#235 Fix vulnerability CVE-2023-42503 (#236) #404
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # ATTENTION: When changing the versions in the matrix, make sure one of them is listed as default version below | |
| # Only for the default version you will get a Sonar analysis! | |
| docker_db_version: ["7.1.23", "8.22.0"] | |
| env: | |
| DEFAULT_DB_VERSION: "7.1.23" | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.docker_db_version }} | |
| cancel-in-progress: true | |
| steps: | |
| - name: Free Disk Space | |
| run: | | |
| sudo rm -rf /usr/local/lib/android | |
| sudo rm -rf /usr/share/dotnet | |
| - name: Checkout the repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 11 & 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: "temurin" | |
| java-version: | | |
| 17 | |
| 11 | |
| cache: "maven" | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Enable testcontainer reuse | |
| run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" | |
| - name: Run tests and build with Maven | |
| run: | | |
| echo | |
| echo "--------------------------------------------------------------" | |
| echo " Running matrix test with docker_db_version ${{ matrix.docker_db_version }} " | |
| echo "--------------------------------------------------------------" | |
| echo | |
| echo "Support information archives are written to $SUPPORT_DIR" | |
| echo | |
| mkdir -p "$SUPPORT_DIR" | |
| JAVA_HOME=$JAVA_HOME_11_X64 mvn --batch-mode clean verify \ | |
| -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ | |
| -DtrimStackTrace=false \ | |
| -Dcom.exasol.dockerdb.image=${{ matrix.docker_db_version }} \ | |
| -Dcom.exasol.containers.support_information_target_dir="$SUPPORT_DIR" \ | |
| -Dcom.exasol.containers.monitored_exit=EXIT_ANY \ | |
| -Pslow | |
| env: | |
| SUPPORT_DIR: ${{ github.workspace }}/target/support | |
| - name: Publish support package for ${{ matrix.docker_db_version }} | |
| uses: actions/upload-artifact@v3 | |
| if: ${{ always() }} | |
| with: | |
| name: support-db-${{ matrix.docker_db_version }}-run-${{ github.run_id }} | |
| path: target/support | |
| - name: Publish Test Report | |
| uses: scacap/action-surefire-report@v1 | |
| if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Sonar analysis | |
| if: ${{ env.SONAR_TOKEN != null && env.DEFAULT_DB_VERSION == matrix.docker_db_version }} | |
| run: | | |
| JAVA_HOME=$JAVA_HOME_17_X64 mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ | |
| -DtrimStackTrace=false \ | |
| -Dsonar.organization=exasol \ | |
| -Dsonar.host.url=https://sonarcloud.io \ | |
| -Dsonar.login=$SONAR_TOKEN | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |