apache
diff --git a/‎.github/actions/gh-api-approve-run/action.yml‎
Lines changed: 55 additions & 0 deletions b/‎.github/actions/gh-api-approve-run/action.yml‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎.github/actions/gh-api-update-status/action.yml‎
Lines changed: 67 additions & 0 deletions b/‎.github/actions/gh-api-update-status/action.yml‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎.github/actions/run-gradle/action.yml‎
Lines changed: 75 additions & 0 deletions b/‎.github/actions/run-gradle/action.yml‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎.github/actions/setup-gradle/action.yml‎
Lines changed: 59 additions & 0 deletions b/‎.github/actions/setup-gradle/action.yml‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎.github/actions/setup-python/action.yml‎
Lines changed: 30 additions & 0 deletions b/‎.github/actions/setup-python/action.yml‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎.github/scripts/checkstyle.py‎
Lines changed: 98 additions & 0 deletions b/‎.github/scripts/checkstyle.py‎
Lines changed: 98 additions & 0 deletions
@@ -0,0 +1,55 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+---
+name: "Approve Workflow Run"
+description: "Approve a Workflow run that has been submitted by a non-committer"
+inputs:
+  gh-token:
+    description: "The GitHub token for use with the CLI"
+    required: true
+  repository:
+    description: "The GitHub repository"
+    required: true
+    default: "apache/kafka"
+  run_id:
+    description: "The Workflow Run ID"
+    required: true
+  pr_number:
+    description: "The Pull Request number"
+    required: true
+  commit_sha:
+    description: "The SHA of the commit the run is for"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Approve Workflow Run
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.gh-token }}
+        REPO: ${{ inputs.repository }}
+        RUN_ID: ${{ inputs.run_id }}
+        PR_NUMBER: ${{ inputs.pr_number }}
+        COMMIT_SHA: ${{ inputs.commit_sha }}
+      run: |
+        echo "Approving workflow run $RUN_ID for PR $PR_NUMBER at SHA $COMMIT_SHA";
+        gh api --method POST \
+              -H 'Accept: application/vnd.github+json' \
+              -H 'X-GitHub-Api-Version: 2022-11-28' \
+              /repos/$REPO/actions/runs/$RUN_ID/approve
@@ -0,0 +1,67 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+---
+name: "Update Commit Status Check"
+description: "Update the status of a commit check using the GH CLI"
+inputs:
+  # Composite actions do not support typed parameters. Everything is treated as a string
+  # See: https://github.com/actions/runner/issues/2238
+  gh-token:
+    description: "The GitHub token for use with the CLI"
+    required: true
+  repository:
+    description: "The GitHub repository"
+    required: true
+    default: "apache/kafka"
+  commit_sha:
+    description: "The SHA of the commit we are updating"
+    required: true
+  url:
+    description: "The URL of the status check"
+    required: false
+    default: ""
+  description:
+    description: "The text to display next to the check"
+    default: ""
+    required: false
+  context:
+    description: "The name of the status check"
+    required: true
+  state:
+    description: "The state of the check. Can be one of: error, failure, pending, success"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Update Check
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.gh-token }}
+        REPO: ${{ inputs.repository }}
+        COMMIT_SHA: ${{ inputs.commit_sha }}
+        STATE: ${{ inputs.state }}
+        URL: ${{ inputs.url }}
+        DESCRIPTION: ${{ inputs.description }}
+        CONTEXT: ${{ inputs.context }}
+      run: |
+        gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
+        /repos/$REPO/statuses/$COMMIT_SHA \
+        -f "state=$STATE" -f "target_url=$URL" \
+        -f "description=$DESCRIPTION" \
+        -f "context=$CONTEXT"
@@ -0,0 +1,75 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+---
+name: "Run Tests with Gradle"
+description: "Run specified Gradle test tasks with configuration for timeout and test catalog."
+inputs:
+  # Composite actions do not support typed parameters. Everything is treated as a string
+  # See: https://github.com/actions/runner/issues/2238
+  test-task:
+    description: "The test suite to run. Either 'test' or 'quarantinedTest'."
+    required: true
+  timeout-minutes:
+    description: "The timeout for the tests, in minutes."
+    required: true
+  test-catalog-path:
+    description: "The file path of the test catalog file."
+    required: true
+  build-scan-artifact-name:
+    description: "The name to use for archiving the build scan."
+    required: true
+outputs:
+  gradle-exitcode:
+    description: "The result of the Gradle test task."
+    value: ${{ steps.run-tests.outputs.exitcode }}
+runs:
+  using: "composite"
+  steps:
+    - name: Run JUnit Tests (${{ inputs.test-task }})
+      # Gradle flags
+      # --build-cache:  Let Gradle restore the build cache
+      # --no-scan:      Don't attempt to publish the scan yet. We want to archive it first.
+      # --continue:     Keep running even if a test fails
+      # -PcommitId      Prevent the Git SHA being written into the jar files (which breaks caching)
+      shell: bash
+      id: run-tests
+      env:
+        TIMEOUT_MINUTES: ${{ inputs.timeout-minutes}}
+        TEST_CATALOG: ${{ inputs.test-catalog-path }}
+        TEST_TASK: ${{ inputs.test-task }}
+      run: |
+        set +e
+        ./.github/scripts/thread-dump.sh &
+        timeout ${TIMEOUT_MINUTES}m ./gradlew --build-cache --continue --no-scan \
+        -PtestLoggingEvents=started,passed,skipped,failed \
+        -PmaxParallelForks=2 \
+        -PmaxTestRetries=1 -PmaxTestRetryFailures=10 \
+        -PmaxQuarantineTestRetries=3 -PmaxQuarantineTestRetryFailures=0 \
+        -Pkafka.test.catalog.file=$TEST_CATALOG \
+        -PcommitId=xxxxxxxxxxxxxxxx \
+        $TEST_TASK
+        exitcode="$?"
+        echo "exitcode=$exitcode" >> $GITHUB_OUTPUT
+    - name: Archive build scan (${{ inputs.test-task }})
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.build-scan-artifact-name }}
+        path: ~/.gradle/build-scan-data
+        compression-level: 9
+        if-no-files-found: ignore
@@ -0,0 +1,59 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+---
+name: "Gradle Setup"
+description: "Setup Java and Gradle"
+inputs:
+  # Composite actions do not support typed parameters. Everything is treated as a string
+  # See: https://github.com/actions/runner/issues/2238
+  java-version:
+    description: "Java version to use"
+    default: "17"
+  gradle-cache-read-only:
+    description: "Should the Gradle cache be read-only?"
+    default: "true"
+  gradle-cache-write-only:
+    description: "Should the Gradle cache be write-only?"
+    default: "false"
+  develocity-access-key:
+    description: "Optional access key for uploading build scans to Develocity"
+    default: ""
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version: ${{ inputs.java-version }}
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
+      env:
+        GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
+      with:
+        gradle-version: wrapper
+        develocity-access-key: ${{ inputs.develocity-access-key }}
+        develocity-token-expiry: 4
+        cache-read-only: ${{ inputs.gradle-cache-read-only }}
+        cache-write-only: ${{ inputs.gradle-cache-write-only }}
+        # Cache downloaded JDKs in addition to the default directories.
+        gradle-home-cache-includes: |
+          caches
+          notifications
+          jdks
+        cache-cleanup: on-success
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+---
+name: "Python Setup"
+description: "Setup Python and install dependencies"
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.12
+    - name: Pip install
+      shell: bash
+      run: pip install -r .github/scripts/requirements.txt
@@ -0,0 +1,98 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from glob import glob
+import logging
+import os
+import os.path
+import sys
+from typing import Tuple, Optional
+import xml.etree.ElementTree
+
+
+logger = logging.getLogger()
+logger.setLevel(logging.DEBUG)
+handler = logging.StreamHandler(sys.stderr)
+handler.setLevel(logging.DEBUG)
+logger.addHandler(handler)
+
+
+def get_env(key: str) -> str:
+    value = os.getenv(key)
+    logger.debug(f"Read env {key}: {value}")
+    return value
+
+
+def parse_report(workspace_path, fp) -> Tuple[int, int]:
+    stack = []
+    errors = []
+    file_count = 0
+    error_count = 0
+    for (event, elem) in xml.etree.ElementTree.iterparse(fp, events=["start", "end"]):
+        if event == "start":
+            stack.append(elem)   
+            if elem.tag == "file":
+                file_count += 1
+                errors.clear()
+            if elem.tag == "error":
+                logger.debug(f"Found checkstyle error: {elem.attrib}")
+                errors.append(elem)
+                error_count += 1
+        elif event == "end":
+            if elem.tag == "file" and len(errors) > 0:
+                filename = elem.get("name")
+                rel_path = os.path.relpath(filename, workspace_path)
+                logger.debug(f"Outputting errors for file: {elem.attrib}")
+                for error in errors:
+                    line = error.get("line")
+                    col = error.get("column")
+                    severity = error.get("severity")
+                    message = error.get('message')
+                    title = f"Checkstyle {severity}"
+                    print(f"::notice file={rel_path},line={line},col={col},title={title}::{message}")
+            stack.pop()
+        else:
+            logger.error(f"Unhandled xml event {event}: {elem}")
+    return file_count, error_count
+
+
+if __name__ == "__main__":
+    """
+    Parse checkstyle XML reports and generate GitHub annotations.
+
+    See: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#setting-a-notice-message
+    """
+    if not os.getenv("GITHUB_WORKSPACE"):
+        print("This script is intended to by run by GitHub Actions.")
+        exit(1)
+    
+    reports = glob(pathname="**/checkstyle/*.xml", recursive=True)
+    logger.debug(f"Found {len(reports)} checkstyle reports")
+    total_file_count = 0
+    total_error_count = 0
+
+    workspace_path = get_env("GITHUB_WORKSPACE") # e.g., /home/runner/work/apache/kafka
+
+    for report in reports:
+        with open(report, "r") as fp:
+            logger.debug(f"Parsing report file: {report}")
+            file_count, error_count = parse_report(workspace_path, fp)
+            if error_count == 1:
+                logger.debug(f"Checked {file_count} files from {report} and found 1 error")
+            else:
+                logger.debug(f"Checked {file_count} files from {report} and found {error_count} errors")
+            total_file_count += file_count
+            total_error_count += error_count
+    exit(0)