Use shared analysis workflow for Java code analysis

Author: JohT

.github/workflows/analyze-code-graph.yml

@@ -7,10 +7,13 @@ on:
         description: "The name of the project to analyze. E.g. MyProject-1.0.0"
         required: true
         type: string
-      # TODO: Split upload into one for source code folders and one for artifacts like Java JARs
-      uploaded-artifact-name:
-        description: "The name of the artifact uploaded with 'actions/upload-artifact' containing the 'source' and 'artifacts' directory with the contents to analyze."
-        required: true
+      artifacts-upload-name:
+        description: "The name of the artifacts uploaded with 'actions/upload-artifact' containing the content of the 'artifacts' directory for the analysis."
+        required: false
+        type: string
+      sources-upload-name:
+        description: "The name of the sources uploaded with 'actions/upload-artifact' containing the content of the 'source' directory for the analysis."
+        required: false
         type: string
     outputs:
       uploaded-analysis-results:
@@ -30,6 +33,9 @@ jobs:
           python: 3.11
           miniforge: 24.9.0-0
     steps:
+      - name: Assure that either artifacts-upload-name or sources-upload-name is set
+        if: inputs.artifacts-upload-name == '' && inputs.sources-upload-name == ''
+        run: echo "Please specify either the input parameter 'artifacts-upload-name' or 'sources-upload-name'."; exit 1
       - name: Checkout code-graph-analysis-pipeline
         uses: actions/checkout@v4
         with:
@@ -98,12 +104,18 @@ jobs:
           NEO4J_INITIAL_PASSWORD: ${{ steps.generate-neo4j-initial-password.outputs.neo4j-initial-password }}
         run: ./init.sh ${{ inputs.analysis-name }}
 
-      - name: (Code Analysis Setup) Download source code and artifacts for analysis
+      - name: (Code Analysis Setup) Download sources for analysis
         uses: actions/download-artifact@v4
         with:
-          name: ${{ inputs.uploaded-artifact-name }}
+          name: ${{ inputs.sources-upload-name }}
           path: code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }}
 
+      - name: (Code Analysis Setup) Download artifacts for analysis
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifacts-upload-name }}
+          path: code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}/artifacts
+
       - name: (Code Analysis) Analyze ${{ inputs.analysis-name }}
         working-directory: code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}
         # Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed

.github/workflows/java-code-analysis.yml

@@ -1,4 +1,4 @@
-name: AxonFramework Java Code Structure Graph Analysis
+name: AxonFramework Code Graph Analysis (Java)
 
 on:
   push:
@@ -36,105 +36,117 @@ on:
       - '.github/workflows/typescript-code-analysis.yml'
       - '.github/workflows/*documentation.yml'
 
-# Requires the secret NEO4J_INITIAL_PASSWORD to be configured
 jobs:
-  analysis-results:
+  prepare-code-to-analyze:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          java: 17
-          python: 3.11
-          miniforge: 24.9.0-0
+    outputs:
+      analysis-name: ${{ steps.set-analysis-name.outputs.analysis-name }}
+      sources-upload-name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
+      artifacts-upload-name: ${{ steps.set-artifacts-upload-name.outputs.artifacts-upload-name }}
 
     env: 
-      CI_COMMIT_MESSAGE: Automated code structure analysis analysis-results (CI)
-      CI_COMMIT_AUTHOR: ${{ github.event.repository.name }} Continuous Integration
       PROJECT_NAME: AxonFramework
-      # Version variable name matches renovate.json configuration entry
+      # Version variable names matches renovate.json configuration entry
       AXON_FRAMEWORK_VERSION: 4.10.3
+      # Java is in this example only used to download JARs for analysis using Maven
+      JAVA_VERSION: 21
 
     steps:
-    - name: Checkout GIT Repository
+    - name: (Prepare Code to Analyze) Checkout AxonFramework repository
       uses: actions/checkout@v4
       with:
-        token: ${{ secrets.WORKFLOW_GIT_ACCESS_TOKEN }}
+        repository: AxonFramework/AxonFramework
+        ref: axon-${{ env.AXON_FRAMEWORK_VERSION }}
+        path: ./source
 
-    - name: (Code Analysis Setup) Set ANALYSIS_NAME
-      run: echo "ANALYSIS_NAME=${{ env.PROJECT_NAME }}-${{ env.AXON_FRAMEWORK_VERSION }}" >> $GITHUB_ENV
-
-    - name: Setup Code Analysis
-      uses: ./.github/actions/setup-code-analysis
+    - name: (Prepare Code to Analyze) Setup Java Development Kit for Maven JARs downloading (JDK) ${{ env.JAVA_VERSION}}
+      uses: actions/setup-java@v4
       with:
-        java-version: ${{ matrix.java }}
-        python-version: ${{ matrix.python }}
-        miniforge-version: ${{ matrix.miniforge }}
-        analysis-name: ${{ env.ANALYSIS_NAME }}
-        neo4j-password: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
-
-    - name: (Code Analysis) Download ${{ env.ANALYSIS_NAME }}
-      working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
-      run: |
-        ./../../scripts/downloader/downloadAxonFramework.sh ${{ env.AXON_FRAMEWORK_VERSION }}
-
-    - name: (Code Analysis) Analyze ${{ env.ANALYSIS_NAME }}
-      working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
-      # Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed
-      shell: bash -el {0}
-      env:
-        NEO4J_INITIAL_PASSWORD: ${{ secrets.NEO4J_INITIAL_PASSWORD }}
-        ENABLE_JUPYTER_NOTEBOOK_PDF_GENERATION: "true"
-        IMPORT_GIT_LOG_DATA_IF_SOURCE_IS_PRESENT: "" # Options: "none", "aggregated", "full". default = "plugin" or ""
-      run: |
-        ./../../scripts/analysis/analyze.sh --profile Neo4jv5-low-memory
-        
-    - name: (Code Analysis) Collect analysis results
-      working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
+        distribution: "temurin"
+        java-version: ${{ env.JAVA_VERSION}}
+
+    - name: (Prepare Code to Analyze) Download AxonFramework JARs for analysis
       run: |
-        mkdir -p ./../../../analysis-results/${{ env.ANALYSIS_NAME }}
-        cp -Rp reports ./../../../analysis-results/${{ env.ANALYSIS_NAME }}
-  
-    # Upload logs and unfinished analysis-results in case of an error for troubleshooting
-    - name: Archive failed run with logs and unfinished analysis-results
-      if: failure()
+        mvn dependency:copy -Dartifact=org.axonframework:axon-configuration:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-disruptor:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-eventsourcing:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-messaging:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-modelling:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-test:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-server-connector:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-spring-boot-autoconfigure:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+        mvn dependency:copy -Dartifact=org.axonframework:axon-tracing-opentelemetry:${{ env.AXON_FRAMEWORK_VERSION }} -DoutputDirectory=./artifacts
+ 
+    - name: (Prepare Code to Analyze) Set analysis-name
+      id: set-analysis-name
+      run: echo "analysis-name=${{ env.PROJECT_NAME }}-${{ env.AXON_FRAMEWORK_VERSION }}" >> "$GITHUB_OUTPUT"
+
+    - name: (Prepare Code to Analyze) Generate ARTIFACT_UPLOAD_ID
+      run: echo "ARTIFACT_UPLOAD_ID=$(LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 10)" >> $GITHUB_ENV
+ 
+    - name: (Prepare Code to Analyze) Set sources-upload-name
+      id: set-sources-upload-name
+      run: echo "sources-upload-name=${{ steps.set-analysis-name.outputs.analysis-name }}-analysis-sources_input-${{ env.ARTIFACT_UPLOAD_ID }}" >> "$GITHUB_OUTPUT"
+ 
+    - name: (Prepare Code to Analyze) Assemble ARTIFACTS_UPLOAD_NAME
+      id: set-artifacts-upload-name
+      run: echo "artifacts-upload-name=${{ steps.set-analysis-name.outputs.analysis-name }}-analysis-artifacts-input-${{ env.ARTIFACT_UPLOAD_ID }}" >> "$GITHUB_OUTPUT"
+
+    - name: (Prepare Code to Analyze) Upload sources to analyze
+      if: success()
       uses: actions/upload-artifact@v4
       with:
-        name: java-code-analysis-logs-java-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
-        path: |
-          ./code-graph-analysis-pipeline/temp/**/runtime/*
-          ./code-graph-analysis-pipeline/temp/**/reports/*
+        name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
+        path: ./source
+        if-no-files-found: error
         retention-days: 5
 
-    # Upload successful analysis-results in case they are needed for troubleshooting
-    - name: Archive successful analysis-results
+    - name: (Prepare Code to Analyze) Upload artifacts to analyze
       if: success()
       uses: actions/upload-artifact@v4
       with:
-        name: java-code-analysis-analysis-results-java-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
-        path: ./analysis-results/${{ env.ANALYSIS_NAME }}/*
+        name: ${{ steps.set-artifacts-upload-name.outputs.artifacts-upload-name }}
+        path: ./artifacts
         if-no-files-found: error
         retention-days: 5
 
-    # Upload Database Export
-    # Only possible after an export with "./../../scripts/analysis/analyze.sh --report DatabaseCsvExport"
-    # Won't be done here because of performance and security concerns
-    #- name: Archive exported database
-    #  uses: actions/upload-artifact@v3
-    #  with:
-    #    name: java-code-analysis-database-export-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
-    #    path: ./code-graph-analysis-pipeline/temp/**/import
-    #    if-no-files-found: error
-    #    retention-days: 5
+
+  analyze-code-graph:
+    needs: [prepare-code-to-analyze]
+    uses: ./.github/workflows/analyze-code-graph.yml
+    with:
+      analysis-name: ${{ needs.prepare-code-to-analyze.outputs.analysis-name }}
+      artifacts-upload-name: ${{ needs.prepare-code-to-analyze.outputs.artifacts-upload-name }}
+      sources-upload-name: ${{ needs.prepare-code-to-analyze.outputs.sources-upload-name }}
+
+
+  analysis-results:
+    needs: [prepare-code-to-analyze, analyze-code-graph]
+    runs-on: ubuntu-latest
+
+    env: 
+      CI_COMMIT_MESSAGE: Automated code structure analysis analysis-results (CI)
+      CI_COMMIT_AUTHOR: ${{ github.event.repository.name }} Continuous Integration
+
+    steps:
+    - name: Checkout GIT Repository
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.WORKFLOW_GIT_ACCESS_TOKEN }}
+  
+    - name: (Code Analysis Setup) Download source code and artifacts for analysis
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ needs.analyze-code-graph.outputs.uploaded-analysis-results }}
+        path: analysis-results/${{ needs.prepare-code-to-analyze.outputs.analysis-name }}
 
     # Commit and push the native image agent analysis-results
     - name: Display environment variable "github.event_name"
       run: echo "github.event_name=${{ github.event_name }}"
-    - name: Commit changes in the "analysis-results" directory
+    - name: Display changes in the "analysis-results" directory and prepare commit
       # Only run when a pull request gets merged or a commit is pushed to the main branch
       # git add parameters need to match paths-ignore parameters above
       # Git pull before add/commit/push to reduce race conditions on parallel builds
-      if: github.event_name == 'push'
       run: |
         git config --global user.name '${{ env.CI_COMMIT_AUTHOR }}'
         git config --global user.email "[email protected]"
@@ -143,6 +155,12 @@ jobs:
         git status
         git add analysis-results
         git status
+    - name: Commit and push changes in the "analysis-results" directory
+      # Only run when a pull request gets merged or a commit is pushed to the main branch
+      # git add parameters need to match paths-ignore parameters above
+      # Git pull before add/commit/push to reduce race conditions on parallel builds
+      if: github.event_name == 'push'
+      run: |
         git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
         git status
         git rebase --strategy-option=theirs origin/main --verbose

.github/workflows/typescript-code-analysis.yml

@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       analysis-name: ${{ steps.set-analysis-name.outputs.analysis-name }}
-      uploaded-artifact-name: ${{ steps.set-uploaded-artifact-name.outputs.uploaded-artifact-name }}
+      sources-upload-name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
 
     env: 
       PROJECT_NAME: react-router
@@ -61,41 +61,34 @@ jobs:
     - name: (Prepare Code to Analyze) Install dependencies with pnpm
       run: pnpm install --frozen-lockfile --strict-peer-dependencies
 
-    - name: (Prepare Code to Analyze) Assemble ANALYSIS_NAME
-      run: echo "ANALYSIS_NAME=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> $GITHUB_ENV
+    - name: (Prepare Code to Analyze) Set analysis-name
+      id: set-analysis-name
+      run: echo "analysis-name=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> "$GITHUB_OUTPUT"
 
     - name: (Prepare Code to Analyze) Generate ARTIFACT_UPLOAD_ID
       shell: bash
       run: echo "ARTIFACT_UPLOAD_ID=$(LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 10)" >> $GITHUB_ENV
 
-    - name: (Prepare Code to Analyze) Assemble ARTIFACT_NAME
-      shell: bash
-      run: echo "ARTIFACT_NAME=${{ env.ANALYSIS_NAME }}-analysis-input-${{ env.ARTIFACT_UPLOAD_ID }}" >> $GITHUB_ENV
-
+    - name: (Prepare Code to Analyze) Set sources-upload-name
+      id: set-sources-upload-name
+      run: echo "sources-upload-name=${{ steps.set-analysis-name.outputs.analysis-name }}-analysis-sources_input-${{ env.ARTIFACT_UPLOAD_ID }}" >> "$GITHUB_OUTPUT"
+    
     - name: (Prepare Code to Analyze) Upload code to analyze
       if: success()
       uses: actions/upload-artifact@v4
       with:
-        name: ${{ env.ARTIFACT_NAME }}
+        name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
         path: .
         if-no-files-found: error
         retention-days: 5
 
-    - name: (Prepare Code to Analyze) Set output variable analysis-name
-      id: set-analysis-name
-      run: echo "analysis-name=${{ env.ANALYSIS_NAME }}" >> "$GITHUB_OUTPUT"
-
-    - name: (Prepare Code to Analyze) Set output variable uploaded-artifact-name
-      id: set-uploaded-artifact-name
-      run: echo "uploaded-artifact-name=${{ env.ARTIFACT_NAME }}" >> "$GITHUB_OUTPUT"
-
 
   analyze-code-graph:
     needs: [prepare-code-to-analyze]
     uses: ./.github/workflows/analyze-code-graph.yml
     with:
       analysis-name: ${{ needs.prepare-code-to-analyze.outputs.analysis-name }}
-      uploaded-artifact-name: ${{ needs.prepare-code-to-analyze.outputs.uploaded-artifact-name }}
+      sources-upload-name: ${{ needs.prepare-code-to-analyze.outputs.sources-upload-name }}
 
 
   analysis-results:

renovate.json

@@ -75,6 +75,21 @@
         "npx\\s+--yes\\s+(--package\\s+)?(-p\\s+)?(?<depName>@?[^@]+)@(?<currentValue>.*?)($|\\s+)"
       ],
       "datasourceTemplate": "npm"
+    },
+    {
+      "description": "Update java version in GitHub Action environment variable",
+      "customType": "regex",
+      "datasourceTemplate": "java-version",
+      "depNameTemplate": "java",
+      "packageNameTemplate": "",
+      "fileMatch": [
+        "^(workflow-templates|\\.github/workflows)\\/[^/]+\\.ya?ml$",
+        "(^|\\/)action\\.ya?ml$]"
+      ],
+      "matchStrings": [
+        "JAVA_VERSION:\\s+?(?<currentValue>.*?)\\s+"
+      ],
+      "extractVersionTemplate": "^(?<version>\\d+).*$"
     }
   ]
 }