diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d246944f6b..4a978ebfa2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -26,6 +26,9 @@ env:
CI_WORKSPACE: ${{ github.workspace }}
TAS_ENVIRONMENT: ./packaging/tests/environment
TAS_SCRIPTS: ../alfresco-community-repo/packaging/tests/scripts
+ AUTH0_CLIENT_ID: ${{ secrets.AUTH0_OIDC_ADMIN_CLIENT_ID }}
+ AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_OIDC_CLIENT_SECRET }}
+ AUTH0_ADMIN_PASSWORD: ${{ secrets.AUTH0_OIDC_ADMIN_PASSWORD }}
jobs:
prepare:
@@ -36,8 +39,13 @@ jobs:
!contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ with:
+ fetch-depth: 0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+# 7.4.N does not have proper pre-commit support
+# - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Prepare maven cache and check compilation"
@@ -45,45 +53,136 @@ jobs:
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
- veracode:
+ veracode_sca:
name: "Source Clear Scan (SCA)"
runs-on: ubuntu-latest
needs: [prepare]
if: >
- ((github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && github.event_name != 'pull_request') &&
+ (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
!contains(github.event.head_commit.message, '[skip tests]') &&
!contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- - uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v8.16.0
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
-
+
+ veracode_sast:
+ name: "Pipeline SAST Scan"
+ runs-on: ubuntu-latest
+ needs: [prepare]
+ if: >
+ (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
+ github.actor != 'dependabot[bot]' &&
+ !contains(github.event.head_commit.message, '[skip tests]') &&
+ !contains(github.event.head_commit.message, '[force')
+ steps:
+ - uses: actions/checkout@v4
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v8.16.0
+ with:
+ token: ${{ secrets.BOT_GITHUB_TOKEN }}
+ repository: "Alfresco/veracode-baseline-archive"
+ file-path: "alfresco-community-repo/alfresco-community-repo-baseline.json"
+ target: "baseline.json"
+ - name: "Build"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
+ run: |
+ bash ./scripts/ci/init.sh
+ bash ./scripts/ci/build.sh
+ - name: "Remove excluded files"
+ run: |
+ mkdir temp-dir-for-sast
+ bash ./scripts/ci/remove-sast-exclusions.sh ./packaging/war/target/alfresco.war temp-dir-for-sast/reduced.war
+ - name: "Run SAST Scan"
+ uses: veracode/Veracode-pipeline-scan-action@v1.0.16
+ with:
+ vid: ${{ secrets.VERACODE_API_ID }}
+ vkey: ${{ secrets.VERACODE_API_KEY }}
+ file: "temp-dir-for-sast/reduced.war"
+ fail_build: true
+ project_name: alfresco-community-repo
+ issue_details: true
+ veracode_policy_name: Alfresco Default
+ summary_output: true
+ summary_output_file: results.json
+ summary_display: true
+ baseline_file: baseline.json
+ - name: Upload scan result
+ if: success() || failure()
+ run: zip readable_output.zip results.json
+ - name: Upload Artifact
+ if: success() || failure()
+ uses: actions/upload-artifact@v4
+ with:
+ name: Veracode Pipeline-Scan Results (Human Readable)
+ path: readable_output.zip
+ - name: "Remove temporary directory"
+ run: rm -rfv temp-dir-for-sast
+ - name: "Clean Maven cache"
+ run: bash ./scripts/ci/cleanup_cache.sh
+
+ pmd_scan:
+ name: "PMD Scan"
+ runs-on: ubuntu-latest
+ needs: [prepare]
+ if: >
+ github.event_name == 'pull_request' &&
+ !contains(github.event.head_commit.message, '[skip pmd]') &&
+ !contains(github.event.head_commit.message, '[skip tests]') &&
+ !contains(github.event.head_commit.message, '[force]')
+ steps:
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+ - uses: Alfresco/ya-pmd-scan@v4.3.0
+ with:
+ classpath-build-command: "mvn test-compile -ntp -Pags -pl \"-:alfresco-community-repo-docker\""
+
all_unit_tests_suite:
- name: "Core, Data-Model, Repository - AllUnitTestsSuite - Build and test"
+ name: ${{ matrix.testName }} - AllUnitTestsSuite - Build and test
runs-on: ubuntu-latest
needs: [prepare]
if: >
!contains(github.event.head_commit.message, '[skip repo]') &&
!contains(github.event.head_commit.message, '[skip tests]') &&
!contains(github.event.head_commit.message, '[force')
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - testName: Core
+ testModule: core
+ testAttributes: "-Dtest=AllCoreUnitTestSuite"
+ - testName: Data-Model
+ testModule: data-model
+ testAttributes: "-Dtest=AllDataModelUnitTestSuite"
+ - testName: Repository
+ testModule: repository
+ testAttributes: "-Dtest=AllUnitTestsSuite"
+ - testName: Mmt
+ testModule: mmt
+ testAttributes: "-Dtest=AllMmtUnitTestSuite"
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run tests"
run: |
- mvn -B test -pl core,data-model -am -DfailIfNoTests=false
- mvn -B test -pl "repository,mmt" -am "-Dtest=AllUnitTestsSuite,AllMmtUnitTestSuite" -DfailIfNoTests=false
+ mvn -B test -pl ${{ matrix.testModule }} -am ${{ matrix.testAttributes }} -DfailIfNoTests=false "${args[@]}"
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -113,8 +212,9 @@ jobs:
REQUIRES_INSTALLED_ARTIFACTS: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -123,9 +223,10 @@ jobs:
- name: "Set transformers tag"
run: echo "TRANSFORMERS_TAG=$(mvn help:evaluate -Dexpression=dependency.alfresco-transform-core.version -q -DforceStdout)" >> $GITHUB_ENV
- name: "Set up the environment"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile ${{ matrix.compose-profile }} up -d
- name: "Run tests"
- run: mvn -B test -pl remote-api -Dtest=${{ matrix.testSuite }} -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl remote-api -Dtest=${{ matrix.testSuite }} -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -143,11 +244,12 @@ jobs:
strategy:
fail-fast: false
matrix:
- version: ['10.2.18', '10.4', '10.5']
+ version: ['10.2.18', '10.4', '10.5', '10.6']
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: Run MariaDB ${{ matrix.version }} database
@@ -155,33 +257,7 @@ jobs:
env:
MARIADB_VERSION: ${{ matrix.version }}
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver
- - name: "Clean Maven cache"
- run: bash ./scripts/ci/cleanup_cache.sh
-
- repository_mariadb_10_6_tests:
- name: "Repository - MariaDB 10.6 tests"
- runs-on: ubuntu-latest
- needs: [prepare]
- if: >
- (((github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
- !contains(github.event.head_commit.message, '[skip db]')) ||
- contains(github.event.head_commit.message, '[latest db]') ||
- contains(github.event.head_commit.message, '[db]')) &&
- !contains(github.event.head_commit.message, '[skip tests]') &&
- !contains(github.event.head_commit.message, '[force')
- steps:
- - uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
- - name: "Init"
- run: bash ./scripts/ci/init.sh
- - name: "Run MariaDB 10.6 database"
- run: docker compose -f ./scripts/ci/docker-compose/docker-compose-db.yaml --profile mariadb up -d
- env:
- MARIADB_VERSION: 10.6
- - name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.name=alfresco -Ddb.url=jdbc:mariadb://localhost:3307/alfresco?useUnicode=yes\&characterEncoding=UTF-8 -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.driver=org.mariadb.jdbc.Driver # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -198,8 +274,9 @@ jobs:
!contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run MySQL 8 database"
@@ -207,7 +284,7 @@ jobs:
env:
MYSQL_VERSION: 8
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=com.mysql.jdbc.Driver -Ddb.name=alfresco -Ddb.url=jdbc:mysql://localhost:3307/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=com.mysql.jdbc.Driver -Ddb.name=alfresco -Ddb.url=jdbc:mysql://localhost:3307/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -223,8 +300,9 @@ jobs:
!contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run PostgreSQL 13.7 database"
@@ -232,24 +310,25 @@ jobs:
env:
POSTGRES_VERSION: 13.7
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
repository_postgresql_14_4_tests:
name: "Repository - PostgreSQL 14.4 tests"
runs-on: ubuntu-latest
- needs: [prepare]
+ needs: [ prepare ]
if: >
- (!contains(github.event.head_commit.message, '[skip db]') ||
- contains(github.event.head_commit.message, '[latest db]') ||
+ (((github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && github.event_name != 'pull_request' &&
+ !contains(github.event.head_commit.message, '[skip db]')) ||
contains(github.event.head_commit.message, '[db]')) &&
!contains(github.event.head_commit.message, '[skip tests]') &&
!contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run PostgreSQL 14.4 database"
@@ -257,10 +336,11 @@ jobs:
env:
POSTGRES_VERSION: 14.4
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl repository -am -Dtest=AllDBTestsTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
+
repository_messaging_tests:
name: Repository - Messaging tests
runs-on: ubuntu-latest
@@ -271,19 +351,20 @@ jobs:
!contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Run ActiveMQ"
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile activemq up -d
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=CamelRoutesTest,CamelComponentsTest -DfailIfNoTests=false
+ run: mvn -B test -pl repository -am -Dtest=CamelRoutesTest,CamelComponentsTest -DfailIfNoTests=false # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
repository_app_context_test_suites:
- name: Repository - ${{ matrix.testSuite }}
+ name: Repository - ${{ matrix.testSuite }} ${{ matrix.idp }}
runs-on: ubuntu-latest
needs: [prepare]
if: >
@@ -304,7 +385,12 @@ jobs:
compose-profile: with-transform-core-aio
- testSuite: AppContext05TestSuite
compose-profile: with-sso
- mvn-options: '"-Didentity-service.auth-server-url=http://${HOST_IP}:8999/auth"'
+ mvn-options: '-Didentity-service.auth-server-url=http://${HOST_IP}:8999/auth -Dauthentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm'
+ idp: Keycloak
+ - testSuite: AppContext05TestSuite
+ compose-profile: default
+ mvn-options: '-Didentity-service.auth-server-url=https://dev-ps-alfresco.auth0.com/ -Dauthentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm -Didentity-service.audience=http://localhost:3000 -Didentity-service.resource=${AUTH0_CLIENT_ID} -Didentity-service.credentials.secret=${AUTH0_CLIENT_SECRET} -Didentity-service.public-client=false -Didentity-service.realm= -Didentity-service.client-id.validation.disabled=false -Dadmin.user=admin@alfresco.com -Dadmin.password=${AUTH0_ADMIN_PASSWORD} -Dauth0.enabled=true -Dauth0.admin.password=${AUTH0_ADMIN_PASSWORD} -Didentity-service.principal-attribute=nickname'
+ idp: Auth0
- testSuite: AppContext06TestSuite
compose-profile: with-transform-core-aio
- testSuite: AppContextExtraTestSuite
@@ -321,8 +407,9 @@ jobs:
mvn-options: '-Dencryption.ssl.keystore.location=${CI_WORKSPACE}/keystores/alfresco/alfresco.keystore -Dencryption.ssl.truststore.location=${CI_WORKSPACE}/keystores/alfresco/alfresco.truststore'
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- name: "Set transformers tag"
@@ -341,9 +428,10 @@ jobs:
echo "HOSTNAME_VERIFICATION_DISABLED=false" >> "$GITHUB_ENV"
fi
- name: "Set up the environment"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile ${{ matrix.compose-profile }} up -d
- name: "Run tests"
- run: mvn -B test -pl repository -am -Dtest=${{ matrix.testSuite }} -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco ${{ matrix.mvn-options }}
+ run: mvn -B test -pl repository -am -Dtest=${{ matrix.testSuite }} -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco ${{ matrix.mvn-options }} # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -383,26 +471,22 @@ jobs:
pom-dir: tas-email
- test-name: "WebDAV TAS tests"
pom-dir: tas-webdav
- - test-name: "Integration TAS tests (Java 17)"
+ - test-name: "Integration TAS tests"
pom-dir: tas-integration
- - test-name: "Integration TAS tests (Java 11)"
- pom-dir: tas-integration
- jre-version: 11
env:
REQUIRES_LOCAL_IMAGES: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
- with:
- java-version: ${{ matrix.jre-version || '17' }}
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
- export BUILD_OPTIONS="-Ddocker.buildArg.JRE_VERSION=${{ matrix.jre-version }} ${BUILD_OPTIONS}"
bash ./scripts/ci/build.sh
- name: "Set up the environment"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/docker-compose-minimal+transforms.yml
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco"
@@ -432,14 +516,15 @@ jobs:
!contains(github.event.head_commit.message, '[force')
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- - name: "Run Postgres 14.4 database"
+ - name: "Run Postgres 16.6 database"
run: docker compose -f ./scripts/ci/docker-compose/docker-compose.yaml --profile postgres up -d
- name: "Run tests"
- run: mvn -B test -pl :alfresco-share-services -am -Dtest=ShareServicesTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco
+ run: mvn -B test -pl :alfresco-share-services -am -Dtest=ShareServicesTestSuite -DfailIfNoTests=false -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql://localhost:5433/alfresco -Ddb.username=alfresco -Ddb.password=alfresco # pragma: allowlist secret
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
@@ -461,8 +546,9 @@ jobs:
REQUIRES_INSTALLED_ARTIFACTS: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -492,8 +578,9 @@ jobs:
REQUIRES_INSTALLED_ARTIFACTS: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -519,8 +606,9 @@ jobs:
REQUIRES_LOCAL_IMAGES: true
steps:
- uses: actions/checkout@v4
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
@@ -551,3 +639,28 @@ jobs:
aws s3 cp --acl private ./amps/ags/rm-automation/rm-automation-community-rest-api/target/reports/rm-automation-community-rest-api.log s3://ags-travis-artifacts/community/${{ github.run_number }}/AGS-Community-Rest-API-Tests/rm-automation-community-rest-api.log
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
+
+ ags_start_api_explorer:
+ name: "Test Tomcat deployment of api explorer"
+ runs-on: ubuntu-latest
+ needs: [ prepare ]
+ if: >
+ (((github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request' ) &&
+ !contains(github.event.head_commit.message, '[skip ags]')) ||
+ contains(github.event.head_commit.message, '[ags]')) &&
+ !contains(github.event.head_commit.message, '[skip tests]') &&
+ !contains(github.event.head_commit.message, '[force]')
+ steps:
+ - uses: actions/checkout@v4
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
+ - name: "Build"
+ timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
+ run: |
+ bash ./scripts/ci/init.sh
+ bash ./scripts/ci/build.sh
+ - name: "Test Tomcat deployment"
+ run: |
+ mvn verify -Pags,start-api-explorer -DskipTests &
+ ${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8085/api-explorer"
diff --git a/.github/workflows/master_release.yml b/.github/workflows/master_release.yml
index 2913f24adc..6fdd4eaed5 100644
--- a/.github/workflows/master_release.yml
+++ b/.github/workflows/master_release.yml
@@ -34,11 +34,12 @@ jobs:
- uses: actions/checkout@v4
with:
persist-credentials: false
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v8.16.0
with:
username: ${{ env.GIT_USERNAME }}
email: ${{ env.GIT_EMAIL }}
@@ -62,11 +63,12 @@ jobs:
- uses: actions/checkout@v4
with:
persist-credentials: false
- - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.16.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.16.0
- name: "Init"
run: bash ./scripts/ci/init.sh
- - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v7.0.0
+ - uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v8.16.0
with:
username: ${{ env.GIT_USERNAME }}
email: ${{ env.GIT_EMAIL }}
diff --git a/packaging/war/pom.xml b/packaging/war/pom.xml
index bdf4d7d437..0913d19d1c 100644
--- a/packaging/war/pom.xml
+++ b/packaging/war/pom.xml
@@ -115,6 +115,11 @@
mysql-connector-java
test
+
+ org.owasp.encoder
+ encoder
+ 1.2.3
+
diff --git a/packaging/war/src/main/webapp/index.jsp b/packaging/war/src/main/webapp/index.jsp
index 97357660e6..3628992c3b 100644
--- a/packaging/war/src/main/webapp/index.jsp
+++ b/packaging/war/src/main/webapp/index.jsp
@@ -34,6 +34,7 @@
<%@ page import="org.alfresco.service.cmr.module.ModuleDetails" %>
<%@ page import="org.alfresco.service.cmr.module.ModuleInstallState" %>
<%@ page import="java.util.Calendar" %>
+<%@ page import="org.owasp.encoder.Encode" %>
<%
@@ -88,7 +89,7 @@ ModuleDetails shareServicesModule = moduleService.getModule("alfresco-share-serv
Alfresco WebScripts Home (admin only - INTERNAL)
- Alfresco API Explorer
+ Alfresco API Explorer
<%
if (descriptorService.getLicenseDescriptor() == null && transactionService.isReadOnly())
{
diff --git a/pom.xml b/pom.xml
index bd4bb4a9b8..6092468ee6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -403,7 +403,7 @@
commons-fileupload
commons-fileupload
- 1.5
+ 1.6.0
diff --git a/scripts/ci/remove-sast-exclusions.sh b/scripts/ci/remove-sast-exclusions.sh
new file mode 100644
index 0000000000..8826cb2aa1
--- /dev/null
+++ b/scripts/ci/remove-sast-exclusions.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+echo "=========================== Excluding Files from Veracode SAST ==========================="
+set -ex
+pushd "$(dirname "${BASH_SOURCE[0]}")/../../"
+
+# Copy war file to temporary directory
+cp -f "$1" "$2"
+
+# Remove files to be excluded from Veracode SAST
+exclusions="./scripts/ci/SAST-exclusion-list.txt"
+if [ -e $exclusions ]
+then
+ while read -r line
+ do
+ echo "Removing WEB-INF/lib/$line"
+ zip -d "$2" "WEB-INF/lib/$line" || true
+ done < "$exclusions"
+else
+ echo "No files to be excluded from SAST"
+fi
+
+popd
+set +ex
+echo "=========================== Finishing Excluding Files from Veracode SAST =========================="