🔐 Update dependencies to fix vulnerabilities #483
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file was generated by Project Keeper. | |
name: CI Build | |
on: | |
push: | |
branches: [ | |
main | |
] | |
pull_request: null | |
jobs: | |
matrix-build: | |
runs-on: ubuntu-20.04 | |
defaults: | |
run: { | |
shell: bash | |
} | |
permissions: { | |
contents: read | |
} | |
concurrency: { | |
group: '${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }}', | |
cancel-in-progress: true | |
} | |
strategy: | |
fail-fast: false | |
matrix: | |
exasol_db_version: [ | |
8.26.0, | |
7.1.29 | |
] | |
env: { | |
DEFAULT_EXASOL_DB_VERSION: 8.26.0 | |
} | |
steps: | |
- name: Free Disk Space | |
id: free-disk-space | |
if: ${{ true }} | |
run: | | |
sudo rm -rf /usr/local/lib/android | |
sudo rm -rf /usr/share/dotnet | |
- name: Checkout the repository | |
id: checkout | |
uses: actions/checkout@v4 | |
with: { | |
fetch-depth: 0 | |
} | |
- name: Set up JDKs | |
id: setup-java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: | | |
11 | |
17 | |
cache: maven | |
- name: Cache SonarCloud packages | |
id: cache-sonar | |
uses: actions/cache@v4 | |
with: { | |
path: ~/.sonar/cache, | |
key: '${{ runner.os }}-sonar', | |
restore-keys: '${{ runner.os }}-sonar' | |
} | |
- { | |
name: Enable testcontainer reuse, | |
id: enable-testcontainer-reuse, | |
run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" | |
} | |
- { | |
name: Run scalafix linting, | |
id: run-scalafix-linting, | |
if: '${{ matrix.exasol_db_version == env.DEFAULT_EXASOL_DB_VERSION }}', | |
run: 'mvn --batch-mode clean compile test-compile scalastyle:check scalafix:scalafix spotless:check' | |
} | |
- name: Build extension | |
id: build-extension | |
run: | | |
mvn --batch-mode package -DskipTests | |
cd extension | |
npm ci | |
npm run build | |
npm run test | |
npm run lint | |
- name: Run tests and build with Maven | |
id: build-pk-verify | |
run: | | |
mvn --batch-mode verify \ | |
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ | |
-DtrimStackTrace=false \ | |
-Dcom.exasol.dockerdb.image=${{ matrix.exasol_db_version }} | |
env: { | |
EXASOL_DB_VERSION: '${{ matrix.exasol_db_version }}' | |
} | |
- name: Sonar analysis | |
id: sonar-analysis | |
if: ${{ env.SONAR_TOKEN != null && matrix.exasol_db_version == env.DEFAULT_EXASOL_DB_VERSION }} | |
run: | | |
mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ | |
-DtrimStackTrace=false \ | |
-Dsonar.token=$SONAR_TOKEN | |
env: { | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}', | |
SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}' | |
} | |
- name: Verify Release Artifacts | |
id: verify-release-artifacts | |
run: "print_message() {\n local -r message=$1\n echo \"$message\"\n echo \"$message\" >> \"$GITHUB_STEP_SUMMARY\"\n}\n\nprint_message \"### Release Artifacts\"\n\nIFS=$'\\n' artifacts_array=($ARTIFACTS)\nmissing_files=()\nfor file in \"${artifacts_array[@]}\";\ndo \n echo \"Checking if file $file exists...\"\n if ! [[ -f \"$file\" ]]; then\n print_message \"* ⚠️ \\`$file\\` does not exist ⚠️\"\n echo \"Content of directory $(dirname \"$file\"):\"\n ls \"$(dirname \"$file\")\"\n missing_files+=(\"$file\")\n else\n print_message \"* \\`$file\\` ✅\" \n fi\ndone\nprint_message \"\"\nnumber_of_missing_files=${#missing_files[@]}\nif [[ $number_of_missing_files -gt 0 ]]; then\n print_message \"⚠️ $number_of_missing_files release artifact(s) missing ⚠️\"\n exit 1\nfi\n" | |
env: { | |
ARTIFACTS: '${{ steps.build-pk-verify.outputs.release-artifacts }}' | |
} | |
- name: Upload artifacts | |
id: upload-artifacts | |
uses: actions/upload-artifact@v4 | |
with: { | |
name: 'artifacts-exasol-${{ matrix.exasol_db_version }}', | |
path: '${{ steps.build-pk-verify.outputs.release-artifacts }}', | |
retention-days: 5 | |
} | |
build: | |
needs: matrix-build | |
runs-on: ubuntu-latest | |
defaults: | |
run: { | |
shell: bash | |
} | |
permissions: { | |
contents: read, | |
issues: read | |
} | |
outputs: { | |
release-required: '${{ steps.check-release.outputs.release-required }}' | |
} | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: { | |
fetch-depth: 0 | |
} | |
- name: Set up JDKs | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: | | |
11 | |
17 | |
cache: maven | |
- name: Check if release is needed | |
id: check-release | |
run: | | |
if mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .; then | |
echo "### ✅ Release preconditions met, start release" >> "$GITHUB_STEP_SUMMARY" | |
echo "release-required=true" >> "$GITHUB_OUTPUT" | |
else | |
echo "### 🛑 Not all release preconditions met, skipping release" >> "$GITHUB_STEP_SUMMARY" | |
echo "See log output for details." >> "$GITHUB_STEP_SUMMARY" | |
echo "release-required=false" >> "$GITHUB_OUTPUT" | |
fi | |
env: { | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
} | |
start_release: | |
needs: build | |
if: ${{ github.ref == 'refs/heads/main' && needs.build.outputs.release-required == 'true' }} | |
concurrency: { | |
cancel-in-progress: false, | |
group: release | |
} | |
secrets: inherit | |
permissions: { | |
contents: write, | |
actions: read, | |
issues: read | |
} | |
uses: ./.github/workflows/release.yml | |
with: { | |
started-from-ci: true | |
} |