+          key: ${{ runner.os }}-jdk-17-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-jdk-17-maven-
       # Don't attempt to cache Docker. Sensitive information can be stolen
       # via forks, and login session ends up in ~/.docker. This is ok because
       # we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner.
-      - name: Setup java
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'zulu'  # zulu as it supports a wide version range
-          java-version: '17'  # until Spark 4 per SPARK-43831
       - name: Test with Docker
         run: |
           build-bin/docker/configure_docker &&

.github/workflows/test_readme.yml

@@ -1,20 +1,31 @@
-# yamllint --format github .github/workflows/test_readme.yml
 ---
 name: test_readme
 
 # These test build commands mentioned in various README.md files.
 #
-# This doesn't literally scrape the README.md, so we don't test documentation-only commits.
-on:
-  # We run tests on only on pull requests targeted at the master branch.
-  # * This skips master pushes as it is rare things not done in PRs break, and conserves resources
-  pull_request:
-    branches: master
-    paths-ignore: '**/*.md'
+# We don't test documentation-only commits.
+on:  # yamllint disable-line rule:truthy
+  push:  # non-tagged pushes to master
+    branches:
+      - master
+    tags-ignore:
+      - '*'
+    paths-ignore:
+      - '**/*.md'
+      - './build-bin/*lint'
+      - ./build-bin/mlc_config.json
+  pull_request:  # pull requests targeted at the master branch.
+    branches:
+      - master
+    paths-ignore:
+      - '**/*.md'
+      - './build-bin/*lint'
+      - ./build-bin/mlc_config.json
 
 jobs:
-  zipkin-dependencies:
+  zipkin-server:
     runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    # skip commits made by the release plugin
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -24,16 +35,16 @@ jobs:
           distribution: 'zulu'  # zulu as it supports a wide version range
           java-version: '17'  # until Spark 4 per SPARK-43831
       - name: Cache local Maven repository
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
+          key: ${{ runner.os }}-jdk-17-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-jdk-17-maven-
       # Don't attempt to cache Docker. Sensitive information can be stolen
       # via forks, and login session ends up in ~/.docker. This is ok because
       # we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner.
       - name: README.md  # Tests the build which is re-used for docker
-        run: ./mvnw -T1C -q --batch-mode -DskipTests -Denforcer.fail=false package
+        run: ./mvnw -T1C -q --batch-mode -DskipTests package
       - name: docker/README.md
         run: build-bin/docker/docker_build openzipkin/zipkin-dependencies:test
         env: