Skip to content

[Backport 3.28] Fix CVE #4948

[Backport 3.28] Fix CVE

[Backport 3.28] Fix CVE #4948

Workflow file for this run

name: Continuous integration
on:
push:
pull_request:
permissions:
actions: write
contents: write
jobs:
build:
name: Continuous integration
runs-on: ubuntu-22.04
timeout-minutes: 40
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
env:
SECRETS: ${{ secrets.SECRETS }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get tag
id: tag2
uses: frabert/[email protected]
with:
pattern: 'refs/tags/(.*)'
string: '{{ github.ref }}'
replace-with: '$1'
if: "startsWith(github.ref, 'refs/tags/')"
- run: echo --${{ steps.tag2.outputs.replaced }}--
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: docker
if: env.SECRETS == 'TRUE'
- run: gpg --export-secret-keys --armor D121AF2DFA8E140688BD968930C9B913FD42EF13 > CI.asc
if: env.SECRETS == 'TRUE'
- id: tag
run: echo "##[set-output name=tag;]$(echo ${{ github.ref }}|sed 's%refs/tags/%%g')"
if: startsWith(github.ref, 'refs/tags/')
- run: sed --in-place 's/version = .*/version = "${{ steps.tag.outputs.tag }}"/g' build.gradle
if: startsWith(github.ref, 'refs/tags/')
- id: last-tag
run: echo "##[set-output name=tag;]$(git describe --tags --abbrev=0)"
if: "!startsWith(github.ref, 'refs/tags/')"
- id: no-tag
run: echo "##[set-output name=nb;]$(git log --oneline ${{ steps.last-tag.outputs.tag }}..HEAD|wc -l)"
if: "!startsWith(github.ref, 'refs/tags/')"
- run: sed --in-place 's/version = .*/version = "${{ steps.last-tag.outputs.tag }}"/g' build.gradle
if: "!startsWith(github.ref, 'refs/tags/') && steps.no-tag.outputs.nb == 0"
- run:
sed --in-place 's/version = .*/version = "${{ steps.last-tag.outputs.tag }}+${{ steps.no-tag.outputs.nb
}}"/g' build.gradle
if: "!startsWith(github.ref, 'refs/tags/') && steps.no-tag.outputs.nb > 0"
- run: echo "enablePublishing=true" > gradle.properties
if: env.SECRETS == 'TRUE'
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- name: Checks
run: c2cciutils-checks
- run: make build
- run: make acceptance-tests-up
- run: make acceptance-tests-run
# Extract artifacts
- run: docker run --rm --detach --name=builder mapfish_print_builder || true
if: always()
- run: docker cp builder:/src/core/build/ core/build/ || true
if: always()
- run: docker cp mapfish-print_tests_1:/src/examples/build/ examples/build/ || true
if: always()
- run: docker-compose logs || true
if: failure()
- run: make acceptance-tests-down
- run: mkdir -p core/build/resources/actual examples/build/reports core/build/reports examples/build/resources/test/examples
if: always()
- uses: actions/upload-artifact@v1
with:
name: Test results
path: core/build/resources/actual
if-no-files-found: ignore
if: failure()
- uses: actions/upload-artifact@v1
with:
name: Test generated
path: core/build/resources/test/org
if-no-files-found: ignore
if: failure()
- uses: actions/upload-artifact@v3
with:
name: Reports examples
path: examples/build/reports
if-no-files-found: ignore
if: failure()
- uses: actions/upload-artifact@v1
with:
name: Reports core
path: core/build/reports
if-no-files-found: ignore
if: failure()
- uses: actions/upload-artifact@v1
with:
name: Examples
path: examples/build/resources/test/examples
if-no-files-found: ignore
if: failure()
- name: Collect test results
run: |
mkdir -p /tmp/test_results/junit
find . -name '*TEST-*.xml' -exec cp -v {} /tmp/test_results/junit/ \;
if: failure()
- uses: actions/upload-artifact@v1
with:
name: Test results
path: /tmp/test_results
if: failure()
- name: Publish
run: c2cciutils-publish
if: env.SECRETS == 'TRUE'
- run: git diff
- run:
docker run --rm --env=GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} mapfish_print_builder bash -c 'gradle
build && gradle publish'
if: ( startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/master' ) && env.SECRETS == 'TRUE'
- id: version
run: echo "##[set-output name=version;]$(grep version build.gradle|sed "s/ \+version = .\(.*\)./\1/g")"
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ steps.tag.outputs.tag }}
draft: false
prerelease: false
if: startsWith(github.ref, 'refs/tags/') && env.SECRETS == 'TRUE'
- name: Upload Release Asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./core/build/libs/print-servlet-${{ steps.version.outputs.version }}.war
asset_name: print-servlet-${{ steps.version.outputs.version }}.war
asset_content_type: application/java-archive
if: startsWith(github.ref, 'refs/tags/') && env.SECRETS == 'TRUE'
- name: Upload Release Asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./core/build/distributions/core-${{ steps.version.outputs.version }}.zip
asset_name: print-cli-${{ steps.version.outputs.version }}.zip
asset_content_type: application/zip
if: startsWith(github.ref, 'refs/tags/') && env.SECRETS == 'TRUE'
- name: Upload Release Asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./core/build/libs/print-lib-${{ steps.version.outputs.version }}.jar
asset_name: print-lib-${{ steps.version.outputs.version }}.jar
asset_content_type: application/java-archive
if: startsWith(github.ref, 'refs/tags/') && env.SECRETS == 'TRUE'
- name: Upload Release Asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./core/build/libs/print-lib-${{ steps.version.outputs.version }}-sources.jar
asset_name: print-lib-${{ steps.version.outputs.version }}-sources.jar
asset_content_type: application/java-archive
if: startsWith(github.ref, 'refs/tags/') && env.SECRETS == 'TRUE'
- name: Upload Release Asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./core/build/libs/print-lib-${{ steps.version.outputs.version }}-javadoc.jar
asset_name: print-lib-${{ steps.version.outputs.version }}-javadoc.jar
asset_content_type: application/java-archive
if: startsWith(github.ref, 'refs/tags/') && env.SECRETS == 'TRUE'
# Update the documentation
- uses: actions/checkout@v2
with:
repository: mapfish/mapfish-print-doc
token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
path: mapfish-print-doc
if: github.ref == 'refs/heads/master' && env.SECRETS == 'TRUE'
- name: Publish documentation
run: |
cd ${GITHUB_WORKSPACE}/mapfish-print-doc
git config user.email "[email protected]"
git config user.name "CI"
git rm --ignore-unmatch -rqf .
docker cp builder:/src/docs/build/site/. .
git add -A .
git commit -m 'Update docs'
git push origin gh-pages
if: github.ref == 'refs/heads/master' && env.SECRETS == 'TRUE'
- name: Trigger changelog workflow
uses: actions/github-script@v7
with:
script: |-
if (process.env.GITHUB_REF_TYPE == 'tag') {
console.log('Trigger changelog');
await github.rest.repos.createDispatchEvent({
owner: 'mapfish',
repo: 'mapfish-print',
event_type: 'changelog',
});
}