diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 920ce263fa..d44a485417 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -35,8 +35,13 @@ jobs:
!contains(github.event.head_commit.message, '[force]')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ with:
+ fetch-depth: 0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+# 7.3.N does not have proper pre-commit support
+# - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Prepare environment"
@@ -44,45 +49,136 @@ jobs:
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
- veracode:
+ veracode_sca:
name: "Source Clear Scan (SCA)"
runs-on: ubuntu-latest
needs: [prepare]
if: >
- ((github.ref_name == 'master' || contains(github.ref_name, 'release/')) && github.event_name != 'pull_request') &&
+ (github.ref_name == 'master' || contains(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
!contains(github.event.head_commit.message, '[skip tests]') &&
!contains(github.event.head_commit.message, '[force]')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- - uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v8.16.0
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
-
+
+ veracode_sast:
+ name: "Pipeline SAST Scan"
+ runs-on: ubuntu-latest
+ needs: [prepare]
+ if: >
+ (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
+ github.actor != 'dependabot[bot]' &&
+ !contains(github.event.head_commit.message, '[skip tests]') &&
+ !contains(github.event.head_commit.message, '[force')
+ steps:
+ - uses: actions/checkout@v4
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v8.16.0
+ with:
+ token: ${{ secrets.BOT_GITHUB_TOKEN }}
+ repository: "Alfresco/veracode-baseline-archive"
+ file-path: "alfresco-community-repo/alfresco-community-repo-baseline.json"
+ target: "baseline.json"
+ - name: "Build"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
+ run: |
+ bash ./scripts/ci/init.sh
+ bash ./scripts/ci/build.sh
+ - name: "Remove excluded files"
+ run: |
+ mkdir temp-dir-for-sast
+ bash ./scripts/ci/remove-sast-exclusions.sh ./packaging/war/target/alfresco.war temp-dir-for-sast/reduced.war
+ - name: "Run SAST Scan"
+ uses: veracode/Veracode-pipeline-scan-action@v1.0.16
+ with:
+ vid: ${{ secrets.VERACODE_API_ID }}
+ vkey: ${{ secrets.VERACODE_API_KEY }}
+ file: "temp-dir-for-sast/reduced.war"
+ fail_build: true
+ project_name: alfresco-community-repo
+ issue_details: true
+ veracode_policy_name: Alfresco Default
+ summary_output: true
+ summary_output_file: results.json
+ summary_display: true
+ baseline_file: baseline.json
+ - name: Upload scan result
+ if: success() || failure()
+ run: zip readable_output.zip results.json
+ - name: Upload Artifact
+ if: success() || failure()
+ uses: actions/upload-artifact@v4
+ with:
+ name: Veracode Pipeline-Scan Results (Human Readable)
+ path: readable_output.zip
+ - name: "Remove temporary directory"
+ run: rm -rfv temp-dir-for-sast
+ - name: "Clean Maven cache"
+ run: bash ./scripts/ci/cleanup_cache.sh
+
+ pmd_scan:
+ name: "PMD Scan"
+ runs-on: ubuntu-latest
+ needs: [prepare]
+ if: >
+ github.event_name == 'pull_request' &&
+ !contains(github.event.head_commit.message, '[skip pmd]') &&
+ !contains(github.event.head_commit.message, '[skip tests]') &&
+ !contains(github.event.head_commit.message, '[force]')
+ steps:
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+ - uses: Alfresco/ya-pmd-scan@v4.3.0
+ with:
+ classpath-build-command: "mvn test-compile -ntp -Pags -pl \"-:alfresco-community-repo-docker\""
+
all_unit_tests_suite:
- name: "Core, Data-Model, Repository - AllUnitTestsSuite - Build and test"
+ name: ${{ matrix.testName }} - AllUnitTestsSuite - Build and test
runs-on: ubuntu-latest
needs: [prepare]
if: >
!contains(github.event.head_commit.message, '[skip repo]') &&
!contains(github.event.head_commit.message, '[skip tests]') &&
!contains(github.event.head_commit.message, '[force]')
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - testName: Core
+ testModule: core
+ testAttributes: "-Dtest=AllCoreUnitTestSuite"
+ - testName: Data-Model
+ testModule: data-model
+ testAttributes: "-Dtest=AllDataModelUnitTestSuite"
+ - testName: Repository
+ testModule: repository
+ testAttributes: "-Dtest=AllUnitTestsSuite"
+ - testName: Mmt
+ testModule: mmt
+ testAttributes: "-Dtest=AllMmtUnitTestSuite"
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run tests"
run: |
- mvn -B test -pl core,data-model -am -DfailIfNoTests=false
- mvn -B test -pl "repository,mmt" -am "-Dtest=AllUnitTestsSuite,AllMmtUnitTestSuite" -DfailIfNoTests=false
+ mvn -B test -pl ${{ matrix.testModule }} -am ${{ matrix.testAttributes }} -DfailIfNoTests=false "${args[@]}"
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -112,8 +208,9 @@ jobs:
REQUIRES_INSTALLED_ARTIFACTS: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -122,9 +219,10 @@ jobs:
- name: "Set transformers tag"
run: echo "TRANSFORMERS_TAG=$(mvn help:evaluate -Dexpression=dependency.alfresco-transform-core.version -q -DforceStdout)" >> $GITHUB_ENV
- name: "Set up the environment"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile ${{ matrix.compose-profile }} up -d
- name: "Run tests"
- run: mvn -B test -pl remote-api -Dtest=${{ matrix.testSuite }} -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl remote-api -Dtest=${{ matrix.testSuite }} -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -142,11 +240,12 @@ jobs:
strategy:
fail-fast: false
matrix:
- version: ['10.2.18', '10.4', '10.5']
+ version: ['10.2.18', '10.4', '10.5', '10.6']
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: Run MariaDB ${{ matrix.version }} database
@@ -154,33 +253,7 @@ jobs:
env:
MARIADB_VERSION: ${{ matrix.version }}
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver
- - name: "Clean Maven cache"
- run: bash ./scripts/ci/cleanup_cache.sh
-
- repository_mariadb_10_6_tests:
- name: "Repository - MariaDB 10.6 tests"
- runs-on: ubuntu-latest
- needs: [prepare]
- if: >
- (((github.ref_name == 'master' || contains(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
- !contains(github.event.head_commit.message, '[skip db]')) ||
- contains(github.event.head_commit.message, '[latest db]') ||
- contains(github.event.head_commit.message, '[db]')) &&
- !contains(github.event.head_commit.message, '[skip tests]') &&
- !contains(github.event.head_commit.message, '[force]')
- steps:
- - uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
- - name: "Init"
- run: bash ./scripts/ci/init.sh
- - name: "Run MariaDB 10.6 database"
- run: docker compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile mariadb up -d
- env:
- MARIADB_VERSION: 10.6
- - name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -197,8 +270,9 @@ jobs:
!contains(github.event.head_commit.message, '[force]')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run MySQL 8 database"
@@ -206,7 +280,7 @@ jobs:
env:
MYSQL_VERSION: 8
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=com.mysql.jdbc.Driver -Ddb.name=alfresco -Ddb.url=jdbc:mysql://localhost:3307/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=com.mysql.jdbc.Driver -Ddb.name=alfresco -Ddb.url=jdbc:mysql://localhost:3307/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -215,15 +289,16 @@ jobs:
runs-on: ubuntu-latest
needs: [prepare]
if: >
- (((github.ref_name == 'master' || contains(github.ref_name, 'release/')) && github.event_name != 'pull_request' &&
+ (((github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && github.event_name != 'pull_request' &&
!contains(github.event.head_commit.message, '[skip db]')) ||
contains(github.event.head_commit.message, '[db]')) &&
!contains(github.event.head_commit.message, '[skip tests]') &&
- !contains(github.event.head_commit.message, '[force]')
+ !contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run PostgreSQL 13.7 database"
@@ -231,24 +306,25 @@ jobs:
env:
POSTGRES_VERSION: 13.7
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
repository_postgresql_14_4_tests:
name: "Repository - PostgreSQL 14.4 tests"
runs-on: ubuntu-latest
- needs: [prepare]
+ needs: [ prepare ]
if: >
- (!contains(github.event.head_commit.message, '[skip db]') ||
- contains(github.event.head_commit.message, '[latest db]') ||
+ (((github.ref_name == 'master' || contains(github.ref_name, 'release/')) && github.event_name != 'pull_request' &&
+ !contains(github.event.head_commit.message, '[skip db]')) ||
contains(github.event.head_commit.message, '[db]')) &&
!contains(github.event.head_commit.message, '[skip tests]') &&
!contains(github.event.head_commit.message, '[force]')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run PostgreSQL 14.4 database"
@@ -256,10 +332,11 @@ jobs:
env:
POSTGRES_VERSION: 14.4
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
+
repository_messaging_tests:
name: Repository - Messaging tests
runs-on: ubuntu-latest
@@ -270,19 +347,20 @@ jobs:
!contains(github.event.head_commit.message, '[force]')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run ActiveMQ"
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile activemq up -d
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=CamelRoutesTest,CamelComponentsTest -DfailIfNoTests=false
+ run: mvn -B test -pl repository -am -Dtest=CamelRoutesTest,CamelComponentsTest -DfailIfNoTests=false # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
repository_app_context_test_suites:
- name: Repository - ${{ matrix.testSuite }}
+ name: Repository - ${{ matrix.testSuite }} ${{ matrix.idp }}
runs-on: ubuntu-latest
needs: [prepare]
if: >
@@ -303,7 +381,8 @@ jobs:
compose-profile: with-transform-core-aio
- testSuite: AppContext05TestSuite
compose-profile: with-sso
- mvn-options: '"-Didentity-service.auth-server-url=http://localhost:8999/auth"'
+ mvn-options: '-Didentity-service.auth-server-url=http://localhost:8999/auth -Dauthentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm'
+ idp: Keycloak
- testSuite: AppContext06TestSuite
compose-profile: with-transform-core-aio
- testSuite: AppContextExtraTestSuite
@@ -315,16 +394,18 @@ jobs:
mvn-options: '-Dindex.subsystem.name=solr6'
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Set transformers tag"
run: echo "TRANSFORMERS_TAG=$(mvn help:evaluate -Dexpression=dependency.alfresco-transform-core.version -q -DforceStdout)" >> $GITHUB_ENV
- name: "Set up the environment"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile ${{ matrix.compose-profile }} up -d
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=${{ matrix.testSuite }} -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco ${{ matrix.mvn-options }}
+ run: mvn -B test -pl repository -am -Dtest=${{ matrix.testSuite }} -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco ${{ matrix.mvn-options }} # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -370,14 +451,16 @@ jobs:
REQUIRES_LOCAL_IMAGES: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/docker-compose-minimal+transforms.yml
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco"
@@ -404,14 +487,15 @@ jobs:
!contains(github.event.head_commit.message, '[force]')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run Postgres 14.4 database"
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile postgres up -d
- name: "Run tests"
- run: mvn -B test -pl :alfresco-share-services -am -Dtest=ShareServicesTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl :alfresco-share-services -am -Dtest=ShareServicesTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -433,8 +517,9 @@ jobs:
REQUIRES_INSTALLED_ARTIFACTS: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -464,8 +549,9 @@ jobs:
REQUIRES_INSTALLED_ARTIFACTS: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -491,8 +577,9 @@ jobs:
REQUIRES_LOCAL_IMAGES: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -523,3 +610,28 @@ jobs:
aws s3 cp --acl private ./amps/ags/rm-automation/rm-automation-community-rest-api/target/reports/rm-automation-community-rest-api.log s3://ags-travis-artifacts/community/${{ github.run_number }}/AGS-Community-Rest-API-Tests/rm-automation-community-rest-api.log
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
+
+ ags_start_api_explorer:
+ name: "Test Tomcat deployment of api explorer"
+ runs-on: ubuntu-latest
+ needs: [ prepare ]
+ if: >
+ (((github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request' ) &&
+ !contains(github.event.head_commit.message, '[skip ags]')) ||
+ contains(github.event.head_commit.message, '[ags]')) &&
+ !contains(github.event.head_commit.message, '[skip tests]') &&
+ !contains(github.event.head_commit.message, '[force]')
+ steps:
+ - uses: actions/checkout@v4
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+ - name: "Build"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
+ run: |
+ bash ./scripts/ci/init.sh
+ bash ./scripts/ci/build.sh
+ - name: "Test Tomcat deployment"
+ run: |
+ mvn verify -Pags,start-api-explorer -DskipTests &
+ ${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8085/api-explorer"
diff --git a/.github/workflows/master_release.yml b/.github/workflows/master_release.yml
index 4c8a753127..772b13ec9f 100644
--- a/.github/workflows/master_release.yml
+++ b/.github/workflows/master_release.yml
@@ -32,11 +32,12 @@ jobs:
github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v8.16.0
with:
username: ${{ env.GIT_USERNAME }}
email: ${{ env.GIT_EMAIL }}
@@ -58,11 +59,12 @@ jobs:
github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v8.16.0
with:
username: ${{ env.GIT_USERNAME }}
email: ${{ env.GIT_EMAIL }}
diff --git a/packaging/war/pom.xml b/packaging/war/pom.xml
index e9b415e720..ebbca0bea8 100644
--- a/packaging/war/pom.xml
+++ b/packaging/war/pom.xml
@@ -119,6 +119,11 @@
mysql-connector-java
test
+
+ org.owasp.encoder
+ encoder
+ 1.2.3
+
diff --git a/packaging/war/src/main/webapp/index.jsp b/packaging/war/src/main/webapp/index.jsp
index 97357660e6..3628992c3b 100644
--- a/packaging/war/src/main/webapp/index.jsp
+++ b/packaging/war/src/main/webapp/index.jsp
@@ -34,6 +34,7 @@
<%@ page import="org.alfresco.service.cmr.module.ModuleDetails" %>
<%@ page import="org.alfresco.service.cmr.module.ModuleInstallState" %>
<%@ page import="java.util.Calendar" %>
+<%@ page import="org.owasp.encoder.Encode" %>
<%
@@ -88,7 +89,7 @@ ModuleDetails shareServicesModule = moduleService.getModule("alfresco-share-serv
Alfresco WebScripts Home (admin only - INTERNAL)
- Alfresco API Explorer
+ Alfresco API Explorer
<%
if (descriptorService.getLicenseDescriptor() == null && transactionService.isReadOnly())
{
diff --git a/pom.xml b/pom.xml
index 18d0c26528..c13b2e92e3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -398,7 +398,7 @@
commons-fileupload
commons-fileupload
- 1.5
+ 1.6.0
diff --git a/scripts/ci/build.sh b/scripts/ci/build.sh
index 349c1da7e6..a1bc5acd2b 100644
--- a/scripts/ci/build.sh
+++ b/scripts/ci/build.sh
@@ -6,31 +6,22 @@ pushd "$(dirname "${BASH_SOURCE[0]}")/../../"
source "$(dirname "${BASH_SOURCE[0]}")/build_functions.sh"
-
-# Build the current project if needed
-if [[ -n ${REQUIRES_INSTALLED_ARTIFACTS} ]] || [[ -n ${REQUIRES_LOCAL_IMAGES} ]] || [[ -n ${BUILD_PROFILES} ]]; then
-
- if [[ -n ${BUILD_PROFILES} ]]; then
- PROFILES="${BUILD_PROFILES}"
- else
- if [[ "${REQUIRES_LOCAL_IMAGES}" == "true" ]]; then
- PROFILES="-Pbuild-docker-images -Pags"
- else
- PROFILES="-Pags"
- fi
- fi
-
- if [[ "${REQUIRES_INSTALLED_ARTIFACTS}" == "true" ]]; then
- PHASE="install"
- else
- PHASE="package"
- fi
-
- mvn -B -V $PHASE -DskipTests -Dmaven.javadoc.skip=true $PROFILES $BUILD_OPTIONS
+if [[ -n ${BUILD_PROFILES} ]]; then
+ PROFILES="${BUILD_PROFILES}"
+elif [[ "${REQUIRES_LOCAL_IMAGES}" == "true" ]]; then
+ PROFILES="-Pbuild-docker-images -Pags"
+else
+ PROFILES="-Pags"
fi
+if [[ "${REQUIRES_INSTALLED_ARTIFACTS}" == "true" ]]; then
+ PHASE="install"
+else
+ PHASE="package"
+fi
+
+mvn -B -V $PHASE -DskipTests -Dmaven.javadoc.skip=true $PROFILES $BUILD_OPTIONS
popd
set +vex
echo "=========================== Finishing Build Script =========================="
-
diff --git a/scripts/ci/remove-sast-exclusions.sh b/scripts/ci/remove-sast-exclusions.sh
new file mode 100644
index 0000000000..8826cb2aa1
--- /dev/null
+++ b/scripts/ci/remove-sast-exclusions.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+echo "=========================== Excluding Files from Veracode SAST ==========================="
+set -ex
+pushd "$(dirname "${BASH_SOURCE[0]}")/../../"
+
+# Copy war file to temporary directory
+cp -f "$1" "$2"
+
+# Remove files to be excluded from Veracode SAST
+exclusions="./scripts/ci/SAST-exclusion-list.txt"
+if [ -e $exclusions ]
+then
+ while read -r line
+ do
+ echo "Removing WEB-INF/lib/$line"
+ zip -d "$2" "WEB-INF/lib/$line" || true
+ done < "$exclusions"
+else
+ echo "No files to be excluded from SAST"
+fi
+
+popd
+set +ex
+echo "=========================== Finishing Excluding Files from Veracode SAST =========================="