Skip to content

Fix vulnerabilities in master #3917

Fix vulnerabilities in master

Fix vulnerabilities in master #3917

Workflow file for this run

name: Build
on:
workflow_dispatch:
push:
branches:
- master
- release-*
tags:
- v*
pull_request:
branches:
- master
- release-*
jobs:
build:
name: "Build jdk:${{ matrix.java }} sb:${{ matrix.spring-boot-display-version }} exp:${{ matrix.experimental }}"
runs-on: ubuntu-latest
timeout-minutes: 30
continue-on-error: ${{ matrix.experimental }}
strategy:
fail-fast: false
matrix:
java: [ 17 ]
spring-boot-version: [ 3.2.6 ]
spring-boot-display-version: [ 3.2.x ]
experimental: [ false ]
include:
- java: 17
spring-boot-version: 3.3.0
spring-boot-display-version: 3.3.x
experimental: false
env:
GOVER: "1.20"
GOOS: linux
GOARCH: amd64
GOPROXY: https://proxy.golang.org
JDK_VER: ${{ matrix.java }}
DAPR_CLI_VER: 1.14.0
DAPR_RUNTIME_VER: 1.14.4
DAPR_INSTALL_URL: https://raw.githubusercontent.com/dapr/cli/v1.14.0/install/install.sh
DAPR_CLI_REF:
DAPR_REF:
TOXIPROXY_URL: https://github.com/Shopify/toxiproxy/releases/download/v2.5.0/toxiproxy-server-linux-amd64
steps:
- uses: actions/checkout@v4
- name: Set up OpenJDK ${{ env.JDK_VER }}
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ env.JDK_VER }}
- name: Set up Dapr CLI
run: wget -q ${{ env.DAPR_INSTALL_URL }} -O - | /bin/bash -s ${{ env.DAPR_CLI_VER }}
- name: Set up Go ${{ env.GOVER }}
if: env.DAPR_REF != '' || env.DAPR_CLI_REF != ''
uses: actions/setup-go@v5
with:
go-version: ${{ env.GOVER }}
- name: Checkout Dapr CLI repo to override dapr command.
uses: actions/checkout@v4
if: env.DAPR_CLI_REF != ''
with:
repository: dapr/cli
ref: ${{ env.DAPR_CLI_REF }}
path: cli
- name: Checkout Dapr repo to override daprd.
uses: actions/checkout@v4
if: env.DAPR_REF != ''
with:
repository: dapr/dapr
ref: ${{ env.DAPR_REF }}
path: dapr
- name: Build and override dapr cli with referenced commit.
if: env.DAPR_CLI_REF != ''
run: |
cd cli
make
sudo cp dist/linux_amd64/release/dapr /usr/local/bin/dapr
cd ..
- name: Initialize Dapr runtime ${{ env.DAPR_RUNTIME_VER }}
run: |
dapr uninstall --all
dapr init --runtime-version ${{ env.DAPR_RUNTIME_VER }}
- name: Build and override daprd with referenced commit.
if: env.DAPR_REF != ''
run: |
cd dapr
make
mkdir -p $HOME/.dapr/bin/
cp dist/linux_amd64/release/daprd $HOME/.dapr/bin/daprd
cd ..
- name: Override placement service.
if: env.DAPR_REF != ''
run: |
docker stop dapr_placement
cd dapr
./dist/linux_amd64/release/placement &
- name: Spin local environment
run: |
docker compose -f ./sdk-tests/deploy/local-test.yml up -d mongo kafka
docker ps
- name: Install local ToxiProxy to simulate connectivity issues to Dapr sidecar
run: |
mkdir -p /home/runner/.local/bin
wget -q ${{ env.TOXIPROXY_URL }} -O /home/runner/.local/bin/toxiproxy-server
chmod +x /home/runner/.local/bin/toxiproxy-server
/home/runner/.local/bin/toxiproxy-server --version
- name: Clean up files
run: ./mvnw clean -B
- name: Build sdk
run: ./mvnw compile -B -q
- name: Unit tests
run: ./mvnw test # making it temporarily verbose.
- name: Codecov
uses: codecov/[email protected]
- name: Install jars
run: ./mvnw install -q -B -DskipTests
- name: Integration tests using spring boot version ${{ matrix.spring-boot-version }}
id: integration_tests
run: PRODUCT_SPRING_BOOT_VERSION=${{ matrix.spring-boot-version }} ./mvnw -B -Pintegration-tests verify
- name: Upload test report for sdk
uses: actions/upload-artifact@v4
with:
name: report-dapr-java-sdk-jdk${{ matrix.java }}-sb${{ matrix.spring-boot-version }}
path: sdk/target/jacoco-report/
- name: Upload test report for sdk-actors
uses: actions/upload-artifact@v4
with:
name: report-dapr-java-sdk-actors-jdk${{ matrix.java }}-sb${{ matrix.spring-boot-version }}
path: sdk-actors/target/jacoco-report/
- name: Upload failsafe test report for sdk-tests on failure
if: ${{ failure() && steps.integration_tests.conclusion == 'failure' }}
uses: actions/upload-artifact@v4
with:
name: failsafe-report-sdk-tests-jdk${{ matrix.java }}-sb${{ matrix.spring-boot-version }}
path: sdk-tests/target/failsafe-reports
- name: Upload surefire test report for sdk-tests on failure
if: ${{ failure() && steps.integration_tests.conclusion == 'failure' }}
uses: actions/upload-artifact@v4
with:
name: surefire-report-sdk-tests-jdk${{ matrix.java }}-sb${{ matrix.spring-boot-version }}
path: sdk-tests/target/surefire-reports
publish:
runs-on: ubuntu-latest
needs: build
timeout-minutes: 10
env:
JDK_VER: 17
OSSRH_USER_TOKEN: ${{ secrets.OSSRH_USER_TOKEN }}
OSSRH_PWD_TOKEN: ${{ secrets.OSSRH_PWD_TOKEN }}
GPG_KEY: ${{ secrets.GPG_KEY }}
GPG_PWD: ${{ secrets.GPG_PWD }}
steps:
- uses: actions/checkout@v4
- name: Set up OpenJDK ${{ env.JDK_VER }}
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ env.JDK_VER }}
- name: Get pom parent version
run: |
PARENT_VERSION=$(./mvnw -B -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "PARENT_VERSION=$PARENT_VERSION" >> $GITHUB_ENV
- name: Is SNAPSHOT release ?
if: contains(github.ref, 'master') && contains(env.PARENT_VERSION, '-SNAPSHOT')
run: |
echo "DEPLOY_OSSRH=true" >> $GITHUB_ENV
- name: Is Release or RC version ?
if: startswith(github.ref, 'refs/tags/v') && !contains(env.PARENT_VERSION, '-SNAPSHOT')
run: |
echo "DEPLOY_OSSRH=true" >> $GITHUB_ENV
- name: Install jars
if: env.DEPLOY_OSSRH == 'true'
run: ./mvnw install -B -q
- name: Publish to ossrh
if: env.DEPLOY_OSSRH == 'true'
run: |
echo ${{ secrets.GPG_PRIVATE_KEY }} | base64 -d > private-key.gpg
export GPG_TTY=$(tty)
gpg --batch --import private-key.gpg
./mvnw -V -B -Dgpg.skip=false -s settings.xml deploy -pl \!examples