Skip to content

Commit

Permalink
Merge branch 'master' into otterdog/blueprint/require-dependabot-auto…
Browse files Browse the repository at this point in the history
…-merge
  • Loading branch information
gdams authored Dec 4, 2024
2 parents 42b2f20 + 8646220 commit e76d002
Show file tree
Hide file tree
Showing 22 changed files with 1,043 additions and 152 deletions.
5 changes: 5 additions & 0 deletions .github/linters/.gitleaks.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
title = "gitleaks config"
[allowlist]
files = [
"cyclonedx-lib/dependency_data/dependency_data.properties"
]
3 changes: 2 additions & 1 deletion .github/linters/suppressed-java.xml
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,5 @@
<suppress files="." checks="LineLength" />
<suppress files="." checks="Header" /> <!-- Disabled as we don't use headers in our project for the test files -->
<suppress files="." checks="FileTabCharacter" /> <!-- Disabled as it generally doesn't matter if tabs are disabled or not -->
</suppressions>
<suppress files="." checks="ParameterNumber" />
</suppressions>
73 changes: 42 additions & 31 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,6 @@ jobs:
build_linux:
name: Linux
runs-on: ubuntu-latest
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: 'true'
container:
image: ${{ matrix.image }}
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -80,24 +76,23 @@ jobs:
variant: bisheng
image: adoptopenjdk/centos7_build_image
steps:
# pinned at v3 to as Node.js 20.x is not supported on Centos 7
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: actions/checkout@v4

- name: Build Linux
run: ./build-farm/make-adopt-build-farm.sh
env:
JAVA_TO_BUILD: ${{ matrix.version }}
ARCHITECTURE: x64
VARIANT: ${{ matrix.variant }}
TARGET_OS: ${{ matrix.os }}
FILENAME: OpenJDK.tar.gz
# Don't set the OS as we use both linux and alpine-linux
PLATFORM_CONFIG_LOCATION: adoptium/temurin-build/master/build-farm/platform-specific-configurations
BUILD_ARGS: --create-sbom
CONFIGURE_ARGS: --with-native-debug-symbols=none

# pinned at v3 to as Node.js 20.x is not supported on Centos 7
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- name: Build Linux within container image "${{ matrix.image }}"
run: |
docker run --rm -w /home/jenkins -v "$PWD":"/home/jenkins" \
-e "JAVA_TO_BUILD=${{ matrix.version }}" \
-e "ARCHITECTURE=x64" \
-e "VARIANT=${{ matrix.variant }}" \
-e "TARGET_OS=${{ matrix.os }}" \
-e "FILENAME=OpenJDK.tar.gz" \
-e "PLATFORM_CONFIG_LOCATION=adoptium/temurin-build/master/build-farm/platform-specific-configurations" \
-e "BUILD_ARGS=--create-sbom" \
-e "CONFIGURE_ARGS=--with-native-debug-symbols=none" \
"${{ matrix.image }}" \
./build-farm/make-adopt-build-farm.sh
- uses: actions/upload-artifact@v4
name: Collect and Archive Artifacts
with:
name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}
Expand All @@ -110,17 +105,33 @@ jobs:
- name: Set root of jdk image dir
run: |
imageroot=$(find "${HOME}/JDK" -name release -type f)
echo "TEST_JDK_HOME=$(dirname "${imageroot}")" >> "$GITHUB_ENV"
- name: Smoke test
uses: adoptium/run-aqa@6bacb4e732ad546eda1b09665b9067cdc87651f4 # v2
# TEST_JDK_HOME needs to be mapped to the docker container /home/jenkins mapping
echo "TEST_JDK_HOME=$(dirname "${imageroot}")" | sed "s,${HOME},/home/jenkins," >> "$GITHUB_ENV"
- name: Checkout aqa-tests repo
uses: actions/checkout@v4
with:
build_list: 'functional/buildAndPackage'
target: '_extended.functional'
vendor_testRepos: "${{ github.event.pull_request.head.repo.html_url }}.git"
vendor_testBranches: "${{ github.head_ref }}"
vendor_testDirs: "/test/functional"
# pinned at v3 to as Node.js 20.x is not supported on Centos 7
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
repository: adoptium/aqa-tests
path: aqa-tests
- name: Run Smoke test within container image "${{ matrix.image }}"
env:
VENDOR_REPOS: ${{ github.event.pull_request.head.repo.html_url }}.git
VENDOR_BRANCH: ${{ github.head_ref }}
run: |
WORK_DIR="${PWD//${HOME}//home/jenkins}"
docker run --rm -w /home/jenkins -v "$HOME":"/home/jenkins" \
-e "TEST_JDK_HOME=${TEST_JDK_HOME}" \
-e "BUILD_LIST=functional/buildAndPackage" \
"${{ matrix.image }}" \
sh -c "cd ${WORK_DIR}/aqa-tests && \
./get.sh --vendor_repos ${VENDOR_REPOS} \
--vendor_branches ${VENDOR_BRANCH} \
--vendor_dirs /test/functional && \
cd TKG && \
make compile && \
make _extended.functional"
- uses: actions/upload-artifact@v4
name: Collect and Archive SmokeTest Results
if: failure()
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ca-cert-updater.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
working-directory: ./security
run: "./mk-ca-bundle.pl"

- uses: gr2m/create-or-update-pull-request-action@488876a65a2ca38b7eb05e9086166337087f5323 # v1.10.0
- uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
env:
GITHUB_TOKEN: ${{ secrets.ADOPTIUM_TEMURIN_BOT_TOKEN }}
with:
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -68,7 +68,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -81,6 +81,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/ossf-scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,6 @@ jobs:
name: SARIF file
path: results.sarif
retention-days: 5
- uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v2.13.4
- uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v2.13.4
with:
sarif_file: results.sarif
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# ********************************************************************************
# Copyright (c) 2023 Contributors to the Eclipse Foundation
# Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) with this work for additional
# information regarding copyright ownership.
Expand All @@ -12,7 +12,7 @@
# ********************************************************************************

---
name: TestSBOM
name: TestCycloneDX

on:
pull_request:
Expand All @@ -30,30 +30,49 @@ permissions:
contents: read

jobs:
test_sbom_gen:
name: gen_sbom
test_cyclonedx_gen:
name: gen_cyclonedx
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

# Build with jdk8 to ensure TemurinGenSBOM meets min compatibility
# Build with jdk8 to ensure TemurinGen* meets min compatibility
- uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
id: setup-java
with:
java-version: 8
distribution: 'temurin'

- name: Build TemurinGenSBOM.java
- name: Build TemurinGenSBOM.java and TemurinGenCDXA.java
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml clean
ant -noinput -buildfile cyclonedx-lib/build.xml build
- name: Run TemurinGenSBOM Unit test
run: ant -noinput -buildfile cyclonedx-lib/build.xml run

- name: Run TemurinGenCDXA Unit test
run: ant -noinput -buildfile cyclonedx-lib/build.xml runCDXA

- name: Validate generated SBOM and CDXA documents using cyclonedx-cli validate
run: |
curl -L -O https://github.com/CycloneDX/cyclonedx-cli/releases/latest/download/cyclonedx-linux-x64
chmod +x cyclonedx-linux-x64
./cyclonedx-linux-x64 validate --input-file cyclonedx-lib/build/testSBOM.json --fail-on-errors --input-version v1_6
./cyclonedx-linux-x64 validate --input-file cyclonedx-lib/build/testSBOM.xml --fail-on-errors --input-version v1_6
./cyclonedx-linux-x64 validate --input-file cyclonedx-lib/build/testCDXA.json --fail-on-errors --input-version v1_6
./cyclonedx-linux-x64 validate --input-file cyclonedx-lib/build/testCDXA.xml --fail-on-errors --input-version v1_6
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
name: Collect and Archive TemurinGenSBOM Artifacts
with:
name: testSBOM
path: cyclonedx-lib/build/testSBOM.json
path: cyclonedx-lib/build/testSBOM.*

- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
name: Collect and Archive TemurinGenCDXA Artifacts
with:
name: testCDXA
path: cyclonedx-lib/build/testCDXA.*

1 change: 1 addition & 0 deletions .licenserc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ header:
- 'security/certdata.txt'
- 'sbin/*.template'
- '.github/linters/*'
- '.github/workflows/dependabot-auto-merge.yml'
- 'cyclonedx-lib/getDependencies'
- 'cyclonedx-lib/dependency_data/**'
- 'makejdk-any-platform.1'
Expand Down
2 changes: 1 addition & 1 deletion RELEASING.md
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ flowchart TD

</details>

Disable nightly testing so the release builds aren't delayed by any nightly test runs (set `enableTests : false` in [defaults.json](https://github.com/adoptium/ci-jenkins-pipelines/blob/master/pipelines/defaults.json)). Ensure the build pipeline generator job runs successfully (<https://ci.adoptium.net/job/build-scripts/job/utils/job/build-pipeline-generator/>), and the flag is disabled by bringing up the Build pipeline job and check the `enableTests` checkbox is unticked.
Scheduled pipeline Testing is automatically disabled from the Saturday prior to "release Tuesday", to the Sunday after, see: https://github.com/adoptium/ci-jenkins-pipelines/blob/5bd79eb1d95a033c4ee364a8f9fcc270ad653178/pipelines/build/common/trigger_beta_build.groovy#L51

Add a banner to the website to indicate that the releases are coming in the near future ([Example Changes](https://github.com/adoptium/adoptium.net/blob/main/src/components/Banner.tsx)).

Expand Down
5 changes: 3 additions & 2 deletions SmokeTesting.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ These are the general steps to execute the Smoke Tests found in[/test/functional
1. export TEST_JDK_HOME=/someLocation // set test JDK home. On windows, the windows path format is expected. (i.e., TEST_JDK_HOME=C:\someLocation )
1. git clone [https://github.com/adoptium/aqa-tests.git](https://github.com/adoptium/aqa-tests) to /testLocation
1. cd aqa-tests
1. ./get.sh
1. ./get.sh --vendor_repos https://github.com/adoptium/temurin-build --vendor_branches master --vendor_dirs /test/functional
1. ( When running get.sh ensure the vendor parameters are passed correctly, the above example shows how to run the smoke tests contained within the temurin-build repository )
1. cd TKG
1. Export environment variables suitable for the SDK under test and for the test materials being used (i.e., export BUILD_LIST=functional/buildAndPackage, VENDOR_TEST_REPOS=https://github.com/adoptium/temurin-build, VENDOR_TEST_BRANCHES=master, VENDOR_TEST_DIRS=/test/functional )
1. Export environment variables suitable for the SDK under test and for the test materials being used (i.e., export BUILD_LIST=functional/buildAndPackage, this value details which test material that should be compiled.
1. make compile // fetches test material and compiles it, based on build.xml files in the test directories
1. make _extended.functional // executes the test target (can be test group, level, level.group or specific test). i.e., openjdk (all tests in openjdk group), sanity.functional (all functional tests labelled at sanity level), or in the case of smoke tests which are all tagged to belong to level=extended and group=functional, we use `_extended.functional` and because we have limited BUILD_LIST to the directory where the smoke test material lives, we will only run tests from that directory tagged as extended.functional.
5 changes: 5 additions & 0 deletions build-farm/platform-specific-configurations/mac.sh
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,11 @@ if [ ! -d "$(eval echo "\$$BOOT_JDK_VARIABLE")" ]; then
if [ -x "/Library/Java/JavaVirtualMachines/jdk${JDK_BOOT_VERSION}/Contents/Home/bin/javac" ]; then
echo "Could not use ${BOOT_JDK_VARIABLE} - using /Library/Java/JavaVirtualMachines/jdk${JDK_BOOT_VERSION}/Contents/Home"
export "${BOOT_JDK_VARIABLE}"="/Library/Java/JavaVirtualMachines/jdk${JDK_BOOT_VERSION}/Contents/Home"
elif [ -x "/Library/Java/JavaVirtualMachines/jdk-${JDK_BOOT_VERSION}/Contents/Home/bin/javac" ]; then
# TODO: This temporary ELIF allows us to accomodate undesired dashes that may be present
# in boot directory names (e.g. jdk-10) on Orka node images (fix pending).
echo "Could not use ${BOOT_JDK_VARIABLE} - using /Library/Java/JavaVirtualMachines/jdk-${JDK_BOOT_VERSION}/Contents/Home"
export "${BOOT_JDK_VARIABLE}"="/Library/Java/JavaVirtualMachines/jdk-${JDK_BOOT_VERSION}/Contents/Home"
elif [ "$JDK_BOOT_VERSION" -ge 8 ]; then # Adoptium has no build pre-8
mkdir -p "$bootDir"
for releaseType in "ga" "ea"
Expand Down
Loading

0 comments on commit e76d002

Please sign in to comment.