#20 Fix security issues (#21)

* #20 Upgrade dependencies * Fix warning about dependency scope * Add release-droid config
exasol · Feb 25, 2022 · 6b169ae · 6b169ae
1 parent 65b1943
commit 6b169ae
Show file tree

Hide file tree

Showing 19 changed files with 306 additions and 59 deletions.
diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
@@ -4,13 +4,21 @@ on:
   schedule:
     - cron: "0 5 * * *"
   push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
   linkChecker:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+      - name: Configure broken links checker
+        run: |
+          mkdir -p ./target
+          echo '{ "aliveStatusCodes": [429, 200] }' > ./target/broken_links_checker.json
       - uses: gaurav-nelson/github-action-markdown-link-check@v1
         with:
           use-quiet-mode: 'yes'
-          use-verbose-mode: 'yes'
+          use-verbose-mode: 'yes'
+          config-file: ./target/broken_links_checker.json
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
@@ -0,0 +1,37 @@
+name: CI Build next Java
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  java-17-compatibility:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 17
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'temurin'
+          java-version: 17
+      - name: Cache local Maven repository
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Run tests and build with Maven
+        run: |
+          mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
+              -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
+      - name: Publish Test Report
+        uses: scacap/action-surefire-report@v1
+        if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
@@ -12,8 +12,9 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: 11
       - name: Cache local Maven repository
         uses: actions/cache@v2
@@ -27,4 +28,9 @@ jobs:
         env:
           GITHUB_OAUTH: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Publish Test Report
+        uses: scacap/action-surefire-report@v1
+        if: ${{ always() }}
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
@@ -11,8 +11,9 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK 11
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: 11
       - name: Cache local Maven repository
         uses: actions/cache@v2

diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml
@@ -12,8 +12,9 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: 11
       - name: Cache local Maven repository
         uses: actions/cache@v2
@@ -23,7 +24,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Run tests and build with Maven
-        run: mvn -B clean verify --file pom.xml
+        run: mvn --batch-mode clean verify --file pom.xml
       - name: Prepare checksum
         run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum
       - name: Upload checksum to the artifactory

diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml
@@ -12,8 +12,9 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: 11
       - name: Cache local Maven repository
         uses: actions/cache@v2
@@ -23,7 +24,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Build with Maven skipping tests
-        run: mvn -B clean verify -DskipTests
+        run: mvn --batch-mode clean verify -DskipTests
       - name: Print checksum
         run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end'
 
diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml
@@ -12,8 +12,9 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Maven Central Repository
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: 11
           server-id: ossrh
           server-username: MAVEN_USERNAME

diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml
@@ -16,8 +16,9 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: 11
       - name: Cache local Maven repository
         uses: actions/cache@v2
@@ -27,12 +28,19 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Build with Maven skipping tests
-        run: mvn clean verify -DskipTests
+        run: mvn --batch-mode clean verify -DskipTests
+      - name: Generate sha256sum files
+        run: find target -maxdepth 1 -name *.jar -exec bash -c 'sha256sum {} > {}.sha256' \;
       - name: Upload assets to the GitHub release draft
         uses: shogo82148/actions-upload-release-asset@v1
         with:
           upload_url: ${{ github.event.inputs.upload_url }}
           asset_path: target/*.jar
+      - name: Upload sha256sum files
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          upload_url: ${{ github.event.inputs.upload_url }}
+          asset_path: target/*.sha256
       - name: Upload error-code-report
         uses: shogo82148/actions-upload-release-asset@v1
         with:

diff --git a/.gitignore b/.gitignore
@@ -24,3 +24,10 @@ Scripts
 .directory
 venv/
 pom.xml.versionsBackup
+
+~*
+*.lock
+*.bak
+*.orig
+*.old
+*.md.html