sdk-platform-java-downstream_unmanaged_dependency_check.yaml

on:
  push:
    branches:
      - main
  pull_request:

name: sdk-platform-java Downstream Unmanaged Dependency Check
env:
  BUILD_SUBDIR: sdk-platform-java
jobs:
  filter:
    runs-on: ubuntu-latest
    outputs:
      library: ${{ steps.filter.outputs.library }}
    steps:
    - uses: actions/checkout@v4
    - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
      id: filter
      with:
        filters: |
          library:
            - 'sdk-platform-java/java-shared-dependencies/**'
            - '.github/workflows/sdk-platform-java-downstream_unmanaged_dependency_check.yaml'
  validate:
    needs: filter
    if: ${{ needs.filter.outputs.library == 'true' }}
    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
      matrix:
        repo:
          - java-bigtable
          - java-firestore
          - java-pubsub
    steps:
      - name: Checkout sdk-platform-java
        uses: actions/checkout@v3
        with:
          path: google-cloud-java
      - name: Checkout the downstream repo
        uses: actions/checkout@v4
        with:
          repository: googleapis/${{ matrix.repo }}
          path: ${{ matrix.repo }}
      - name: Check the environment
        shell: bash
        run: |
          set -euxo pipefail
          pwd
          ls -alt
      - uses: actions/setup-java@v3
        with:
          java-version: 11
          distribution: temurin
          cache: maven
      - name: Install the modules of sdk-platform-java
        shell: bash
        run: .kokoro/build.sh
        env:
          BUILD_SUBDIR: sdk-platform-java
          JOB_TYPE: install
        working-directory: google-cloud-java
      - name: Build unmanaged dependency check
        shell: bash
        working-directory: google-cloud-java/sdk-platform-java/java-shared-dependencies/unmanaged-dependency-check
        run: |
          set -euo pipefail
          pwd
          echo "Install Unmanaged Dependency Check in $(pwd)"
          mvn clean install -V --batch-mode --no-transfer-progress -DskipTests
      - name: Install the modules of the downstream repository
        shell: bash
        working-directory: ${{ matrix.repo }}
        run: |
          # No argument to build.sh installs the modules in local Maven repository
          .kokoro/build.sh
      - name: Run unmanaged dependency check
        shell: bash
        run: |
          set -euo pipefail
          set -x
          # java-bigtable has "-deps-bom" that declares its dependencies. It's not a good
          # BOM to list the artifacts generated by that repository.
          bom_dir=$(find ${{ matrix.repo }} -type d -name 'google-*-bom' ! -name '*-deps-bom')
          bom_absolute_path=$(realpath "${bom_dir}/pom.xml")
          cd google-cloud-java/sdk-platform-java/java-shared-dependencies/unmanaged-dependency-check
          echo "Running Unmanaged Dependency Check against ${bom_absolute_path}"
          unmanaged_dependencies=$(mvn exec:java -Dexec.args="../pom.xml ${bom_absolute_path}" -q)
          if [[ "${unmanaged_dependencies}" != "[]" ]]; then
            echo "With this change, the unmanaged dependencies check installed in ${{ matrix.repo }} will start to"
            echo "fail due to ${unmanaged_dependencies}, among the artifacts listed in ${bom_absolute_path}."
            exit 1
          fi
          echo "Unmanaged dependency check passed"
  required:
    needs: [ validate ]
    name: conditional-required-check
    if: ${{ always() }} # Always run even if any "needs" jobs fail
    runs-on: ubuntu-22.04
    steps:
      - name: Fail if any previous failure
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1
      - name: Success otherwise
        run: echo "Success!"