Skip to content

Add SECURITY.md

Add SECURITY.md #516

Workflow file for this run

#
# Copyright (c) 2023, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "Validate"
on:
pull_request:
push:
branches-ignore: [ 'main', 'helidon-*.x', 'release-*' ]
tags-ignore: [ '**' ]
workflow_call:
inputs:
ref:
description: The branch, tag or SHA to checkout
required: false
type: string
default: ''
env:
JAVA_VERSION: 21
GRAALVM_VERSION: 21.0.3
JAVA_DISTRO: oracle
MAVEN_ARGS: |
-B -fae -e
-Dmaven.wagon.httpconnectionManager.ttlSeconds=60
-Dmaven.wagon.http.retryHandler.count=3
-Djdk.toolchain.version=${JAVA_VERSION}
-Dcache.enabled=true
concurrency:
group: validate-${{ github.ref }}
cancel-in-progress: true
jobs:
copyright:
timeout-minutes: 5
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
fetch-depth: 0
- uses: ./.github/actions/common
with:
run: etc/scripts/copyright.sh
checkstyle:
timeout-minutes: 5
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
run: etc/scripts/checkstyle.sh
shellcheck:
timeout-minutes: 5
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
maven-cache: none
run: etc/scripts/shellcheck.sh
build:
timeout-minutes: 15
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-write
maven-cache: read-write
run: |
mvn ${MAVEN_ARGS} build-cache:go-offline
mvn ${MAVEN_ARGS} -T8 \
-Dorg.slf4j.simpleLogger.showThreadName=true \
-DskipTests \
-Ptests \
install
_tests:
needs: build
timeout-minutes: 30
strategy:
matrix:
os: [ ubuntu-20.04 ]
moduleSet: [ core, it, dbclient, dbclient-oracle, others ]
include:
- { os: ubuntu-20.04, platform: linux }
runs-on: ${{ matrix.os }}
name: tests/${{ matrix.moduleSet }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-only
test-artifact-name: tests-${{ matrix.moduleSet }}
run: |
mvn ${MAVEN_ARGS} \
-DreactorRule=tests \
-DmoduleSet=${{ matrix.moduleSet }} \
-Dsurefire.reportNameSuffix=${{ matrix.platform }} \
verify
_tck:
needs: build
timeout-minutes: 30
strategy:
matrix:
moduleSet: [ cdi, rest, others ]
runs-on: ubuntu-20.04
name: tests/tck-${{ matrix.moduleSet }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-only
test-artifact-name: tests-tck-${{ matrix.moduleSet }}
run: |
mvn ${MAVEN_ARGS} \
-DreactorRule=tck \
-DmoduleSet=${{ matrix.moduleSet }} \
verify
_spotbugs:
needs: build
timeout-minutes: 30
strategy:
matrix:
moduleSet: [ core, integrations, others ]
runs-on: ubuntu-20.04
name: spotbugs/${{ matrix.moduleSet }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-only
run: |
mvn ${MAVEN_ARGS} -T8 \
-Dorg.slf4j.simpleLogger.showThreadName=true \
-DreactorRule=default \
-DmoduleSet=${{ matrix.moduleSet }} \
-DskipTests \
-Pspotbugs \
verify
javadoc:
needs: build
timeout-minutes: 30
strategy:
matrix:
moduleSet: [ core, integrations, others ]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-only
artifact-name: javadoc-jars-${{ matrix.moduleSet }}
artifact-path: |
**/target/state-javadoc.xml
**/target/*-javadoc.jar
run: |
mvn ${MAVEN_ARGS} -T8 \
-Dorg.slf4j.simpleLogger.showThreadName=true \
-DreactorRule=default \
-DmoduleSet=${{ matrix.moduleSet }} \
-Dcache.recordSuffix=javadoc \
-DskipTests \
-Pjavadoc \
package
docs:
needs: build
timeout-minutes: 15
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-only
artifact-name: docs
artifact-path: |
*/target/state-docs.xml
*/target/*-docs.jar
run: |
mvn ${MAVEN_ARGS} \
-Dcache.recordSuffix=docs \
-f docs/pom.xml \
-Pjavadoc \
install
quickstarts:
needs: build
timeout-minutes: 30
strategy:
matrix:
os: [ ubuntu-20.04, macos-14 ]
include:
- { os: ubuntu-20.04, platform: linux }
- { os: macos-14, platform: macos }
runs-on: ${{ matrix.os }}
name: quickstarts/${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
free-space: true
build-cache: read-only
native-image: true
test-artifact-name: tests-quickstarts-${{ matrix.platform }}
run: |
etc/scripts/test-quickstarts.sh
examples:
needs: build
timeout-minutes: 30
strategy:
matrix:
os: [ ubuntu-20.04, macos-14 ]
include:
- { os: ubuntu-20.04, platform: linux }
- { os: macos-14, platform: macos }
runs-on: ${{ matrix.os }}
name: examples/${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
free-space: true
build-cache: read-only
test-artifact-name: tests-examples-${{ matrix.platform }}
run: etc/scripts/build-examples.sh
archetypes:
needs: build
timeout-minutes: 30
strategy:
matrix:
group: [ r1, r2, r3, r4, r5 ]
packaging: [ jar ]
include:
- { group: r1, start: 1, end: 25 }
- { group: r2, start: 26, end: 50 }
- { group: r3, start: 51, end: 75 }
- { group: r4, start: 75, end: 100 }
- { group: r5, start: 101, end: -1 }
- { packaging: jar }
runs-on: ubuntu-20.04
name: archetypes/${{ matrix.group }}-${{ matrix.packaging }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-only
native-image: ${{ matrix.packaging == 'native' }}
test-artifact-name: tests-archetypes-${{ matrix.group }}-${{ matrix.packaging }}
run: |
mvn ${MAVEN_ARGS} \
-f archetypes/archetypes/pom.xml \
-Darchetype.test.permutationStartIndex=${{ matrix.start }} \
-Darchetype.test.permutationEndIndex=${{ matrix.end }} \
-Darchetype.test.testGoal=verify \
-Darchetype.test.testProfiles=${{ matrix.profile }} \
verify
legacy-archetypes:
needs: build
timeout-minutes: 30
runs-on: ubuntu-20.04
name: archetypes/legacy
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
build-cache: read-only
test-artifact-name: tests-legacy-archetypes
run: |
mvn ${MAVEN_ARGS} \
-f archetypes/pom.xml \
-Darchetype.test.generatePermutations=false \
install
packaging:
needs: build
timeout-minutes: 30
strategy:
matrix:
os: [ ubuntu-20.04, macos-14 ]
packaging: [ jar, jlink ]
include:
- { os: ubuntu-20.04, platform: linux }
- { os: macos-14, platform: macos }
runs-on: ${{ matrix.os }}
name: tests/packaging-${{ matrix.packaging }}-${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
free-space: true
build-cache: read-only
test-artifact-name: tests-packaging-${{ matrix.packaging }}-${{ matrix.platform }}
run: |
mvn ${MAVEN_ARGS} \
-f tests/integration/packaging/pom.xml \
-P${{ matrix.packaging }}-image \
verify
_native-image:
needs: build
timeout-minutes: 30
strategy:
matrix:
os: [ ubuntu-20.04, macos-14 ]
module: [ mp-1, mp-2, mp-3, se-1, inject ]
include:
- { os: ubuntu-20.04, platform: linux }
- { os: macos-14, platform: macos }
runs-on: ${{ matrix.os }}
name: tests/native-image-${{ matrix.module }}-${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- uses: ./.github/actions/common
with:
free-space: true
build-cache: read-only
native-image: true
test-artifact-name: tests-native-image-${{ matrix.module }}-${{ matrix.platform }}
run: |
mvn ${MAVEN_ARGS} \
-f tests/integration/packaging/pom.xml \
-pl ${{ matrix.module }} \
-Pnative-image \
-am \
verify
test-results:
runs-on: ubuntu-20.04
needs: [ _tests, archetypes, legacy-archetypes, _tck, packaging, _native-image ]
name: tests/results
steps:
- uses: actions/upload-artifact/merge@v4
with:
name: test-results
pattern: "tests-*"
gate:
runs-on: ubuntu-20.04
needs: [ copyright, checkstyle, shellcheck, docs, javadoc, _spotbugs, test-results ]
steps:
- shell: bash
run: |
echo OK