Skip to content

fix: pom.xml to reduce vulnerabilities #621

fix: pom.xml to reduce vulnerabilities

fix: pom.xml to reduce vulnerabilities #621

Workflow file for this run

# This workflow builds SNAPSHOT releases
name: Build snapshot release
on:
push:
branches:
- "*"
tags-ignore:
- "*"
jobs:
build:
if: "!contains(github.event.head_commit.message, 'skip ci')"
runs-on: ubuntu-22.04
strategy:
matrix:
include:
- mongodb-version: 4.2
- mongodb-version: 4.4
- mongodb-version: 5.0
- mongodb-version: 6.0
deploy: true
- mongodb-version: 7.0
timeout-minutes: 20
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "17"
- name: Set VERSION and SHA
id: vars
run: |
echo "VERSION=$(echo ${GITHUB_REF:10})" >> $GITHUB_OUTPUT
echo "SHA=$(echo ${GITHUB_SHA:0:7})" >> $GITHUB_OUTPUT
echo "VERSION=${{steps.vars.outputs.VERSION}}"
echo "SHA=${{steps.vars.outputs.SHA}}"
- name: Build and Test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
run: mvn -B clean verify -Dmongodb.version="${{ matrix.mongodb-version }}" -Dkarate.options="${{ matrix.karate-options }}"
- name: Set up QEMU
if: ${{ matrix.deploy }}
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
if: ${{ matrix.deploy }}
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
if: ${{ matrix.deploy }}
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build and Push multi-arch Docker images
if: ${{ matrix.deploy }}
uses: docker/build-push-action@v4
with:
context: ./core/
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/arm/v7
push: true # push all images built
pull: true # pull all required images before building
tags: softinstigate/restheart-snapshot:latest,softinstigate/restheart-snapshot:${{steps.vars.outputs.SHA}}
- name: Build and Push GraalVM Docker image
if: ${{ matrix.deploy }}
uses: docker/build-push-action@v4
with:
context: ./core/
file: ./core/Dockerfile.graalvm
push: true # push all images built
pull: true # pull all required images before building
tags: softinstigate/restheart-snapshot:graalvm,softinstigate/restheart-snapshot:${{steps.vars.outputs.SHA}}-graalvm
- name: Build and Push distroless docker image
if: ${{ matrix.deploy }}
uses: docker/build-push-action@v4
with:
context: ./core/
file: ./core/Dockerfile.distroless
push: true # push all images built
pull: true # pull all required images before building
tags: softinstigate/restheart-snapshot:distroless,softinstigate/restheart-snapshot:${{steps.vars.outputs.SHA}}-distroless
- name: Import private gpg key
if: ${{ matrix.deploy }}
run: |
printf "%s" "$GPG_PRIVATE_KEY" > private.key
gpg --pinentry-mode=loopback --batch --yes --fast-import private.key
continue-on-error: true
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Deploy to Maven Central
if: ${{ matrix.deploy }}
run: MAVEN_OPTS="--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" mvn -B clean deploy -Pdeploy -DskipTests -s settings.xml
continue-on-error: true
env:
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}