[PRODSEC-8959] fix for zt-zip vulnerability (#668) #104
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Alfresco SDK CI | |
on: | |
pull_request: | |
branches: | |
- master | |
- fix/** | |
- feature/** | |
- sdk-4.5 | |
push: | |
branches: | |
- master | |
- fix/** | |
- feature/** | |
- sdk-4.5 | |
workflow_dispatch: | |
env: | |
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
MAVEN_CENTRAL_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }} | |
MAVEN_CENTRAL_PASSWORD: ${{ secrets.OSS_SONATYPE_PASSWORD }} | |
MAVEN_CLI_OPTS: "-B -q -e -fae -V -DinstallAtEnd=true -U" | |
jobs: | |
pre_commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
veracode_sca: | |
name: "Veracode - Source Clear Scan (SCA)" | |
runs-on: ubuntu-latest | |
if: > | |
github.ref_name == 'master' || | |
github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
continue-on-error: true | |
with: | |
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
build: | |
name: "Build application" | |
runs-on: ubuntu-latest | |
needs: [pre_commit] | |
if: "!contains(github.event.head_commit.message, '[skip tests]')" | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Build" | |
run: mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V | |
- name: "Verify" | |
run: mvn $MAVEN_CLI_OPTS verify -Dlogging.root.level=off -Dspring.main.banner-mode=off | |
tests: | |
name: ${{ matrix.name }} | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: > | |
!(failure() || cancelled()) && | |
!contains(github.event.head_commit.message, '[skip tests]') | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: "current version Java 17" | |
java-version: 17 | |
- name: "23.2 Enterprise Java 17" | |
java-version: 17 | |
suite: -Penterprise-232-tests | |
- name: "23.2 Community Java 17" | |
java-version: 17 | |
suite: -Pcommunity-232-tests | |
- name: "23.1 Enterprise Java 17" | |
java-version: 17 | |
suite: -Penterprise-231-tests | |
- name: "23.1 Community Java 17" | |
java-version: 17 | |
suite: -Pcommunity-231-tests | |
- name: "7.4 Enterprise Java 17" | |
java-version: 17 | |
suite: -Penterprise-74-tests | |
- name: "7.4 Community Java 17" | |
java-version: 17 | |
suite: -Pcommunity-74-tests | |
- name: "7.4 Enterprise Java 11" | |
java-version: 11 | |
suite: -Penterprise-74-tests | |
- name: "7.4 Community Java 11" | |
java-version: 11 | |
suite: -Pcommunity-74-tests | |
- name: "7.3 Enterprise Java 17" | |
java-version: 17 | |
suite: -Penterprise-73-tests | |
- name: "7.3 Community Java 17" | |
java-version: 17 | |
suite: -Pcommunity-73-tests | |
- name: "7.3 Enterprise Java 11" | |
java-version: 11 | |
suite: -Penterprise-73-tests | |
- name: "7.3 Community Java 11" | |
java-version: 11 | |
suite: -Pcommunity-73-tests | |
- name: "7.2 Enterprise" | |
java-version: 11 | |
suite: -Penterprise-72-tests | |
- name: "7.2 Community" | |
java-version: 11 | |
suite: -Pcommunity-72-tests | |
- name: "7.1 Enterprise" | |
java-version: 11 | |
suite: -Penterprise-71-tests | |
- name: "7.1 Community" | |
java-version: 11 | |
suite: -Pcommunity-71-tests | |
- name: "7.0 Enterprise" | |
java-version: 11 | |
suite: -Penterprise-70-tests | |
- name: "7.0 Community" | |
java-version: 11 | |
suite: -Pcommunity-70-tests | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
java-version: ${{ matrix.java-version }} | |
- name: "Login to Docker Hub" | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/[email protected] | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: "Build" | |
run: mvn clean install -B ${{ matrix.suite }} | |
publish: | |
name: "Publish artifacts" | |
runs-on: ubuntu-latest | |
needs: [tests] | |
if: > | |
!(failure() || cancelled()) && | |
github.event_name != 'pull_request' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Build" | |
run: mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V | |
- name: "Publish" | |
run: mvn $MAVEN_CLI_OPTS deploy -DskipTests |