(bookkeeper) branch master updated: build: add owasp daily build (#4330)

eolivelli Thu, 09 May 2024 02:58:39 -0700

This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git



The following commit(s) were added to refs/heads/master by this push:
     new f030b65185 build: add owasp daily build (#4330)
f030b65185 is described below

commit f030b65185024d806e5e51f1c1e2f48036ebb270
Author: ZhangJian He <shoot...@gmail.com>
AuthorDate: Thu May 9 17:58:31 2024 +0800

    build: add owasp daily build (#4330)
---
 .github/workflows/bk-ci.yml                        |  2 +-
 .github/workflows/java21-daily-build.yml           |  2 +-
 ...ava21-daily-build.yml => owasp-daily-build.yml} | 35 +++++++++++-----------
 .github/workflows/windows-daily-build.yml          |  2 +-
 pom.xml                                            |  2 +-
 5 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml
index 91f224396e..d4007743b6 100644
--- a/.github/workflows/bk-ci.yml
+++ b/.github/workflows/bk-ci.yml
@@ -514,7 +514,7 @@ jobs:
 
       - name: run "clean install verify" to trigger dependency check
         # excluding dlfs because it includes hadoop lib with
-        # CVEs that we cannot patch up anyways
+        # CVEs that we cannot patch up anyway
         run: mvn -q -B -ntp clean install verify -Powasp-dependency-check 
-DskipTests -pl '!stream/distributedlog/io/dlfs'
 
       - name: Upload report
diff --git a/.github/workflows/java21-daily-build.yml 
b/.github/workflows/java21-daily-build.yml
index 10a9694d36..aa9c834da6 100644
--- a/.github/workflows/java21-daily-build.yml
+++ b/.github/workflows/java21-daily-build.yml
@@ -22,7 +22,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  build:
+  jdk21-daily-build:
     name: Build on JDK 21
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/java21-daily-build.yml 
b/.github/workflows/owasp-daily-build.yml
similarity index 62%
copy from .github/workflows/java21-daily-build.yml
copy to .github/workflows/owasp-daily-build.yml
index 10a9694d36..8c0f3ad82c 100644
--- a/.github/workflows/java21-daily-build.yml
+++ b/.github/workflows/owasp-daily-build.yml
@@ -22,26 +22,27 @@ on:
   workflow_dispatch:
 
 jobs:
-  build:
-    name: Build on JDK 21
+  owasp-daily-build:
+    name: OWASP Dependency Check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Tune Runner VM
+        uses: ./.github/actions/tune-runner-vm
+
       - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
-          java-version: '21'
-          distribution: 'temurin'
-      - name: Build with Maven
-        run: mvn -B clean install
-      - name: Aggregates all test reports to ./test-reports and 
./surefire-reports directories If failure
-        if: failure()
-        continue-on-error: true
-        uses: ./.github/actions/copy-test-reports
-      - name: Upload Surefire reports
-        uses: actions/upload-artifact@v4
-        if: failure()
-        continue-on-error: true
+          java-version: 21
+
+      - name: Set up Maven
+        uses: apache/pulsar-test-infra/setup-maven@master
         with:
-          name: jdk21-tests-reports
-          path: surefire-reports
+          maven-version: 3.8.7
+
+      - name: run "clean install verify" to trigger dependency check
+        # excluding dlfs because it includes hadoop lib with
+        # CVEs that we cannot patch up anyway
+        run: mvn -q -B -ntp clean install verify -Powasp-dependency-check 
-DskipTests -pl '!stream/distributedlog/io/dlfs'
diff --git a/.github/workflows/windows-daily-build.yml 
b/.github/workflows/windows-daily-build.yml
index fd06f88249..5862ca1a71 100644
--- a/.github/workflows/windows-daily-build.yml
+++ b/.github/workflows/windows-daily-build.yml
@@ -22,7 +22,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  build:
+  windows-daily-build:
     name: Daily Build and Test on Windows
     runs-on: windows-latest
     steps:
diff --git a/pom.xml b/pom.xml
index c8eb15dab7..aab8cf048d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -190,7 +190,7 @@
     <maven-checkstyle-plugin.version>3.3.1</maven-checkstyle-plugin.version>
     <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
     <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
-    <dependency-check-maven.version>8.0.2</dependency-check-maven.version>
+    <dependency-check-maven.version>9.1.0</dependency-check-maven.version>
     <nar-maven-plugin.version>3.10.1</nar-maven-plugin.version>
     <os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
     <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>

(bookkeeper) branch master updated: build: add owasp daily build (#4330)

Reply via email to