Skip to content

Issue 7330: Update pravega dependencies version to fix the CVEs. (#7331) #21

Issue 7330: Update pravega dependencies version to fix the CVEs. (#7331)

Issue 7330: Update pravega dependencies version to fix the CVEs. (#7331) #21

Workflow file for this run

#
# Copyright Pravega Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: build
# Set up when this workflow will run.
on:
push:
branches:
- master # On every push to the master branch.
- 'r[0-9]+.[0-9]+' # On every push to a release branch.
pull_request: # On every pull request, regardless of source/target branch.
release:
types:
- published # On every published release.
# Define a few constants that are shared across all the jobs.
env:
GLOBAL_CACHE_PATH: |
~/.gradle
~/.m2
GLOBAL_CACHE_KEY: gradle-m2-java-11
GLOBAL_CACHE_RESTORE_KEYS: |
gradle-m2-java-
gradle-m2
# We cache the class files, resources and build output. This is generated on the build job and reused in dependent jobs.
# If there are subsequent builds this includes test execution.
BUILD_CACHE_PATH: |
.gradle
./bin
**/bin
**/build
REPORTS_LOCATIONS: |
./*/build/reports ./*/*/build/reports ./*/*/*/build/reports
# Set 'GRADLE_OPTS' to pass additional custom parameters to each ./gradlew invocation in this workflow.
# Example '--info' or '--debug'.
#GRADLE_OPTS: --info
# The workflow begins with a compilation and static analysis job that also caches the build output and source code,
# followed by a number of parallel test jobs (which make use of that cached artifacts).
#
# Once the build job and all the test jobs complete successfully, a final (no-op) job ("build_and_test_complete") will
# automatically complete. This job must NOT be renamed as the GitHub Pravega Repository gates merges into master on
# this step passing.
#
# Finally, a "snapshot" job is triggered only for pushes (commits) to master and release branches, which publishes all
# artifacts to a public repository.
jobs:
build:
name: Build
runs-on: ubuntu-20.04
steps:
- name: Build Information
run: echo Building a '${{ github.event_name }}' for target '${{ github.ref }}'.
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}
- name: Clean
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: ./gradlew clean ${{env.GRADLE_OPTS}}
- name: Compile & Checkstyle
run: ./gradlew jar compileTest checkstyleMain checkstyleTest --parallel ${{env.GRADLE_OPTS}}
- name: Tar Reports
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}`
- name: Upload Reports
uses: actions/upload-artifact@v2
with:
name: ${{github.job}}-reports
retention-days: 4
path: reports-${{github.job}}.tzst
# Uncomment these two lines if you need ssh access to debug a build.
# - name: Setup upterm session
# uses: lhotari/action-upterm@v1
snapshot_docs:
name: Upload Docs Snapshot
needs: build
if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/r0.') || startsWith(github.ref, 'refs/heads/r1.')) }}
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Build MkDocs and Javadocs
run: |
./gradlew -PenableMkdocs=true -PsimpleSnapshot=true mkdocsBuild javadocs ${{env.GRADLE_OPTS}}
- name: Upload MkDocs and Javadocs snapshot
run: |
mkdir ~/.ssh
echo "$KNOWN_HOST" >> ~/.ssh/known_hosts
echo "$SSH_KEY" > ~/pravegaio.pem
chmod 400 ~/pravegaio.pem
VERSION=$(grep pravegaVersion gradle.properties | sed 's/pravegaVersion=//')
cd documentation/generated/$VERSION
ssh -i ~/pravegaio.pem [email protected] "rm -rf /var/www/pravega.io/docs/v$VERSION && mkdir -p /var/www/pravega.io/docs/v$VERSION"
tar cf - * | ssh -i ~/pravegaio.pem [email protected] "cd /var/www/pravega.io/docs/v$VERSION && tar xvf -"
ssh -i ~/pravegaio.pem [email protected] "mkdir /var/www/pravega.io/docs/v$VERSION/javadoc/clients"
cd ../../../build/javadocs/
tar cf - * | ssh -i ~/pravegaio.pem [email protected] "cd /var/www/pravega.io/docs/v$VERSION/javadoc/clients && tar xvf -"
echo -e \\nDocs site updated at https://cncf.pravega.io/docs/v$VERSION
if [ "${{ github.ref }}" == 'refs/heads/master' ]; then
ssh -i ~/pravegaio.pem [email protected] "rm /var/www/pravega.io/docs/snapshot && cd /var/www/pravega.io/docs && ln -s v$VERSION snapshot"
echo Symlink updated at https://cncf.pravega.io/docs/snapshot
fi
env:
KNOWN_HOST: ${{ secrets.PRAVEGA_IO_KNOWN_HOST }}
SSH_KEY: ${{ secrets.PRAVEGA_IO_SSH_KEY }}
unit_client:
name: Client Unit Tests
needs: build
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Unit tests
run: ./gradlew client:test shared:protocol:test shared:security:test common:test test:testcommon:test --parallel ${{env.GRADLE_OPTS}}
- name: Tar Reports
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}`
- name: Upload Reports
if: always()
uses: actions/upload-artifact@v2
with:
name: ${{github.job}}-reports
retention-days: 4
path: reports-${{github.job}}.tzst
unit_controller:
name: Controller Unit Tests
needs: build
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Controller Unit tests
run: ./gradlew controller:test shared:controller-api:test --parallel ${{env.GRADLE_OPTS}}
- name: Tar Reports
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}`
- name: Upload Reports
if: always()
uses: actions/upload-artifact@v2
with:
name: ${{github.job}}-reports
retention-days: 4
path: reports-${{github.job}}.tzst
unit_segment_store:
name: Segment Store Unit Tests
needs: build
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Segment Store Unit tests
run: >
./gradlew
segmentstore:server:test
segmentstore:server:host:test
bindings:test
--parallel ${{env.GRADLE_OPTS}}
- name: Tar Reports
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}`
- name: Upload Reports
if: always()
uses: actions/upload-artifact@v2
with:
name: ${{github.job}}-reports
retention-days: 4
path: reports-${{github.job}}.tzst
unit_storage:
name: Storage Unit Tests
needs: build
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Segment Store Unit tests
run: >
./gradlew
segmentstore:storage:test
segmentstore:storage:impl:test
--parallel ${{env.GRADLE_OPTS}}
- name: Tar Reports
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}`
- name: Upload Reports
if: always()
uses: actions/upload-artifact@v2
with:
name: ${{github.job}}-reports
retention-days: 4
path: reports-${{github.job}}.tzst
unit_other:
name: All Other Unit Tests
needs: build
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Static analysis tests
run: >
./gradlew rat spotbugsMain spotbugsTest --parallel ${{env.GRADLE_OPTS}}
- name: Unit tests
run: >
./gradlew test
-x client:test
-x shared:protocol:test
-x shared:security:test
-x common:test
-x test:testcommon:test
-x controller:test
-x shared:controller-api:test
-x test:integration:test
-x bindings:test
-x segmentstore:storage:impl:test
-x segmentstore:storage:test
-x segmentstore:server:host:test
-x segmentstore:server:test
--parallel ${{env.GRADLE_OPTS}}
- name: Tar Reports
run: tar --use-compress-program zstd -cf reports-${{github.job}}.tzst `echo ${{env.REPORTS_LOCATIONS}}`
- name: Upload Reports
if: always()
uses: actions/upload-artifact@v2
with:
name: ${{github.job}}-reports
retention-days: 4
path: reports-${{github.job}}.tzst
integration:
name: Integration Tests
needs: build
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Integration Tests
run: ./gradlew test:integration:test --parallel ${{env.GRADLE_OPTS}}
#Integration tests don't upload code-cov reports
# DO NOT RENAME THIS JOB. Mergers to master branch are gated on this completing successfully.
build_and_test_complete:
name: CI Complete
needs: [build, integration, unit_other, unit_segment_store, unit_storage, unit_controller, unit_client]
runs-on: ubuntu-20.04
steps:
- name: Check Build Status
run: echo Build, static analysis, unit and integration tests successful.
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Download code coverage reports
uses: actions/download-artifact@v2
- name: Untar reports
run: ( ls */reports-*.tzst | xargs -n1 tar --use-compress-program zstd --keep-newer-files -xf )
- name: Upload to Codecov
uses: codecov/codecov-action@v1
snapshot:
name: Publish snapshot packages
needs: [build_and_test_complete]
# Only run this on PUSH (no pull requests) and only on the master branch and release branches.
if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/r0.') || startsWith(github.ref, 'refs/heads/r1.')) }}
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '11'
- name: Gradle & Maven Cache
uses: actions/[email protected]
with:
path: ${{env.GLOBAL_CACHE_PATH}}
key: ${{env.GLOBAL_CACHE_KEY}}
restore-keys: ${{env.GLOBAL_CACHE_RESTORE_KEYS}}
- name: Build Output Cache
uses: actions/[email protected]
with:
path: ${{env.BUILD_CACHE_PATH}}
key: ${{github.ref}}-${{github.run_id}}-${{github.job}}
restore-keys: |
${{github.ref}}-${{github.run_id}}
${{github.ref}}
- name: Assemble
run: ./gradlew assemble --parallel ${{env.GRADLE_OPTS}}
- name: Publish to GitHub Packages
run: ./gradlew publish -PpublishUrl=https://maven.pkg.github.com/${{github.repository}} -PpublishUsername=${{github.actor}} -PpublishPassword=${{secrets.GITHUB_TOKEN}} ${{env.GRADLE_OPTS}}