Skip to content

[PRODSEC-9480] spring security core vulnerability (#250) #331

[PRODSEC-9480] spring security core vulnerability (#250)

[PRODSEC-9480] spring security core vulnerability (#250) #331

Workflow file for this run

name: Alfresco Java SDK CI
on:
push:
branches:
- develop
- release/**
- dev-**
- fix/**
pull_request:
branches:
- develop
- release/**
- dev-**
types:
- opened
- reopened
- synchronize
- labeled
workflow_dispatch:
env:
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60
CONTENT_SERVICE_SECURITY_BASICAUTH_PASSWORD: ${{ secrets.CONTENT_SERVICE_SECURITY_BASICAUTH_PASSWORD }}
CONTENT_SERVICE_SECURITY_BASICAUTH_USERNAME: ${{ secrets.CONTENT_SERVICE_SECURITY_BASICAUTH_USERNAME }}
CONTENT_SERVICE_URL: ${{ secrets.CONTENT_SERVICE_URL }}
AGS_VERSION: 23.3.0.84
ACS_VERSION: 23.3.0
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }}
GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }}
GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }}
GITHUB_EVENT: ${{ github.event_name }}
BRANCH_NAME: ${{ github.ref_name }}
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
veracode_sca:
name: "Veracode - Source Clear Scan (SCA)"
runs-on: ubuntu-latest
if: >
github.ref_name == 'develop' ||
github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v3
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Clean-up SNAPSHOT artifacts"
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
build_and_verify:
name: "Build and Verify"
runs-on: ubuntu-latest
needs:
- pre-commit
env:
MAVEN_CLI_OPTS: >
source:jar -B -q -e -fae -V -DinstallAtEnd=true -U -Ddoclint=none
-Dags.version=${AGS_VERSION}
-Dacs.version=${ACS_VERSION}
steps:
- uses: actions/checkout@v3
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: mvn install $MAVEN_CLI_OPTS -DskipTests=true -Dmaven.javadoc.skip=true
- name: "Run tests"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: mvn verify $MAVEN_CLI_OPTS -Dlogging.root.level=off -Dspring.main.banner-mode=off
release:
runs-on: ubuntu-latest
needs:
- build_and_verify
if: >
!(failure() || cancelled()) &&
!contains(github.event.head_commit.message, '[no release]') &&
github.event_name != 'pull_request' &&
contains(github.event.head_commit.message, '[release]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Release"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/verify_release_tag.sh
bash ./scripts/ci/maven_release.sh
publish:
name: "Publish"
runs-on: ubuntu-latest
if: >
contains(github.event.head_commit.message, '[publish]')
needs:
- build_and_verify
env:
MAVEN_CLI_OPTS: >
source:jar -B -q -e -fae -V -DinstallAtEnd=true -U -Ddoclint=none
-DaltReleaseDeploymentRepository=alfresco-public::default::https://artifacts.alfresco.com/nexus/content/repositories/releases
-DaltSnapshotDeploymentRepository=alfresco-public-snapshots::default::https://artifacts.alfresco.com/nexus/content/repositories/snapshots
-Dags.version=${AGS_VERSION}
-Dacs.version=${ACS_VERSION}
steps:
- uses: actions/checkout@v3
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Publish artifacts"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: mvn deploy $MAVEN_CLI_OPTS -DskipTests=true