[PRODSEC-7375] activemq version bump, fixing CVE-2023-46604 #575

Workflow file for this run

	name: Alfresco Transform Core CI

	on:
	push:
	branches:
	- master
	- feature/**
	- fix/**
	- SP/**
	- HF/**
	- ATS-**
	- ACS-**
	- MNT-**
	pull_request:
	branches:
	- master
	- feature/**
	- fix/**
	- SP/**
	- HF/**
	schedule:
	- cron: '0 5 * * 1'
	workflow_dispatch:

	env:
	DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
	DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }}
	NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
	NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
	QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
	QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
	GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }}
	GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }}
	GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }}
	GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60

	jobs:
	veracode:
	name: "Veracode - Source Clear Scan (SCA)"
	runs-on: ubuntu-latest
	if: >
	github.ref_name == 'master' \|\|
	github.event_name == 'pull_request'
	steps:
	- uses: actions/checkout@v3
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- name: "Clean-up SNAPSHOT artifacts"
	run: find "${HOME}/.m2/repository/" -type d -name "-SNAPSHOT" \| xargs -r -l rm -rf
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	continue-on-error: true
	with:
	srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}

	build_and_test:
	name: "Core & Base Snapshot deployment"
	runs-on: ubuntu-latest
	if: >
	github.ref_name == 'master' &&
	github.event_name != 'pull_request'
	steps:
	- uses: actions/checkout@v3
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- name: "Login to Docker Hub"
	uses: docker/[email protected]
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: "Login to Quay.io"
	uses: docker/[email protected]
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}
	- name: "Enable experimental docker features"
	run: \|
	echo '{"experimental":true}' \| sudo tee /etc/docker/daemon.json
	sudo service docker restart
	- name: "Clean-up SNAPSHOT artifacts"
	run: find "${HOME}/.m2/repository/" -type d -name "-SNAPSHOT" \| xargs -r -l rm -rf
	- name: "Build"
	timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	run: mvn -B -U -q clean install -DadditionalOption=-Xdoclint:none -DskipTests -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase
	- name: "Cache LibreOffice"
	run: bash _ci/cache_artifacts.sh
	- name: "Run tests"
	timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	run: mvn -B -U clean deploy -DadditionalOption=-Xdoclint:none -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase

	all_tests_matrix:
	name: ${{ matrix.testName }}
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	include:
	- testName: ImageMagick
	buildProfile: imagemagick
	testProfile: imagemagick
	- testName: LibreOffice
	buildProfile: libreoffice
	testProfile: libreoffice
	- testName: Transform Misc
	buildProfile: misc
	testProfile: misc
	- testName: PDF Renderer
	buildProfile: pdf-renderer
	testProfile: pdf-renderer
	- testName: Tika
	buildProfile: tika
	testProfile: tika
	- testName: All in One Transformer
	buildProfile: full-build
	testProfile: aio-test
	steps:
	- uses: actions/checkout@v3
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- name: "Login to Docker Hub"
	uses: docker/[email protected]
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: "Login to Quay.io"
	uses: docker/[email protected]
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}
	- name: "Enable experimental docker features"
	run: \|
	echo '{"experimental":true}' \| sudo tee /etc/docker/daemon.json
	sudo service docker restart
	- name: "Clean-up SNAPSHOT artifacts"
	run: find "${HOME}/.m2/repository/" -type d -name "-SNAPSHOT" \| xargs -r -l rm -rf
	- name: "Build local docker image"
	timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	run: bash _ci/build.sh ${{ matrix.buildProfile }}
	- name: "Cache LibreOffice"
	run: bash _ci/cache_artifacts.sh
	- name: "Run tests"
	timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	run: bash _ci/test.sh ${{ matrix.testProfile }}

	release:
	name: "Release"
	runs-on: ubuntu-latest
	needs: [veracode, build_and_test, all_tests_matrix]
	if: >
	!(failure() \|\| cancelled()) &&
	contains(github.event.head_commit.message, '[release]') &&
	github.event_name != 'pull_request' &&
	(github.ref_name == 'master' \|\| startsWith(github.ref_name, 'SP/') \|\| startsWith(github.ref_name, 'HF/'))
	steps:
	- uses: actions/checkout@v3
	with:
	persist-credentials: false
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2
	with:
	platforms: linux/amd64,linux/arm64
	- name: "Login to Docker Hub"
	uses: docker/[email protected]
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: "Login to Quay.io"
	uses: docker/[email protected]
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}
	- name: "Enable experimental docker features"
	run: \|
	echo '{"experimental":true}' \| sudo tee /etc/docker/daemon.json
	sudo service docker restart
	- name: "Clean-up SNAPSHOT artifacts"
	run: find "${HOME}/.m2/repository/" -type d -name "-SNAPSHOT" \| xargs -r -l rm -rf
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	with:
	username: ${{ env.GIT_USERNAME }}
	email: ${{ env.GIT_EMAIL }}
	global: true
	- name: "Cache LibreOffice"
	run: bash _ci/cache_artifacts.sh
	- name: "Release"
	timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
	run: bash _ci/release.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PRODSEC-7375] activemq version bump, fixing CVE-2023-46604 #575

Workflow file

[PRODSEC-7375] activemq version bump, fixing CVE-2023-46604 #575

Jobs

Run details

Workflow file for this run