Bump dependency.pdfbox.version from 2.0.30 to 3.0.4 #1222
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Alfresco Transform Core CI | |
on: | |
push: | |
branches: | |
- master | |
- feature/** | |
- fix/** | |
- SP/** | |
- HF/** | |
- ATS-** | |
- ACS-** | |
- MNT-** | |
pull_request: | |
branches: | |
- master | |
- feature/** | |
- fix/** | |
- SP/** | |
- HF/** | |
schedule: | |
- cron: '0 5 * * 1' | |
workflow_dispatch: | |
env: | |
DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} | |
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} | |
GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }} | |
GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }} | |
GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }} | |
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60 | |
jobs: | |
pre_commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- id: changed-files | |
uses: Alfresco/alfresco-build-tools/.github/actions/github-list-changes@v7.0.0 | |
with: | |
write-list-to-env: true | |
- uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v7.0.0 | |
veracode_sca: | |
name: "Veracode - Source Clear Scan (SCA)" | |
runs-on: ubuntu-latest | |
if: > | |
github.ref_name == 'master' || | |
github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v7.0.0 | |
continue-on-error: true | |
with: | |
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
veracode_sast: | |
name: "Pipeline SAST Scan" | |
runs-on: ubuntu-latest | |
if: > | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/') || github.event_name == 'pull_request') && | |
github.actor != 'dependabot[bot]' && | |
!contains(github.event.head_commit.message, '[skip tests]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
- name: "Login to Docker Hub" | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v7.0.0 | |
with: | |
token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
repository: "Alfresco/veracode-baseline-archive" | |
file-path: "alfresco-transform-core/alfresco-transform-core-baseline.json" | |
target: "baseline.json" | |
- name: "Build" | |
run: mvn -B -U install -DskipTests | |
- name: "Create zip" | |
run: | | |
mkdir -p to-scan | |
for file in engines/aio/target/alfresco-transform-core-aio-*.jar engines/base/target/alfresco-base-t-engine-*.jar model/target/alfresco-transform-model-*.jar | |
do | |
if [[ $file != *javadoc.jar ]] && [[ $file != *sources.jar ]] && [[ $file != *tests.jar ]]; then | |
mv "$file" to-scan/ | |
fi | |
done | |
# Removing the aspectjweaver and bouncycastle jars from the scan, since Veracode detects them as 1st party code and fails the scan. TO BE REVERTED ONCE VERACODE FIXES THE ISSUE | |
zip -d to-scan/alfresco-transform*.jar "BOOT-INF/lib/bcmail-jdk18on-*.jar" "BOOT-INF/lib/bcprov-jdk18on-*.jar" "BOOT-INF/lib/aspectjweaver*.jar" | |
zip -r to-scan.zip to-scan | |
- name: "Run SAST Scan" | |
uses: veracode/Veracode-pipeline-scan-action@v1.0.16 | |
with: | |
vid: ${{ secrets.VERACODE_API_ID }} | |
vkey: ${{ secrets.VERACODE_API_KEY }} | |
file: "to-scan.zip" | |
fail_build: true | |
project_name: alfresco-transform-core | |
issue_details: true | |
veracode_policy_name: Alfresco Default | |
summary_output: true | |
summary_output_file: results.json | |
summary_display: true | |
baseline_file: baseline.json | |
include: "to-scan/alfresco*" | |
- name: Upload scan result | |
if: success() || failure() | |
run: zip readable_output.zip results.json | |
- name: Upload Artifact | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Veracode Pipeline-Scan Results (Human Readable) | |
path: readable_output.zip | |
pmd_scan: | |
name: "PMD Scan" | |
runs-on: ubuntu-latest | |
if: > | |
github.event_name == 'pull_request' && | |
!contains(github.event.head_commit.message, '[skip pmd]') && | |
!contains(github.event.head_commit.message, '[skip tests]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v7.0.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
- uses: Alfresco/ya-pmd-scan@v4.1.0 | |
with: | |
classpath-build-command: "mvn -ntp package -DskipTests" | |
build_and_test: | |
name: "Core & Base Snapshot deployment" | |
runs-on: ubuntu-latest | |
if: > | |
github.ref_name == 'master' && | |
github.event_name != 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
- name: "Login to Docker Hub" | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: "Enable experimental docker features" | |
run: | | |
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json | |
sudo service docker restart | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- name: "Build" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn -B -U -q clean install -DadditionalOption=-Xdoclint:none -DskipTests -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase | |
- name: "Cache LibreOffice" | |
run: bash _ci/cache_artifacts.sh | |
- name: "Run tests" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn -B -U clean deploy -DadditionalOption=-Xdoclint:none -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase | |
all_tests_matrix: | |
name: ${{ matrix.testName }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- testName: ImageMagick | |
buildProfile: imagemagick | |
testProfile: imagemagick | |
- testName: LibreOffice | |
buildProfile: libreoffice | |
testProfile: libreoffice | |
- testName: Transform Misc | |
buildProfile: misc | |
testProfile: misc | |
- testName: PDF Renderer | |
buildProfile: pdf-renderer | |
testProfile: pdf-renderer | |
- testName: Tika | |
buildProfile: tika | |
testProfile: tika | |
- testName: All in One Transformer | |
buildProfile: full-build | |
testProfile: aio-test | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
- name: "Login to Docker Hub" | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: "Enable experimental docker features" | |
run: | | |
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json | |
sudo service docker restart | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- name: "Build local docker image" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: bash _ci/build.sh ${{ matrix.buildProfile }} | |
- name: "Cache LibreOffice" | |
run: bash _ci/cache_artifacts.sh | |
- name: "Run tests" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: bash _ci/test.sh ${{ matrix.testProfile }} | |
release: | |
name: "Release" | |
runs-on: ubuntu-latest | |
needs: [veracode_sca, build_and_test, all_tests_matrix] | |
if: > | |
!(failure() || cancelled()) && | |
contains(github.event.head_commit.message, '[release]') && | |
github.event_name != 'pull_request' && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/')) | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
- name: "Login to Docker Hub" | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: "Enable experimental docker features" | |
run: | | |
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json | |
sudo service docker restart | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v7.0.0 | |
with: | |
username: ${{ env.GIT_USERNAME }} | |
email: ${{ env.GIT_EMAIL }} | |
global: true | |
- name: "Cache LibreOffice" | |
run: bash _ci/cache_artifacts.sh | |
- name: "Release" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: bash _ci/release.sh |