This is an automated email from the ASF dual-hosted git repository. eolivelli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push: new f030b65185 build: add owasp daily build (#4330) f030b65185 is described below commit f030b65185024d806e5e51f1c1e2f48036ebb270 Author: ZhangJian He <shoot...@gmail.com> AuthorDate: Thu May 9 17:58:31 2024 +0800 build: add owasp daily build (#4330) --- .github/workflows/bk-ci.yml | 2 +- .github/workflows/java21-daily-build.yml | 2 +- ...ava21-daily-build.yml => owasp-daily-build.yml} | 35 +++++++++++----------- .github/workflows/windows-daily-build.yml | 2 +- pom.xml | 2 +- 5 files changed, 22 insertions(+), 21 deletions(-) diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml index 91f224396e..d4007743b6 100644 --- a/.github/workflows/bk-ci.yml +++ b/.github/workflows/bk-ci.yml @@ -514,7 +514,7 @@ jobs: - name: run "clean install verify" to trigger dependency check # excluding dlfs because it includes hadoop lib with - # CVEs that we cannot patch up anyways + # CVEs that we cannot patch up anyway run: mvn -q -B -ntp clean install verify -Powasp-dependency-check -DskipTests -pl '!stream/distributedlog/io/dlfs' - name: Upload report diff --git a/.github/workflows/java21-daily-build.yml b/.github/workflows/java21-daily-build.yml index 10a9694d36..aa9c834da6 100644 --- a/.github/workflows/java21-daily-build.yml +++ b/.github/workflows/java21-daily-build.yml @@ -22,7 +22,7 @@ on: workflow_dispatch: jobs: - build: + jdk21-daily-build: name: Build on JDK 21 runs-on: ubuntu-latest steps: diff --git a/.github/workflows/java21-daily-build.yml b/.github/workflows/owasp-daily-build.yml similarity index 62% copy from .github/workflows/java21-daily-build.yml copy to .github/workflows/owasp-daily-build.yml index 10a9694d36..8c0f3ad82c 100644 --- a/.github/workflows/java21-daily-build.yml +++ b/.github/workflows/owasp-daily-build.yml @@ -22,26 +22,27 @@ on: workflow_dispatch: jobs: - build: - name: Build on JDK 21 + owasp-daily-build: + name: OWASP Dependency Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + + - name: Tune Runner VM + uses: ./.github/actions/tune-runner-vm + - name: Set up JDK 21 uses: actions/setup-java@v4 with: - java-version: '21' - distribution: 'temurin' - - name: Build with Maven - run: mvn -B clean install - - name: Aggregates all test reports to ./test-reports and ./surefire-reports directories If failure - if: failure() - continue-on-error: true - uses: ./.github/actions/copy-test-reports - - name: Upload Surefire reports - uses: actions/upload-artifact@v4 - if: failure() - continue-on-error: true + java-version: 21 + + - name: Set up Maven + uses: apache/pulsar-test-infra/setup-maven@master with: - name: jdk21-tests-reports - path: surefire-reports + maven-version: 3.8.7 + + - name: run "clean install verify" to trigger dependency check + # excluding dlfs because it includes hadoop lib with + # CVEs that we cannot patch up anyway + run: mvn -q -B -ntp clean install verify -Powasp-dependency-check -DskipTests -pl '!stream/distributedlog/io/dlfs' diff --git a/.github/workflows/windows-daily-build.yml b/.github/workflows/windows-daily-build.yml index fd06f88249..5862ca1a71 100644 --- a/.github/workflows/windows-daily-build.yml +++ b/.github/workflows/windows-daily-build.yml @@ -22,7 +22,7 @@ on: workflow_dispatch: jobs: - build: + windows-daily-build: name: Daily Build and Test on Windows runs-on: windows-latest steps: diff --git a/pom.xml b/pom.xml index c8eb15dab7..aab8cf048d 100644 --- a/pom.xml +++ b/pom.xml @@ -190,7 +190,7 @@ <maven-checkstyle-plugin.version>3.3.1</maven-checkstyle-plugin.version> <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version> <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version> - <dependency-check-maven.version>8.0.2</dependency-check-maven.version> + <dependency-check-maven.version>9.1.0</dependency-check-maven.version> <nar-maven-plugin.version>3.10.1</nar-maven-plugin.version> <os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version> <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>