Issue 7330: Update pravega dependencies version to fix the CVEs. (#7331) #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Copyright Pravega Authors. | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# | |
name: build | |
# Set up when this workflow will run. | |
on: | |
push: | |
branches: | |
- master # On every push to the master branch. | |
- 'r[0-9]+.[0-9]+' # On every push to a release branch. | |
pull_request: # On every pull request, regardless of source/target branch. | |
release: | |
types: | |
- published # On every published release. | |
# Define a few constants that are shared across all the jobs. | |
env: | |
GLOBAL_CACHE_PATH: | | |
~/.gradle | |
~/.m2 | |
GLOBAL_CACHE_KEY: gradle-m2-java-11 | |
GLOBAL_CACHE_RESTORE_KEYS: | | |
gradle-m2-java- | |
gradle-m2 | |
# We cache the class files, resources and build output. This is generated on the build job and reused in dependent jobs. | |
# If there are subsequent builds this includes test execution. | |
BUILD_CACHE_PATH: | | |
.gradle | |
./bin | |
**/bin | |
**/build | |
REPORTS_LOCATIONS: | | |
./*/build/reports ./*/*/build/reports ./*/*/*/build/reports | |
# Set 'GRADLE_OPTS' to pass additional custom parameters to each ./gradlew invocation in this workflow. | |
# Example '--info' or '--debug'. | |
#GRADLE_OPTS: --info | |
# The workflow begins with a compilation and static analysis job that also caches the build output and source code, | |
# followed by a number of parallel test jobs (which make use of that cached artifacts). | |
# | |
# Once the build job and all the test jobs complete successfully, a final (no-op) job ("build_and_test_complete") will | |
# automatically complete. This job must NOT be renamed as the GitHub Pravega Repository gates merges into master on | |
# this step passing. | |
# | |
# Finally, a "snapshot" job is triggered only for pushes (commits) to master and release branches, which publishes all | |
# artifacts to a public repository. | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Build Information | |
run: echo Building a '${{ github.event_name }}' for target '${{ github.ref }}'. | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}} | |
- name: Clean | |
if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
run: ./gradlew clean ${{env.GRADLE_OPTS}} | |
- name: Compile & Checkstyle | |
run: ./gradlew jar compileTest checkstyleMain checkstyleTest --parallel ${{env.GRADLE_OPTS}} | |
- name: Tar Reports | |
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}` | |
- name: Upload Reports | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{github.job}}-reports | |
retention-days: 4 | |
path: reports-${{github.job}}.tzst | |
# Uncomment these two lines if you need ssh access to debug a build. | |
# - name: Setup upterm session | |
# uses: lhotari/action-upterm@v1 | |
snapshot_docs: | |
name: Upload Docs Snapshot | |
needs: build | |
if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/r0.') || startsWith(github.ref, 'refs/heads/r1.')) }} | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Build MkDocs and Javadocs | |
run: | | |
./gradlew -PenableMkdocs=true -PsimpleSnapshot=true mkdocsBuild javadocs ${{env.GRADLE_OPTS}} | |
- name: Upload MkDocs and Javadocs snapshot | |
run: | | |
mkdir ~/.ssh | |
echo "$KNOWN_HOST" >> ~/.ssh/known_hosts | |
echo "$SSH_KEY" > ~/pravegaio.pem | |
chmod 400 ~/pravegaio.pem | |
VERSION=$(grep pravegaVersion gradle.properties | sed 's/pravegaVersion=//') | |
cd documentation/generated/$VERSION | |
ssh -i ~/pravegaio.pem [email protected] "rm -rf /var/www/pravega.io/docs/v$VERSION && mkdir -p /var/www/pravega.io/docs/v$VERSION" | |
tar cf - * | ssh -i ~/pravegaio.pem [email protected] "cd /var/www/pravega.io/docs/v$VERSION && tar xvf -" | |
ssh -i ~/pravegaio.pem [email protected] "mkdir /var/www/pravega.io/docs/v$VERSION/javadoc/clients" | |
cd ../../../build/javadocs/ | |
tar cf - * | ssh -i ~/pravegaio.pem [email protected] "cd /var/www/pravega.io/docs/v$VERSION/javadoc/clients && tar xvf -" | |
echo -e \\nDocs site updated at https://cncf.pravega.io/docs/v$VERSION | |
if [ "${{ github.ref }}" == 'refs/heads/master' ]; then | |
ssh -i ~/pravegaio.pem [email protected] "rm /var/www/pravega.io/docs/snapshot && cd /var/www/pravega.io/docs && ln -s v$VERSION snapshot" | |
echo Symlink updated at https://cncf.pravega.io/docs/snapshot | |
fi | |
env: | |
KNOWN_HOST: ${{ secrets.PRAVEGA_IO_KNOWN_HOST }} | |
SSH_KEY: ${{ secrets.PRAVEGA_IO_SSH_KEY }} | |
unit_client: | |
name: Client Unit Tests | |
needs: build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Unit tests | |
run: ./gradlew client:test shared:protocol:test shared:security:test common:test test:testcommon:test --parallel ${{env.GRADLE_OPTS}} | |
- name: Tar Reports | |
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}` | |
- name: Upload Reports | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{github.job}}-reports | |
retention-days: 4 | |
path: reports-${{github.job}}.tzst | |
unit_controller: | |
name: Controller Unit Tests | |
needs: build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Controller Unit tests | |
run: ./gradlew controller:test shared:controller-api:test --parallel ${{env.GRADLE_OPTS}} | |
- name: Tar Reports | |
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}` | |
- name: Upload Reports | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{github.job}}-reports | |
retention-days: 4 | |
path: reports-${{github.job}}.tzst | |
unit_segment_store: | |
name: Segment Store Unit Tests | |
needs: build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Segment Store Unit tests | |
run: > | |
./gradlew | |
segmentstore:server:test | |
segmentstore:server:host:test | |
bindings:test | |
--parallel ${{env.GRADLE_OPTS}} | |
- name: Tar Reports | |
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}` | |
- name: Upload Reports | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{github.job}}-reports | |
retention-days: 4 | |
path: reports-${{github.job}}.tzst | |
unit_storage: | |
name: Storage Unit Tests | |
needs: build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Segment Store Unit tests | |
run: > | |
./gradlew | |
segmentstore:storage:test | |
segmentstore:storage:impl:test | |
--parallel ${{env.GRADLE_OPTS}} | |
- name: Tar Reports | |
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}` | |
- name: Upload Reports | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{github.job}}-reports | |
retention-days: 4 | |
path: reports-${{github.job}}.tzst | |
unit_other: | |
name: All Other Unit Tests | |
needs: build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Static analysis tests | |
run: > | |
./gradlew rat spotbugsMain spotbugsTest --parallel ${{env.GRADLE_OPTS}} | |
- name: Unit tests | |
run: > | |
./gradlew test | |
-x client:test | |
-x shared:protocol:test | |
-x shared:security:test | |
-x common:test | |
-x test:testcommon:test | |
-x controller:test | |
-x shared:controller-api:test | |
-x test:integration:test | |
-x bindings:test | |
-x segmentstore:storage:impl:test | |
-x segmentstore:storage:test | |
-x segmentstore:server:host:test | |
-x segmentstore:server:test | |
--parallel ${{env.GRADLE_OPTS}} | |
- name: Tar Reports | |
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}` | |
- name: Upload Reports | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{github.job}}-reports | |
retention-days: 4 | |
path: reports-${{github.job}}.tzst | |
integration: | |
name: Integration Tests | |
needs: build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Integration Tests | |
run: ./gradlew test:integration:test --parallel ${{env.GRADLE_OPTS}} | |
#Integration tests don't upload code-cov reports | |
# DO NOT RENAME THIS JOB. Mergers to master branch are gated on this completing successfully. | |
build_and_test_complete: | |
name: CI Complete | |
needs: [build, integration, unit_other, unit_segment_store, unit_storage, unit_controller, unit_client] | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check Build Status | |
run: echo Build, static analysis, unit and integration tests successful. | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 2 | |
- name: Download code coverage reports | |
uses: actions/download-artifact@v2 | |
- name: Untar reports | |
run: ( ls */reports-*.tzst | xargs -n1 tar --use-compress-program zstd --keep-newer-files -xf ) | |
- name: Upload to Codecov | |
uses: codecov/codecov-action@v1 | |
snapshot: | |
name: Publish snapshot packages | |
needs: [build_and_test_complete] | |
# Only run this on PUSH (no pull requests) and only on the master branch and release branches. | |
if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/r0.') || startsWith(github.ref, 'refs/heads/r1.')) }} | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Gradle & Maven Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.GLOBAL_CACHE_PATH}} | |
key: ${{env.GLOBAL_CACHE_KEY}} | |
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}} | |
- name: Build Output Cache | |
uses: actions/[email protected] | |
with: | |
path: ${{env.BUILD_CACHE_PATH}} | |
key: ${{github.ref}}-${{github.run_id}}-${{github.job}} | |
restore-keys: | | |
${{github.ref}}-${{github.run_id}} | |
${{github.ref}} | |
- name: Assemble | |
run: ./gradlew assemble --parallel ${{env.GRADLE_OPTS}} | |
- name: Publish to GitHub Packages | |
run: ./gradlew publish -PpublishUrl=https://maven.pkg.github.com/${{github.repository}} -PpublishUsername=${{github.actor}} -PpublishPassword=${{secrets.GITHUB_TOKEN}} ${{env.GRADLE_OPTS}} |