ACS-6304 Investigate SAST Pipeline Scan #3706

Workflow file for this run

	name: Alfresco Community Repo CI

	on:
	pull_request:
	branches:
	- feature/**
	- fix/**
	- master
	- release/**
	push:
	branches:
	- feature/**
	- fix/**
	workflow_call:
	workflow_dispatch:

	env:
	DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
	DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }}
	GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60
	LOG_WARN: "-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
	MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
	MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
	QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
	QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
	CI_WORKSPACE: ${{ github.workspace }}
	TAS_ENVIRONMENT: ./packaging/tests/environment
	TAS_SCRIPTS: ../alfresco-community-repo/packaging/tests/scripts
	AUTH0_CLIENT_ID: ${{ secrets.AUTH0_OIDC_ADMIN_CLIENT_ID }}
	AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_OIDC_CLIENT_SECRET }}
	AUTH0_ADMIN_PASSWORD: ${{ secrets.AUTH0_OIDC_ADMIN_PASSWORD }}

	jobs:
	prepare:
	name: "Prepare"
	runs-on: ubuntu-latest
	if: >
	!contains(github.event.head_commit.message, '[skip tests]') &&
	!contains(github.event.head_commit.message, '[force')
	steps:
	- uses: actions/checkout@v3
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- name: "Init"
	run: bash ./scripts/ci/init.sh
	- name: "Prepare maven cache and check compilation"
	run: bash ./scripts/ci/prepare.sh
	- name: "Clean Maven cache"
	run: bash ./scripts/ci/cleanup_cache.sh

	# veracode_sca:
	# name: "Source Clear Scan (SCA)"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request') &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# continue-on-error: true
	# with:
	# srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh

	veracode_sast:
	name: "Pipeline SAST Scan"
	runs-on: ubuntu-latest
	needs: [prepare]
	if: >
	(github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request') &&
	github.actor != 'dependabot[bot]' &&
	!contains(github.event.head_commit.message, '[skip tests]') &&
	!contains(github.event.head_commit.message, '[force')
	steps:
	- uses: actions/checkout@v3
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	with:
	token: ${{ secrets.BOT_GITHUB_TOKEN }}
	repository: "Alfresco/veracode-baseline-archive"
	file-path: "alfresco-community-repo/alfresco-community-repo-baseline.json"
	target: "baseline.json"
	- name: "Build"
	timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	run: \|
	bash ./scripts/ci/init.sh
	bash ./scripts/ci/build.sh
	- name: "Run SAST Scan"
	uses: veracode/[email protected]
	with:
	vid: ${{ secrets.VERACODE_API_ID }}
	vkey: ${{ secrets.VERACODE_API_KEY }}
	file: "packaging/war/target/alfresco.war"
	fail_build: true
	project_name: alfresco-community-repo
	issue_details: true
	veracode_policy_name: Alfresco Default
	summary_output: true
	summary_output_file: results.json
	summary_display: true
	baseline_file: baseline.json
	- name: Upload scan result
	if: success() \|\| failure()
	run: zip readable_output.zip results.json
	- name: Upload Artifact
	if: success() \|\| failure()
	uses: actions/upload-artifact@v3
	with:
	name: Veracode Pipeline-Scan Results (Human Readable)
	path: readable_output.zip
	- name: "Clean Maven cache"
	run: bash ./scripts/ci/cleanup_cache.sh

	# pmd_scan:
	# name: "PMD Scan"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# github.event_name == 'pull_request' &&
	# !contains(github.event.head_commit.message, '[skip pmd]') &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force]')
	# steps:
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/[email protected]
	# with:
	# classpath-build-command: "mvn test-compile -ntp -Pags -pl \"-:alfresco-community-repo-docker\""
	#
	# all_unit_tests_suite:
	# name: "Core, Data-Model, Repository - AllUnitTestsSuite - Build and test"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# !contains(github.event.head_commit.message, '[skip repo]') &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run tests"
	# run: \|
	# mvn -B test -pl core,data-model -am -DfailIfNoTests=false
	# mvn -B test -pl "repository,mmt" -am "-Dtest=AllUnitTestsSuite,AllMmtUnitTestSuite" -DfailIfNoTests=false
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# remote_api_app_context_test_suites:
	# name: Remote-api - ${{ matrix.testSuite }}
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# !contains(github.event.head_commit.message, '[skip repo]') &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# strategy:
	# fail-fast: false
	# matrix:
	# include:
	# - testSuite: AppContext01TestSuite
	# compose-profile: default
	# - testSuite: AppContext02TestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: AppContext03TestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: AppContext04TestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: AppContextExtraTestSuite
	# compose-profile: default
	# env:
	# REQUIRES_INSTALLED_ARTIFACTS: true
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Build"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: \|
	# bash ./scripts/ci/init.sh
	# bash ./scripts/ci/build.sh
	# - name: "Set transformers tag"
	# run: echo "TRANSFORMERS_TAG=$(mvn help:evaluate -Dexpression=dependency.alfresco-transform-core.version -q -DforceStdout)" >> $GITHUB_ENV
	# - name: "Set up the environment"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile ${{ matrix.compose-profile }} up -d
	# - name: "Run tests"
	# run: mvn -B test -pl remote-api -Dtest=${{ matrix.testSuite }} -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_mariadb_tests:
	# name: Repository - MariaDB ${{ matrix.version }} tests
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/')) &&
	# github.event_name != 'pull_request' &&
	# !contains(github.event.head_commit.message, '[skip db]')) \|\|
	# contains(github.event.head_commit.message, '[db]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# strategy:
	# fail-fast: false
	# matrix:
	# version: ['10.2.18', '10.4', '10.5']
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: Run MariaDB ${{ matrix.version }} database
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile mariadb up -d
	# env:
	# MARIADB_VERSION: ${{ matrix.version }}
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_mariadb_10_6_tests:
	# name: "Repository - MariaDB 10.6 tests"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request') &&
	# !contains(github.event.head_commit.message, '[skip db]')) \|\|
	# contains(github.event.head_commit.message, '[latest db]') \|\|
	# contains(github.event.head_commit.message, '[db]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run MariaDB 10.6 database"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile mariadb up -d
	# env:
	# MARIADB_VERSION: 10.6
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_mysql_tests:
	# name: Repository - MySQL 8 tests
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request') &&
	# !contains(github.event.head_commit.message, '[skip db]')) \|\|
	# contains(github.event.head_commit.message, '[latest db]') \|\|
	# contains(github.event.head_commit.message, '[db]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run MySQL 8 database"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile mysql up -d
	# env:
	# MYSQL_VERSION: 8
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=com.mysql.jdbc.Driver -Ddb.name=alfresco -Ddb.url=jdbc:mysql://localhost:3307/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_postgresql_13_12_tests:
	# name: "Repository - PostgreSQL 13.12 tests"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/')) && github.event_name != 'pull_request' &&
	# !contains(github.event.head_commit.message, '[skip db]')) \|\|
	# contains(github.event.head_commit.message, '[db]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run PostgreSQL 13.12 database"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile postgres up -d
	# env:
	# POSTGRES_VERSION: 13.12
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_postgresql_14_9_tests:
	# name: "Repository - PostgreSQL 14.9 tests"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/')) && github.event_name != 'pull_request' &&
	# !contains(github.event.head_commit.message, '[skip db]')) \|\|
	# contains(github.event.head_commit.message, '[db]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run PostgreSQL 14.9 database"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile postgres up -d
	# env:
	# POSTGRES_VERSION: 14.9
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_postgresql_15_4_tests:
	# name: "Repository - PostgreSQL 15.4 tests"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (!contains(github.event.head_commit.message, '[skip db]') \|\|
	# contains(github.event.head_commit.message, '[latest db]') \|\|
	# contains(github.event.head_commit.message, '[db]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run PostgreSQL 15.4 database"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile postgres up -d
	# env:
	# POSTGRES_VERSION: 15.4
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_messaging_tests:
	# name: Repository - Messaging tests
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# !contains(github.event.head_commit.message, '[skip repo]') &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run ActiveMQ"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile activemq up -d
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=CamelRoutesTest,CamelComponentsTest -DfailIfNoTests=false
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# repository_app_context_test_suites:
	# name: Repository - ${{ matrix.testSuite }} ${{ matrix.idp }}
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# !contains(github.event.head_commit.message, '[skip repo]') &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# strategy:
	# fail-fast: false
	# matrix:
	# include:
	# - testSuite: AppContext01TestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: AppContext02TestSuite
	# compose-profile: default
	# - testSuite: AppContext03TestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: AppContext04TestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: AppContext05TestSuite
	# compose-profile: with-sso
	# mvn-options: '-Didentity-service.auth-server-url=http://${HOST_IP}:8999/auth -Dauthentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm'
	# idp: Keycloak
	# - testSuite: AppContext05TestSuite
	# compose-profile: default
	# mvn-options: '-Didentity-service.auth-server-url=https://dev-ps-alfresco.auth0.com/ -Dauthentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm -Didentity-service.audience=http://localhost:3000 -Didentity-service.resource=${AUTH0_CLIENT_ID} -Didentity-service.credentials.secret=${AUTH0_CLIENT_SECRET} -Didentity-service.public-client=false -Didentity-service.realm= -Didentity-service.client-id.validation.disabled=false [email protected] -Dadmin.password=${AUTH0_ADMIN_PASSWORD} -Dauth0.enabled=true -Dauth0.admin.password=${AUTH0_ADMIN_PASSWORD} -Didentity-service.principal-attribute=nickname'
	# idp: Auth0
	# - testSuite: AppContext06TestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: AppContextExtraTestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: MiscContextTestSuite
	# compose-profile: with-transform-core-aio
	# - testSuite: SearchTestSuite
	# compose-profile: default
	# mvn-options: '-Dindex.subsystem.name=solr6'
	# - testSuite: MTLSTestSuite
	# compose-profile: with-mtls-transform-core-aio
	# mtls: true
	# disabledHostnameVerification: false
	# mvn-options: '-Dencryption.ssl.keystore.location=${CI_WORKSPACE}/keystores/alfresco/alfresco.keystore -Dencryption.ssl.truststore.location=${CI_WORKSPACE}/keystores/alfresco/alfresco.truststore'
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Set transformers tag"
	# run: echo "TRANSFORMERS_TAG=$(mvn help:evaluate -Dexpression=dependency.alfresco-transform-core.version -q -DforceStdout)" >> $GITHUB_ENV
	# - name: "Set the host IP"
	# run: echo "HOST_IP=$(hostname -I \| cut -f1 -d' ')" >> $GITHUB_ENV
	# - name: "Generate Keystores and Truststores for Mutual TLS configuration"
	# if: ${{ matrix.mtls }}
	# run: \|
	# git clone -b "master" --depth=1 "https://${{ secrets.BOT_GITHUB_USERNAME }}:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/Alfresco/alfresco-ssl-generator.git"
	# if ${{ matrix.disabledHostnameVerification }} ; then
	# bash ${{ env.CI_WORKSPACE }}/alfresco-ssl-generator/scripts/ci/generate_keystores_wrong_hostnames.sh
	# echo "HOSTNAME_VERIFICATION_DISABLED=true" >> "$GITHUB_ENV"
	# else
	# bash ${{ env.CI_WORKSPACE }}/alfresco-ssl-generator/scripts/ci/generate_keystores.sh
	# echo "HOSTNAME_VERIFICATION_DISABLED=false" >> "$GITHUB_ENV"
	# fi
	# - name: "Set up the environment"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile ${{ matrix.compose-profile }} up -d
	# - name: "Run tests"
	# run: mvn -B test -pl repository -am -Dtest=${{ matrix.testSuite }} -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco ${{ matrix.mvn-options }}
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# tas_tests:
	# name: ${{ matrix.test-name }}
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request' ) &&
	# !contains(github.event.head_commit.message, '[skip tas]')) \|\|
	# contains(github.event.head_commit.message, '[tas]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# strategy:
	# fail-fast: false
	# matrix:
	# include:
	# - test-name: "REST API TAS tests part1"
	# pom-dir: tas-restapi
	# test-profile: run-restapi-part1
	# - test-name: "REST API TAS tests part2"
	# pom-dir: tas-restapi
	# test-profile: run-restapi-part2
	# - test-name: "REST API TAS tests part3"
	# pom-dir: tas-restapi
	# test-profile: run-restapi-part3
	# - test-name: "CMIS TAS tests - BROWSER binding"
	# pom-dir: tas-cmis
	# test-profile: run-cmis-browser
	# - test-name: "CMIS TAS tests - ATOM binding"
	# pom-dir: tas-cmis
	# test-profile: run-cmis-atom
	# - test-name: "CMIS TAS tests - WEBSERVICES binding"
	# pom-dir: tas-cmis
	# test-profile: run-cmis-webservices
	# - test-name: "Email TAS tests"
	# pom-dir: tas-email
	# - test-name: "WebDAV TAS tests"
	# pom-dir: tas-webdav
	# - test-name: "Integration TAS tests"
	# pom-dir: tas-integration
	# env:
	# REQUIRES_LOCAL_IMAGES: true
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Build"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: \|
	# bash ./scripts/ci/init.sh
	# bash ./scripts/ci/build.sh
	# - name: "Set up the environment"
	# run: \|
	# ${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/docker-compose-minimal+transforms.yml
	# ${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco"
	# - name: "Build TAS integration tests"
	# if: ${{ matrix.test-name }} == 'Integration TAS tests'
	# run: mvn install -pl :alfresco-community-repo-integration-test -am -DskipTests -Pall-tas-tests
	# - name: "Run tests"
	# id: tests
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: mvn -B verify -f packaging/tests/${{ matrix.pom-dir }}/pom.xml -Pall-tas-tests,${{ matrix.test-profile }} -Denvironment=default -DrunBugs=false
	# - name: "Print output after success"
	# if: ${{ always() && steps.tests.outcome == 'success' }}
	# run: ${TAS_SCRIPTS}/output_tests_run.sh "packaging/tests/${{ matrix.pom-dir }}"
	# - name: "Print output after failure"
	# if: ${{ always() && steps.tests.outcome == 'failure' }}
	# run: ${TAS_SCRIPTS}/output_logs_for_failures.sh "packaging/tests/${{ matrix.pom-dir }}"
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# share_services_test_suite:
	# name: Share Services - ShareServicesTestSuite
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# !contains(github.event.head_commit.message, '[skip repo]') &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Init"
	# run: bash ./scripts/ci/init.sh
	# - name: "Run Postgres 15.4 database"
	# run: docker-compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile postgres up -d
	# - name: "Run tests"
	# run: mvn -B test -pl :alfresco-share-services -am -Dtest=ShareServicesTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# ags_postgresql_tests:
	# name: AGS Integration Tests 0${{ matrix.part }} (PostgreSQL) ${{ matrix.test-name }}
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request' ) &&
	# !contains(github.event.head_commit.message, '[skip ags]')) \|\|
	# contains(github.event.head_commit.message, '[ags]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# strategy:
	# fail-fast: false
	# matrix:
	# part: [1, 2, 3, 4]
	# env:
	# REQUIRES_INSTALLED_ARTIFACTS: true
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Build"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: \|
	# bash ./scripts/ci/init.sh
	# bash ./scripts/ci/build.sh
	# - name: "Verify"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: mvn --file amps/ags/pom.xml -B verify -Dmaven.javadoc.skip=true -Dmaven.source.skip=true -Pags -Pstart-postgres -PagsAllTestSuitePt${{ matrix.part }} ${{ env.LOG_WARN }}
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# ags_mysql_tests:
	# name: AGS Integration Tests 0${{ matrix.part }} (MySQL) ${{ matrix.test-name }}
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request' ) &&
	# !contains(github.event.head_commit.message, '[skip ags]')) \|\|
	# contains(github.event.head_commit.message, '[ags on MySQL]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# strategy:
	# fail-fast: false
	# matrix:
	# part: [1, 2, 3, 4]
	# env:
	# REQUIRES_INSTALLED_ARTIFACTS: true
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Build"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: \|
	# bash ./scripts/ci/init.sh
	# bash ./scripts/ci/build.sh
	# - name: "Verify"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: mvn --file amps/ags/pom.xml -B verify -Dmaven.javadoc.skip=true -Dmaven.source.skip=true -Pags -Pstart-mysql -PagsAllTestSuitePt${{ matrix.part }} ${{ env.LOG_WARN }}
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# ags_community_rest_api_tests:
	# name: "AGS Community Rest API Tests"
	# runs-on: ubuntu-latest
	# needs: [prepare]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request' ) &&
	# !contains(github.event.head_commit.message, '[skip ags]') && !contains(github.event.head_commit.message, '[skip tas]')) \|\|
	# (contains(github.event.head_commit.message, '[ags]') && contains(github.event.head_commit.message, '[tas]'))) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force')
	# env:
	# REQUIRES_LOCAL_IMAGES: true
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Build"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: \|
	# bash ./scripts/ci/init.sh
	# bash ./scripts/ci/build.sh
	# - name: "Set up the environment"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: \|
	# ${{ env.TAS_SCRIPTS }}/start-compose.sh ./amps/ags/rm-community/rm-community-repo/docker-compose.yml
	# ${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8080/alfresco"
	# mvn -B install -pl :alfresco-governance-services-automation-community-rest-api -am -Pags -Pall-tas-tests -DskipTests
	# - name: "Test"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: mvn -B test -pl :alfresco-governance-services-automation-community-rest-api -Dskip.automationtests=false -Pags -Pall-tas-tests
	# - name: "Configure AWS credentials"
	# if: ${{ always() }}
	# uses: aws-actions/configure-aws-credentials@v1
	# with:
	# aws-access-key-id: ${{ secrets.AGS_AWS_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.AGS_AWS_SECRET_ACCESS_KEY }}
	# aws-region: us-east-1
	# - name: "Upload artifacts to Amazon S3 bucket"
	# if: ${{ always() }}
	# run: \|
	# bash amps/ags/ci/scripts/getLogs.sh
	# aws s3 cp --acl private alfresco.log s3://ags-travis-artifacts/community/${{ github.run_number }}/AGS-Community-Rest-API-Tests/alfresco.log
	# aws s3 cp --acl private solr.log s3://ags-travis-artifacts/community/${{ github.run_number }}/AGS-Community-Rest-API-Tests/solr.log
	# aws s3 cp --acl private ./amps/ags/rm-automation/rm-automation-community-rest-api/target/reports/rm-automation-community-rest-api.log s3://ags-travis-artifacts/community/${{ github.run_number }}/AGS-Community-Rest-API-Tests/rm-automation-community-rest-api.log
	# - name: "Clean Maven cache"
	# run: bash ./scripts/ci/cleanup_cache.sh
	#
	# ags_start_api_explorer:
	# name: "Test Tomcat deployment of api explorer"
	# runs-on: ubuntu-latest
	# needs: [ prepare ]
	# if: >
	# (((github.ref_name == 'master' \|\| startsWith(github.ref_name, 'release/') \|\| github.event_name == 'pull_request' ) &&
	# !contains(github.event.head_commit.message, '[skip ags]')) \|\|
	# contains(github.event.head_commit.message, '[ags]')) &&
	# !contains(github.event.head_commit.message, '[skip tests]') &&
	# !contains(github.event.head_commit.message, '[force]')
	# steps:
	# - uses: actions/checkout@v3
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	# - name: "Build"
	# timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	# run: \|
	# bash ./scripts/ci/init.sh
	# bash ./scripts/ci/build.sh
	# - name: "Test Tomcat deployment"
	# run: \|
	# mvn verify -Pags,start-api-explorer -DskipTests &
	# ${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8085/api-explorer"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ACS-6304 Investigate SAST Pipeline Scan #3706

Workflow file

ACS-6304 Investigate SAST Pipeline Scan #3706

Jobs

Run details

Workflow file for this run