search

spotify / voyager

🛰️ An approximate nearest-neighbor search library for Python and Java with a focus on ease of use, simplicity, and deployability.
https://spotify.github.io/voyager/
Apache License 2.0
1.26k stars 51 forks source link

Remove need for GPG key at test time. #47

Closed psobot closed 8 months ago

psobot commented 8 months ago

Should resolve the issue seen in #35.

The issue is that GitHub Actions secrets aren't used for PRs from forks:

Anyone with collaborator access to this repository can use these secrets and variables for actions. They are not passed to workflows that are triggered by a pull request from a fork.

Our build setup passes MAVEN_GPG_PASSPHRASE into the build at test time, even though it's not needed; and when receiving a PR from an external collaborator, the variable is empty:

 mvn --batch-mode verify
  shell: /usr/bin/bash -e {0}
  env:
    JAVA_HOME: /opt/hostedtoolcache/Java_Corretto_jdk/11.0.21-9.1/x64
    JAVA_HOME_11_X64: /opt/hostedtoolcache/Java_Corretto_jdk/11.0.21-9.1/x64
    MAVEN_GPG_PASSPHRASE:

We don't need to GPG-sign the package just to test it, given that the default Maven lifecycle is validate, compile, test, package, verify, install, deploy (in that order). This PR attempts to fix the issue by switching from mvn verify to mvn test.