mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-07-23 13:45:21 +00:00
e7ac4b7b20
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.1 to 2.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.12.2">https://github.com/step-security/harden-runner/compare/v2...v2.12.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="6c439dc8bd"><code>6c439dc</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/562">#562</a> from step-security/rc-22</li> <li><a href="bf5688696d"><code>bf56886</code></a> update agent</li> <li><a href="5436dac7b5"><code>5436dac</code></a> update agent</li> <li><a href="88d305a353"><code>88d305a</code></a> update agent</li> <li><a href="b976878278"><code>b976878</code></a> update agent</li> <li><a href="875cc92db2"><code>875cc92</code></a> Update agent</li> <li>See full diff in <a href="002fdce3c6...6c439dc8bd">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
175 lines
5.8 KiB
YAML
175 lines
5.8 KiB
YAML
name: Build repo
|
|
|
|
on:
|
|
push:
|
|
branches: ["main"]
|
|
pull_request:
|
|
branches: ["main"]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
actions: read
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
jdk-version: [17, 21]
|
|
spring-security: [true, false]
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up JDK ${{ matrix.jdk-version }}
|
|
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
|
with:
|
|
java-version: ${{ matrix.jdk-version }}
|
|
distribution: "temurin"
|
|
|
|
- name: Build with Gradle and spring security ${{ matrix.spring-security }}
|
|
run: ./gradlew clean build
|
|
env:
|
|
DISABLE_ADDITIONAL_FEATURES: ${{ matrix.spring-security }}
|
|
|
|
- name: Check Test Reports Exist
|
|
id: check-reports
|
|
if: always()
|
|
run: |
|
|
declare -a dirs=(
|
|
"stirling-pdf/build/reports/tests/"
|
|
"stirling-pdf/build/test-results/"
|
|
"common/build/reports/tests/"
|
|
"common/build/test-results/"
|
|
"proprietary/build/reports/tests/"
|
|
"proprietary/build/test-results/"
|
|
)
|
|
missing_reports=()
|
|
for dir in "${dirs[@]}"; do
|
|
if [ ! -d "$dir" ]; then
|
|
missing_reports+=("$dir")
|
|
fi
|
|
done
|
|
if [ ${#missing_reports[@]} -gt 0 ]; then
|
|
echo "ERROR: The following required test report directories are missing:"
|
|
printf '%s\n' "${missing_reports[@]}"
|
|
exit 1
|
|
fi
|
|
echo "All required test report directories are present"
|
|
|
|
- name: Upload Test Reports
|
|
if: always()
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: test-reports-jdk-${{ matrix.jdk-version }}-spring-security-${{ matrix.spring-security }}
|
|
path: |
|
|
stirling-pdf/build/reports/tests/
|
|
stirling-pdf/build/test-results/
|
|
stirling-pdf/build/reports/problems/
|
|
common/build/reports/tests/
|
|
common/build/test-results/
|
|
common/build/reports/problems/
|
|
proprietary/build/reports/tests/
|
|
proprietary/build/test-results/
|
|
proprietary/build/reports/problems/
|
|
build/reports/problems/
|
|
retention-days: 3
|
|
if-no-files-found: warn
|
|
|
|
check-licence:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
|
with:
|
|
java-version: "17"
|
|
distribution: "adopt"
|
|
|
|
- name: check the licenses for compatibility
|
|
run: ./gradlew clean checkLicense
|
|
|
|
- name: FAILED - check the licenses for compatibility
|
|
if: failure()
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: dependencies-without-allowed-license.json
|
|
path: |
|
|
build/reports/dependency-license/dependencies-without-allowed-license.json
|
|
retention-days: 3
|
|
|
|
docker-compose-tests:
|
|
# if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
|
|
# (github.event_name == 'pull_request' &&
|
|
# contains(github.event.pull_request.labels.*.name, 'licenses') == false &&
|
|
# (
|
|
# contains(github.event.pull_request.labels.*.name, 'Front End') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Java') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Back End') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Security') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'API') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Docker') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Test')
|
|
# )
|
|
# )
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up Java 17
|
|
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
|
with:
|
|
java-version: "17"
|
|
distribution: "adopt"
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
|
|
- name: Install Docker Compose
|
|
run: |
|
|
sudo curl -SL "https://github.com/docker/compose/releases/download/v2.37.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
sudo chmod +x /usr/local/bin/docker-compose
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: "3.12"
|
|
cache: 'pip' # caching pip dependencies
|
|
|
|
- name: Pip requirements
|
|
run: |
|
|
pip install --require-hashes -r ./testing/cucumber/requirements.txt
|
|
|
|
- name: Run Docker Compose Tests
|
|
run: |
|
|
chmod +x ./testing/test_webpages.sh
|
|
chmod +x ./testing/test.sh
|
|
chmod +x ./testing/test_disabledEndpoints.sh
|
|
./testing/test.sh
|