Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CVE #297

Merged
merged 20 commits into from
Mar 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
*.sh text eol=lf
.github/workflows/broken_links_checker.yml linguist-generated=true
.github/workflows/dependencies_check.yml linguist-generated=true
.github/workflows/dependencies_update.yml linguist-generated=true
.github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true
.settings/org.eclipse.jdt.core.prefs linguist-generated=true
.settings/org.eclipse.jdt.ui.prefs linguist-generated=true
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/broken_links_checker.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions .github/workflows/ci-build-next-java.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
name: CI Build next Java

on:
push:
branches:
Expand All @@ -25,9 +24,10 @@ jobs:
cache: "maven"
- name: Run tests and build with Maven
run: |
mvn --batch-mode --update-snapshots clean javadoc:javadoc -DtrimStackTrace=false \
mvn --batch-mode --update-snapshots clean javadoc:javadoc -DtrimStackTrace=false \
-Djava.version=17 \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
- name: Publish Test Report
- name: Publish Test Report for Java 17
uses: scacap/action-surefire-report@v1
if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
with:
Expand Down
43 changes: 19 additions & 24 deletions .github/workflows/ci-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ jobs:
strategy:
fail-fast: false
matrix:
exasol_db_version: ["8.23.1", "7.1.24"]
exasol_db_version: ["8.24.0", "7.1.25"]
env:
DEFAULT_EXASOL_DB_VERSION: "8.23.1"
DEFAULT_EXASOL_DB_VERSION: "8.24.0"
steps:
- name: Free Disk Space
run: |
Expand All @@ -26,16 +26,16 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11 & 17
- name: Set up JDKs
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: |
17
11
17
cache: "maven"
- name: Cache SonarCloud packages
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
Expand All @@ -44,7 +44,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.21"
go-version: "1.22"
cache: false

- name: Cache Go modules
Expand All @@ -64,23 +64,21 @@ jobs:
run: mvn --batch-mode clean compile test-compile scalastyle:check scalafix:scalafix spotless:check
- name: Build extension
run: |
mvn package -DskipTests
mvn --batch-mode package -DskipTests
cd extension
npm ci
npm run build
npm run test
npm run lint
- name: Run tests and build with Maven
run: >
JAVA_HOME=$JAVA_HOME_11_X64
mvn --batch-mode verify
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
-DtrimStackTrace=false
-Dcom.exasol.dockerdb.image=${{ matrix.exasol_db_version }}
run: |
mvn --batch-mode verify \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
-Dcom.exasol.dockerdb.image=${{ matrix.exasol_db_version }}
env:
# Passing system property via -Dcom.exasol.dockerdb.image does not work because the scalatest plugin does
# not forward it to the test. So we use this environment variable,
# see BaseIntegrationTest.scala.getExasolDockerImageVersion()
# Set additional environment variable as in scala projects the scalatest plugin does not forward
# the system property -Dcom.exasol.dockerdb.image to the test's implementation.
EXASOL_DB_VERSION: ${{ matrix.exasol_db_version }}
- name: Publish Test Report for Exasol ${{ matrix.exasol_db_version }}
uses: scacap/action-surefire-report@v1
Expand All @@ -89,14 +87,11 @@ jobs:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Sonar analysis
if: ${{ env.SONAR_TOKEN != null && matrix.exasol_db_version == env.DEFAULT_EXASOL_DB_VERSION }}
run: >
JAVA_HOME=$JAVA_HOME_17_X64
mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
-DtrimStackTrace=false
-Dsonar.organization=exasol
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.token=$SONAR_TOKEN
run: |
mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
-Dsonar.token=$SONAR_TOKEN
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
Expand Down
43 changes: 36 additions & 7 deletions .github/workflows/dependencies_check.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

169 changes: 169 additions & 0 deletions .github/workflows/dependencies_update.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading