Suppress CVE-2023-35116 #21

Workflow file for this run

	name: Build

	on:
	workflow_dispatch:
	push:
	branches:
	- 'main'
	paths-ignore:
	- '**.gitignore'
	- 'CODEOWNERS'
	- 'LICENSE'
	- '**.md'
	- '**.adoc'
	- '**.txt'
	- '.all-contributorsrc'
	pull_request:
	paths-ignore:
	- '**.gitignore'
	- 'CODEOWNERS'
	- 'LICENSE'
	- '**.md'
	- '**.adoc'
	- '**.txt'
	- '.all-contributorsrc'

	concurrency:
	group: workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}
	cancel-in-progress: ${{ github.event_name == 'pull_request' \|\| github.repository != 'turing85/run-query' }}

	env:
	DOCKER_BUILDKIT: 1
	GRAALVM_DISTRIBUTION: mandrel
	GRAALVM_VERSION: mandrel-22.3.2.1-Final
	JAVA_VERSION: 17
	MANDREL_VERSION: 22.3.2.1-Final

	permissions:
	actions: write
	checks: write
	pull-requests: write

	jobs:
	recreate-comment:
	name: Recreate Comment
	runs-on: ubuntu-latest

	steps:
	- name: Publish Report
	uses: turing85/[email protected]
	with:
	checkout: true
	recreate-comment: true

	populate-cache:
	name: Populate Cache
	runs-on: ubuntu-latest

	steps:
	- name: Git checkout
	uses: actions/checkout@v3

	- name: Populate Cache
	uses: ./.github/actions/populate-cache
	with:
	graalvm-distribution: ${{ env.GRAALVM_DISTRIBUTION }}
	graalvm-version: ${{ env.GRAALVM_VERSION }}
	java-version: ${{ env.JAVA_VERSION }}

	build-and-test-jvm:
	name: Build and Test (JVM)
	runs-on: ubuntu-latest
	continue-on-error: true

	needs:
	- populate-cache

	steps:
	- name: Git checkout
	uses: actions/checkout@v3

	- name: Set up ${{ env.GRAALVM_DISTRIBUTION}} ${{ env.MANDREL_VERSION }} (Java ${{ env.JAVA_VERSION }})
	uses: graalvm/setup-graalvm@v1
	with:
	cache: 'maven'
	distribution: ${{ env.GRAALVM_DISTRIBUTION}}
	java-version: ${{ env.JAVA_VERSION }}
	version: ${{ env.GRAALVM_VERSION }}

	- name: Build and Test
	run: \|
	./mvnw \
	--batch-mode \
	--color always \
	--define build-container-image \
	--define ci \
	verify

	- name: Upload Maven State
	uses: actions/upload-artifact@v3
	if: ${{ always() }}
	with:
	if-no-files-found: error
	name: maven-state
	path: '*/target/maven-'
	retention-days: 2

	- name: Upload Compiled Classes
	uses: actions/upload-artifact@v3
	if: ${{ always() }}
	with:
	if-no-files-found: error
	name: compiled-classes
	path: '*/target/classes'
	retention-days: 2

	- name: Upload JARs
	uses: actions/upload-artifact@v3
	if: ${{ always() }}
	with:
	if-no-files-found: error
	name: jars
	path: '*/target/.jar'
	retention-days: 2

	- name: Upload Fast-JAR
	uses: actions/upload-artifact@v3
	if: ${{ always() }}
	with:
	if-no-files-found: error
	name: fast-jar
	path: 'target/quarkus-app'
	retention-days: 2

	- name: Upload Test Report
	uses: actions/upload-artifact@v3
	if: ${{ always() }}
	with:
	if-no-files-found: error
	name: test-report-jvm
	path: '/target//TEST*.xml'
	retention-days: 2

	build-and-test-native:
	name: Build and Test (Native)
	runs-on: ubuntu-latest
	continue-on-error: true

	needs:
	- populate-cache

	steps:
	- name: Git checkout
	uses: actions/checkout@v3

	- name: Set up ${{ env.GRAALVM_DISTRIBUTION}} ${{ env.MANDREL_VERSION }} (Java ${{ env.JAVA_VERSION }})
	uses: graalvm/setup-graalvm@v1
	with:
	cache: 'maven'
	distribution: ${{ env.GRAALVM_DISTRIBUTION}}
	java-version: ${{ env.JAVA_VERSION }}
	version: ${{ env.GRAALVM_VERSION }}

	# TODO: Remove if bug in quarkus is fixed
	- name: Pre-pull builder-image
	run: \|
	docker pull quay.io/quarkus/ubi-quarkus-mandrel-builder-image:23.0-java17@sha256:2016d11266d8a8beb3fa76b0d12cc4399e99821afaeac32e2273d3cc1b2bda0b

	- name: Build and Test
	run: \|
	./mvnw \
	--batch-mode \
	--color always \
	--define build-container-image \
	--define ci \
	--define native-compressed \
	verify

	- name: Upload executable
	uses: actions/upload-artifact@v3
	if: ${{ always() }}
	with:
	if-no-files-found: error
	name: executable
	path: \|
	target/*-runner
	target/*.so
	retention-days: 2

	- name: Upload Test Report
	uses: actions/upload-artifact@v3
	if: ${{ always() }}
	with:
	if-no-files-found: error
	name: test-report-native
	path: '/target//TEST*.xml'
	retention-days: 2

	test-report-jvm:
	name: Test Report (JVM)
	runs-on: ubuntu-latest

	needs:
	- recreate-comment
	- build-and-test-jvm

	steps:
	- name: Publish report (JVM Test)
	uses: turing85/[email protected]
	if: ${{ always() }}
	with:
	cancel-workflow-on-error: true
	checkout: true
	download-artifact-name: test-report-jvm
	report-name: JVM Test
	report-only-summary: true
	report-path: '/target//TEST*.xml'

	test-report-native:
	name: Test Report (Native)
	runs-on: ubuntu-latest

	needs:
	- recreate-comment
	- build-and-test-native

	steps:
	- name: Publish Report (Native Test)
	uses: turing85/[email protected]
	if: ${{ always() }}
	with:
	cancel-workflow-on-error: true
	checkout: true
	download-artifact-name: test-report-native
	report-name: Native Test
	report-only-summary: true
	report-path: '/target//TEST*.xml'

	owasp:
	name: OWASP Scan
	runs-on: ubuntu-latest

	needs:
	- recreate-comment
	- build-and-test-jvm

	steps:
	- name: Git checkout
	uses: actions/checkout@v3

	- name: OWASP Scan
	uses: ./.github/actions/owasp-scan
	with:
	graalvm-distribution: ${{ env.GRAALVM_DISTRIBUTION }}
	graalvm-version: ${{ env.GRAALVM_DISTRIBUTION }}-${{ env.MANDREL_VERSION }}
	java-version: ${{ env.JAVA_VERSION }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Suppress CVE-2023-35116 #21

Workflow file

Suppress CVE-2023-35116 #21

Jobs

Run details

Workflow file for this run