Skip to content

[PRODSEC-9642] fix commons-io vulnerability #172

[PRODSEC-9642] fix commons-io vulnerability

[PRODSEC-9642] fix commons-io vulnerability #172

Workflow file for this run

name: Alfresco SDK CI
on:
pull_request:
branches:
- master
- fix/**
- feature/**
- sdk-4.5
push:
branches:
- master
- fix/**
- feature/**
- sdk-4.5
workflow_dispatch:
env:
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_CENTRAL_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }}
MAVEN_CENTRAL_PASSWORD: ${{ secrets.OSS_SONATYPE_PASSWORD }}
jobs:
pre_commit:
runs-on: ubuntu-latest
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
veracode_sca:
name: "Veracode - Source Clear Scan (SCA)"
runs-on: ubuntu-latest
if: >
github.ref_name == 'master' ||
github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Clean-up SNAPSHOT artifacts"
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
build:
name: "Build application"
runs-on: ubuntu-latest
needs: [pre_commit]
if: "!contains(github.event.head_commit.message, '[skip tests]')"
env:
MAVEN_CLI_OPTS: >
-B -q -e -fae -V -DinstallAtEnd=true -U
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
run: mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V
- name: "Verify"
run: mvn $MAVEN_CLI_OPTS verify -Dlogging.root.level=off -Dspring.main.banner-mode=off
tests:
name: ${{ matrix.name }}
runs-on: ubuntu-latest
needs: [build]
if: >
!(failure() || cancelled()) &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
include:
- name: "current version Java 17"
java-version: 17
- name: "23.3 Enterprise Java 17"
java-version: 17
suite: -Penterprise-233-tests
- name: "23.3 Community Java 17"
java-version: 17
suite: -Pcommunity-233-tests
- name: "23.2 Enterprise Java 17"
java-version: 17
suite: -Penterprise-232-tests
- name: "23.2 Community Java 17"
java-version: 17
suite: -Pcommunity-232-tests
- name: "23.1 Enterprise Java 17"
java-version: 17
suite: -Penterprise-231-tests
- name: "23.1 Community Java 17"
java-version: 17
suite: -Pcommunity-231-tests
- name: "7.4 Enterprise Java 17"
java-version: 17
suite: -Penterprise-74-tests
- name: "7.4 Community Java 17"
java-version: 17
suite: -Pcommunity-74-tests
- name: "7.4 Enterprise Java 11"
java-version: 11
suite: -Penterprise-74-tests
- name: "7.4 Community Java 11"
java-version: 11
suite: -Pcommunity-74-tests
- name: "7.3 Enterprise Java 17"
java-version: 17
suite: -Penterprise-73-tests
- name: "7.3 Community Java 17"
java-version: 17
suite: -Pcommunity-73-tests
- name: "7.3 Enterprise Java 11"
java-version: 11
suite: -Penterprise-73-tests
- name: "7.3 Community Java 11"
java-version: 11
suite: -Pcommunity-73-tests
- name: "7.2 Enterprise"
java-version: 11
suite: -Penterprise-72-tests
- name: "7.2 Community"
java-version: 11
suite: -Pcommunity-72-tests
- name: "7.1 Enterprise"
java-version: 11
suite: -Penterprise-71-tests
- name: "7.1 Community"
java-version: 11
suite: -Pcommunity-71-tests
- name: "7.0 Enterprise"
java-version: 11
suite: -Penterprise-70-tests
- name: "7.0 Community"
java-version: 11
suite: -Pcommunity-70-tests
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
java-version: ${{ matrix.java-version }}
- name: "Login to Docker Hub"
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: "Login to Quay.io"
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: "Build"
run: mvn clean install -B ${{ matrix.suite }}
publish:
name: "Publish artifacts"
runs-on: ubuntu-latest
needs: [tests]
if: >
contains(github.event.head_commit.message, '[publish]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
run: mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V
- name: "Publish"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: mvn deploy $MAVEN_CLI_OPTS -DskipTests