[BRMO-384] Fix Resolving XML external entity in user-controlled data #3846
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ubuntu Oracle build | |
on: | |
push: | |
branches: | |
- 'master' | |
pull_request: | |
concurrency: # cancel on PR pushes | |
# More info: https://stackoverflow.com/a/68422069/253468 | |
group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/master' || github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) || format('ci-master-{0}', github.ref) }} | |
cancel-in-progress: true | |
env: | |
MAVEN_OPTS: -Djava.awt.headless=true -Xms8G -Xmx12G -Dmaven.wagon.httpconnectionManager.ttlSeconds=25 -Dmaven.wagon.http.retryHandler.count=3 -Dtest.persistence.unit=brmo.persistence.oracle -Djava.security.egd=file:/dev/./urandom | |
MAVEN_VERSION: '3.9.9' | |
jobs: | |
build: | |
name: Oracle DB online test | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
java: [ 17 ] | |
java-dist: [ 'temurin' ] | |
oracle: [ 'oracle-xe:21.3.0-full', 'oracle-free:23.5-full' ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: 'Cache test data' | |
uses: actions/cache@v4 | |
with: | |
path: ~/downloads | |
key: downloads-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
downloads- | |
- name: 'Set up JDK' | |
uses: actions/setup-java@v4 | |
with: | |
distribution: ${{ matrix.java-dist }} | |
java-version: ${{ matrix.java }} | |
cache: 'maven' | |
- name: 'Set up Maven' | |
uses: stCarolas/setup-maven@v5 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: 'Install extra software' | |
run: sudo apt install -y --no-install-recommends xmlstarlet | |
- name: 'Priming build' | |
run: | | |
mvn clean install -Dmaven.test.skip=true -Ddocker.skip=true -Dtest.onlyITs= -B -V -fae -Poracle -DskipQA=true | |
projectversion=$(grep "<version>.*<.version>" -m1 pom.xml | sed -e "s/^.*<version/<version/" | cut -f2 -d">"| cut -f1 -d"<") | |
echo $projectversion | |
export PROJECTVERSION=$projectversion | |
sed -i s/\${project.version}/$projectversion/g ./brmo-persistence/db/create-brmo-persistence-oracle.sql | |
sed -i s/\${project.version}/$projectversion/g ./datamodel/brk/brk2.0_oracle.sql | |
- name: 'Setup Oracle DB' | |
run: | | |
./.build/ci/oracle-start-docker.sh ${{ matrix.oracle }} | |
./.build/ci/oracle-setup.sh | |
- name: 'Test' | |
run: | | |
mvn -e test -B -Poracle -pl '!brmo-dist' -Dtest.onlyITs=false -DskipQA=true | |
- name: 'Verify bag2-loader' | |
run: | | |
mvn -e verify -B -Poracle -T1 -Dtest.onlyITs=true -pl 'bag2-loader' -DskipQA=true | |
.build/ci/oracle-setup-bag2_views.sh | |
mvn resources:testResources compiler:testCompile surefire:test -Poracle -pl datamodel -Dtest='!*UpgradeTest' -DskipQA=true | |
- name: 'Verify bgt-loader' | |
run: mvn -e verify -B -Poracle -T1 -Dtest.onlyITs=true -pl 'bgt-loader' -DskipQA=true | |
- name: 'Verify brmo-loader' | |
run: mvn -e verify -B -Poracle -T1 -Dtest.onlyITs=true -pl 'brmo-loader' -DskipQA=true | |
- name: 'Verify brmo-service' | |
run: mvn -e verify -B -Poracle -Dtest.onlyITs=true -pl 'brmo-service' -DskipQA=true | |
- name: 'Verify brmo-stufbg204' | |
run: mvn -e verify -B -Poracle -Dtest.onlyITs=true -pl 'brmo-stufbg204' -DskipQA=true | |
- name: 'Verify brmo-commandline' | |
run: mvn -e verify -B -Poracle -Dtest.onlyITs=true -pl 'brmo-commandline' -DskipQA=true | |
- name: 'Verify nhr-loader' | |
run: mvn -e verify -B -Poracle -Dtest.onlyITs=true -pl 'nhr-loader' -DskipQA=true | |
- name: 'Upload coverage to Codecov' | |
uses: codecov/codecov-action@v5 | |
with: | |
fail_ci_if_error: true | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: 'Cleanup build artifacts' | |
run: | | |
mvn clean build-helper:remove-project-artifact | |
find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {} |