Enhance SBOM and JDK file check #4191
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ******************************************************************************** | |
# Copyright (c) 2020 Contributors to the Eclipse Foundation | |
# | |
# See the NOTICE file(s) with this work for additional | |
# information regarding copyright ownership. | |
# | |
# This program and the accompanying materials are made | |
# available under the terms of the Apache Software License 2.0 | |
# which is available at https://www.apache.org/licenses/LICENSE-2.0. | |
# | |
# SPDX-License-Identifier: Apache-2.0 | |
# ******************************************************************************** | |
--- | |
name: Build | |
on: | |
pull_request: | |
branches: [master] | |
paths: | |
- "build-farm/**" | |
- "sbin/**" | |
- "**.sh" | |
- "!tooling/build_autotriage/**" | |
- ".github/workflows/build.yml" | |
- "security/**" | |
- "cyclonedx-lib/**" | |
# Cancel existing runs if user makes another push. | |
concurrency: | |
group: "${{ github.ref }}" | |
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
jobs: | |
build_linux: | |
name: Linux | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [linux] | |
version: [jdk8u, jdk11u, jdk17u, jdk] | |
variant: [temurin] | |
image: [adoptopenjdk/centos7_build_image] | |
include: | |
- os: alpine-linux | |
version: jdk8u | |
variant: temurin | |
image: adoptopenjdk/alpine3_build_image | |
- os: alpine-linux | |
version: jdk11u | |
variant: temurin | |
image: adoptopenjdk/alpine3_build_image | |
- os: alpine-linux | |
version: jdk17u | |
variant: temurin | |
image: adoptopenjdk/alpine3_build_image | |
- os: alpine-linux | |
version: jdk | |
variant: temurin | |
image: adoptopenjdk/alpine3_build_image | |
- os: linux | |
version: jdk11u | |
variant: dragonwell | |
image: adoptopenjdk/centos7_build_image | |
- os: linux | |
version: jdk8u | |
vm: dragonwell | |
image: adoptopenjdk/centos7_build_image | |
- os: linux | |
version: jdk11u | |
variant: fast_startup | |
image: adoptopenjdk/centos7_build_image | |
- os: linux | |
version: jdk11u | |
variant: bisheng | |
image: adoptopenjdk/centos7_build_image | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build Linux within container image "${{ matrix.image }}" | |
run: | | |
docker run --rm -w /home/jenkins -v "$PWD":"/home/jenkins" \ | |
-e "JAVA_TO_BUILD=${{ matrix.version }}" \ | |
-e "ARCHITECTURE=x64" \ | |
-e "VARIANT=${{ matrix.variant }}" \ | |
-e "TARGET_OS=${{ matrix.os }}" \ | |
-e "FILENAME=OpenJDK.tar.gz" \ | |
-e "PLATFORM_CONFIG_LOCATION=adoptium/temurin-build/master/build-farm/platform-specific-configurations" \ | |
-e "BUILD_ARGS=--create-sbom" \ | |
-e "CONFIGURE_ARGS=--with-native-debug-symbols=none" \ | |
"${{ matrix.image }}" \ | |
./build-farm/make-adopt-build-farm.sh | |
- uses: actions/upload-artifact@v4 | |
name: Collect and Archive Artifacts | |
with: | |
name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}} | |
path: workspace/target/* | |
- name: Unpack jdk | |
run: | | |
mkdir -p "${HOME}/JDK" | |
tar -xf "${GITHUB_WORKSPACE}/workspace/target/OpenJDK.tar.gz" -C "${HOME}/JDK" | |
- name: Set root of jdk image dir | |
run: | | |
imageroot=$(find "${HOME}/JDK" -name release -type f) | |
# TEST_JDK_HOME needs to be mapped to the docker container /home/jenkins mapping | |
echo "TEST_JDK_HOME=$(dirname "${imageroot}")" | sed "s,${HOME},/home/jenkins," >> "$GITHUB_ENV" | |
- name: Checkout aqa-tests repo | |
uses: actions/checkout@v4 | |
with: | |
repository: adoptium/aqa-tests | |
path: aqa-tests | |
- name: Run Smoke test within container image "${{ matrix.image }}" | |
env: | |
VENDOR_REPOS: ${{ github.event.pull_request.head.repo.html_url }}.git | |
VENDOR_BRANCH: ${{ github.head_ref }} | |
run: | | |
WORK_DIR="${PWD//${HOME}//home/jenkins}" | |
docker run --rm -w /home/jenkins -v "$HOME":"/home/jenkins" \ | |
-e "TEST_JDK_HOME=${TEST_JDK_HOME}" \ | |
-e "BUILD_LIST=functional/buildAndPackage" \ | |
"${{ matrix.image }}" \ | |
sh -c "cd ${WORK_DIR}/aqa-tests && \ | |
./get.sh --vendor_repos ${VENDOR_REPOS} \ | |
--vendor_branches ${VENDOR_BRANCH} \ | |
--vendor_dirs /test/functional && \ | |
cd TKG && \ | |
make compile && \ | |
make _extended.functional" | |
- uses: actions/upload-artifact@v4 | |
name: Collect and Archive SmokeTest Results | |
if: failure() | |
with: | |
name: "${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}_test_output" | |
path: ./**/output_*/ | |
build_macos: | |
name: macOS | |
runs-on: ${{ matrix.version.distro }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macOS] | |
version: [ | |
{ name: jdk11u, distro: macos-14 }, | |
{ name: jdk17u, distro: macos-14 } | |
] | |
variant: [temurin] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
# https://github.com/actions/runner-images/issues/6817 | |
- name: (Mac) Workaround for homebrew | |
shell: bash | |
if: runner.os == 'macOS' | |
run: | | |
rm /usr/local/bin/2to3 || true | |
rm /usr/local/bin/2to3-3.11 || true | |
rm /usr/local/bin/2to3-3.12 || true | |
rm /usr/local/bin/idle3 || true | |
rm /usr/local/bin/idle3.11 || true | |
rm /usr/local/bin/idle3.12 || true | |
rm /usr/local/bin/pydoc3 || true | |
rm /usr/local/bin/pydoc3.11 || true | |
rm /usr/local/bin/pydoc3.12 || true | |
rm /usr/local/bin/python3 || true | |
rm /usr/local/bin/python3.11 || true | |
rm /usr/local/bin/python3.12 || true | |
rm /usr/local/bin/python3-config || true | |
rm /usr/local/bin/python3.11-config || true | |
rm /usr/local/bin/python3.12-config || true | |
- name: Install Dependencies | |
run: | | |
brew install automake bash binutils freetype gnu-sed nasm | |
- name: Select correct Xcode (JDK11+) | |
run: | | |
rm -rf /Applications/Xcode.app | |
ln -s /Applications/Xcode_15.2.app /Applications/Xcode.app | |
- name: Build macOS | |
run: | | |
export JAVA_HOME=$JAVA_HOME_11_X64 | |
# jdk11u+ uses two part exploded & assemble build | |
export BUILD_ARGS="--make-exploded-image --create-sbom" | |
./build-farm/make-adopt-build-farm.sh | |
export BUILD_ARGS="--assemble-exploded-image --create-sbom" | |
./build-farm/make-adopt-build-farm.sh | |
env: | |
JAVA_TO_BUILD: ${{ matrix.version.name }} | |
ARCHITECTURE: x64 | |
VARIANT: ${{ matrix.variant }} | |
TARGET_OS: mac | |
FILENAME: OpenJDK.tar.gz | |
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
name: Collect and Archive Artifacts | |
with: | |
name: ${{matrix.version.name}}-${{matrix.os}}-${{matrix.variant}} | |
path: workspace/target/* | |
- name: Unpack jdk | |
run: | | |
mkdir -p "${HOME}/JDK" | |
tar -xf "${GITHUB_WORKSPACE}/workspace/target/OpenJDK.tar.gz" -C "${HOME}/JDK" | |
- name: Set root of jdk image dir | |
run: | | |
imageroot=$(find "${HOME}/JDK" -name release -type f) | |
echo "TEST_JDK_HOME=$(dirname "${imageroot}")" >> "$GITHUB_ENV" | |
- name: Smoke test | |
uses: adoptium/run-aqa@6bacb4e732ad546eda1b09665b9067cdc87651f4 # v2 | |
with: | |
build_list: 'functional/buildAndPackage' | |
target: '_extended.functional' | |
vendor_testRepos: "${{ github.event.pull_request.head.repo.html_url }}.git" | |
vendor_testBranches: "${{ github.head_ref }}" | |
vendor_testDirs: "/test/functional" | |
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
name: Collect and Archive SmokeTest Results | |
if: failure() | |
with: | |
name: "${{matrix.version.name}}-${{matrix.os}}-${{matrix.variant}}_test_output" | |
path: ./**/output_*/ | |
build_windows: | |
name: Windows | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [windows-2022] | |
version: [jdk11u, jdk17u, jdk] | |
variant: [temurin] | |
env: | |
VS2017_URL: "https://download.visualstudio.microsoft.com/download/pr/c5c75dfa-1b29-4419-80f8-bd39aed6bcd9/7ed8fa27575648163e07548ff5667b55b95663a2323e2b2a5f87b16284e481e6/vs_Community.exe" | |
VS2019_URL: "https://download.visualstudio.microsoft.com/download/pr/6b655578-de8c-4862-ad77-65044ca714cf/f29399a618bd3a8d1dcc96d349453f686b6176590d904308402a6402543e310b/vs_Community.exe" | |
steps: | |
- name: Restore cygwin packages from cache | |
id: cygwin | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: C:\cygwin64 | |
key: cygwin-packages-${{ runner.os }}-v1 | |
- name: Install Cygwin and packages | |
uses: cygwin/cygwin-install-action@006ad0b0946ca6d0a3ea2d4437677fa767392401 | |
with: | |
install-dir: C:\cygwin64 | |
packages: >- | |
autoconf, | |
automake, | |
bsdtar, | |
cpio, | |
curl, | |
gcc-core, | |
git, | |
gnupg, | |
grep, | |
libtool, | |
make, | |
mingw64-x86_64-gcc-core, | |
perl, | |
rsync, | |
unzip, | |
wget, | |
zip | |
- uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 | |
id: setup-java7 | |
with: | |
distribution: 'zulu' | |
java-version: 7 | |
if: matrix.version == 'jdk8u' | |
- uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 | |
id: setup-java11 | |
with: | |
distribution: 'temurin' | |
java-version: 11 | |
- name: Restore Visual Studio 2017 from cache | |
id: vs2017 | |
if: matrix.version == 'jdk8u' | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/vs2017.exe | |
key: vs2017 | |
- name: Restore Visual Studio 2019 from cache | |
id: vs2019 | |
if: matrix.version == 'jdk11u' || matrix.version == 'jdk17u' | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/vs2019.exe | |
key: vs2019 | |
- name: Uninstall WinSDKs | |
if: matrix.version == 'jdk8u' || matrix.version == 'jdk11u' || matrix.version == 'jdk17u' | |
run: > | |
Start-Process -FilePath 'C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe' -Wait -NoNewWindow -ArgumentList | |
'modify --installPath "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise" | |
--remove Microsoft.VisualStudio.Component.Windows10SDK.18362 | |
--remove Microsoft.VisualStudio.Component.Windows10SDK.19041 | |
--remove Microsoft.VisualStudio.Component.Windows10SDK.20348 | |
--remove Microsoft.VisualStudio.Component.Windows10SDK.22000 | |
--remove Microsoft.VisualStudio.Component.Windows10SDK.22621 | |
--quiet' | |
- name: Download Visual Studio 2017 | |
run: | | |
curl -L "$env:VS2017_URL" -o "$HOME/vs2017.exe" | |
if: steps.vs2017.outputs.cache-hit != 'true' && matrix.version == 'jdk8u' | |
- name: Verify Download Of Visual Studio 2017 | |
shell: powershell | |
run: | | |
$expected_checksum="7ED8FA27575648163E07548FF5667B55B95663A2323E2B2A5F87B16284E481E6" | |
$actual_checksum=(Get-FileHash -Algorithm SHA256 -Path $HOME/vs2017.exe | Select-Object -ExpandProperty Hash) | |
echo "Expect : $expected_checksum" | |
echo "Actual : $actual_checksum" | |
if ($expected_checksum -ne $actual_checksum) { | |
Write-Output "Error - Checksum Verification Failed - Exiting" | |
exit 1 | |
} | |
if: steps.vs2017.outputs.cache-hit != 'true' && matrix.version == 'jdk8u' | |
- name: Install Visual Studio 2017 | |
if: matrix.version == 'jdk8u' | |
run: > | |
Start-Process -FilePath "$HOME\vs2017.exe" -Wait -NoNewWindow -ArgumentList | |
'install --productId Microsoft.VisualStudio.Product.Community --channelId VisualStudio.15.Release | |
--add Microsoft.VisualStudio.Workload.NativeDesktop | |
--add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 | |
--add Microsoft.VisualStudio.Component.Windows10SDK.17763 | |
--quiet --wait' | |
- name: Download Visual Studio 2019 | |
run: | | |
curl -L "$env:VS2019_URL" -o "$HOME/vs2019.exe" | |
if: steps.vs2019.outputs.cache-hit != 'true' && (matrix.version == 'jdk11u' || matrix.version == 'jdk17u') | |
- name: Verify Download Of Visual Studio 2019 | |
shell: powershell | |
run: | | |
$expected_checksum="F29399A618BD3A8D1DCC96D349453F686B6176590D904308402A6402543E310B" | |
$actual_checksum=(Get-FileHash -Algorithm SHA256 -Path $HOME/vs2019.exe | Select-Object -ExpandProperty Hash) | |
echo "Expect : $expected_checksum" | |
echo "Actual : $actual_checksum" | |
if ($expected_checksum -ne $actual_checksum) { | |
Write-Output "Error - Checksum Verification Failed - Exiting" | |
exit 1 | |
} | |
if: steps.vs2019.outputs.cache-hit != 'true' && (matrix.version == 'jdk11u' || matrix.version == 'jdk17u') | |
- name: Install Visual Studio 2019 | |
if: matrix.version == 'jdk11u' || matrix.version == 'jdk17u' | |
run: > | |
Start-Process -FilePath "$HOME\vs2019.exe" -Wait -NoNewWindow -ArgumentList | |
'install --productId Microsoft.VisualStudio.Product.Community --channelId VisualStudio.15.Release | |
--add Microsoft.VisualStudio.Workload.NativeDesktop | |
--add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 | |
--add Microsoft.VisualStudio.Component.Windows10SDK.22000 | |
--quiet --wait' | |
- name: Install Git | |
run: | | |
Invoke-WebRequest 'https://github.com/git-for-windows/git/releases/download/v2.14.3.windows.1/Git-2.14.3-64-bit.exe' -OutFile 'C:\temp\git.exe' | |
Start-Process -Wait -FilePath 'C:\temp\git.exe' -ArgumentList '/SILENT /ALLOWDOWNGRADE=1** /COMPONENTS="icons,ext\reg\shellhere,assoc,assoc_sh"' | |
- name: Set PATH | |
run: (printf "C:\cygwin64\bin;C:\Program Files\Git\bin;") | Out-File -FilePath "$env:GITHUB_PATH" -Encoding utf8 -Append | |
- name: Cygwin git configuration | |
shell: bash | |
run: mkdir -p "$HOME" && git config --system core.autocrlf false && git config --global --add safe.directory '*' | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
set-safe-directory: false | |
- name: Setup 8dot3name | |
run: fsutil behavior set disable8dot3 0 | |
- name: Set JAVA_HOME | |
run: echo "JAVA_HOME=$(cygpath "${{ steps.setup-java11.outputs.path }}")" | Out-File -FilePath "$env:GITHUB_ENV" -Encoding utf8 -Append | |
- name: Set JDK7_BOOT_DIR | |
run: echo "JDK7_BOOT_DIR=$(cygpath "${{ steps.setup-java7.outputs.path }}")" | Out-File -FilePath "$env:GITHUB_ENV" -Encoding utf8 -Append | |
if: matrix.version == 'jdk8u' | |
- name: Hold ANT_HOME value (from GH) to ANT_HOME2 | |
run: echo "ANT_HOME_ORIGIN=${env:ANT_HOME}" | Out-File -FilePath "$env:GITHUB_ENV" -Encoding utf8 -Append | |
- name: Export ANT to PATH(GITHUB_ENV) | |
run: echo "ANT_HOME=$(cygpath "${env:ANT_HOME}")" | Out-File -FilePath "$env:GITHUB_ENV" -Encoding utf8 -Append | |
- name: Append ANT_HOME to PATH | |
run: | | |
"${env:ANT_HOME}/bin" >> ${env:GITHUB_PATH} | |
shell: pwsh | |
- name: Build Windows | |
run: | | |
bash build-farm/make-adopt-build-farm.sh | |
shell: cmd | |
env: | |
JAVA_TO_BUILD: ${{ matrix.version }} | |
ARCHITECTURE: x64 | |
VARIANT: ${{ matrix.variant }} | |
TARGET_OS: windows | |
FILENAME: OpenJDK.zip | |
BUILD_ARGS: --create-sbom | |
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
name: Collect and Archive Artifacts | |
with: | |
name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}} | |
path: workspace/target/* | |
- name: Restore build artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}} | |
path: ~/${{matrix.version}}-${{matrix.os}}-${{matrix.variant}} | |
- name: Unpack jdk | |
run: | | |
unzip "${HOME}/${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}/OpenJDK.zip" -d "${HOME}/${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}" | |
- name: Set root of jdk image dir | |
shell: pwsh | |
run: | | |
$imageroot=$(find "${HOME}/${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}" -name release -type f) | |
echo "TEST_JDK_HOME=$(dirname "${imageroot}")" | Out-File -FilePath "$env:GITHUB_ENV" -Encoding utf8 -Append | |
- name: Reset ANT_HOME from ANT_HOME_ORIGIN for smoke test | |
run: echo "ANT_HOME=${env:ANT_HOME_ORIGIN}" | Out-File -FilePath "$env:GITHUB_ENV" -Encoding utf8 -Append | |
- name: Smoke test | |
uses: adoptium/run-aqa@6bacb4e732ad546eda1b09665b9067cdc87651f4 # v2 | |
with: | |
build_list: 'functional/buildAndPackage' | |
target: '_extended.functional' | |
vendor_testRepos: "${{ github.event.pull_request.head.repo.html_url }}.git" | |
vendor_testBranches: "${{ github.head_ref }}" | |
vendor_testDirs: "/test/functional" | |
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
name: Collect and Archive SmokeTest Results | |
if: failure() | |
with: | |
name: "${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}_test_output" | |
path: ./**/output_*/ |