Skip to content

add javax.security to bootdelegation #7672

add javax.security to bootdelegation

add javax.security to bootdelegation #7672

Workflow file for this run

name: Build 6.0
on:
workflow_call:
inputs:
LUCEE_TEST_JAVA_VERSION:
required: true
type: string
LUCEE_BUILD_JAVA_VERSION:
required: true
type: string
default: '11'
push:
branches:
- '**' # thus ignoring tagging
pull_request:
workflow_dispatch:
#concurrency:
# group: ${{ github.head_ref }}
# cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
env:
DO_DEPLOY: "${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/6.0') }}"
LUCEE_BUILD_JAVA_VERSION: 11
LUCEE_TEST_JAVA_VERSION: ''
services:
ldap_with_creds:
image: ${{ (github.secret_source != 'none') && 'rroemhild/test-openldap' || '' }}
ports:
- 10389:10389
- 10636:10636
credentials:
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }} # empty string to avoid invalid template
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }}
ldap_no_creds:
image: ${{ (github.secret_source == 'none') && 'rroemhild/test-openldap' || '' }}
ports:
- 10389:10389
- 10636:10636
sql-server_with_creds:
image: ${{ (github.secret_source != 'none') && 'mcr.microsoft.com/mssql/server:2022-latest' || '' }}
env:
MSSQL_PID: Express
ACCEPT_EULA: Y
SA_PASSWORD: Lucee!1433 # password must be complex or the service won't start
ports:
- 1433:1433
options: --health-cmd="/opt/mssql-tools18/bin/sqlcmd -C -S localhost -U SA -P ${SA_PASSWORD} -Q 'SELECT 1' || exit 1" --health-interval 10s --health-timeout 5s --health-retries 5
credentials:
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }}
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }}
sql-server_without_creds:
image: ${{ (github.secret_source == 'none') && 'mcr.microsoft.com/mssql/server:2022-latest' || '' }}
env:
MSSQL_PID: Express
ACCEPT_EULA: Y
SA_PASSWORD: Lucee!1433 # password must be complex or the service won't start
ports:
- 1433:1433
options: --health-cmd="/opt/mssql-tools18/bin/sqlcmd -C -S localhost -U SA -P ${SA_PASSWORD} -Q 'SELECT 1' || exit 1" --health-interval 10s --health-timeout 5s --health-retries 5
redis_with_creds:
image: ${{ (github.secret_source != 'none') && 'redis' || '' }}
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps port 6379 on service container to the host
- 6379:6379
credentials:
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }}
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }}
redis_without_creds:
# Docker Hub image
image: ${{ (github.secret_source == 'none') && 'redis' || '' }}
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps port 6379 on service container to the host
- 6379:6379
greenmail_with_creds:
image: ${{ (github.secret_source != 'none') && 'greenmail/standalone:1.6.9' || '' }}
ports:
- 3025:3025 #SMTP
- 3110:3110 #POP3
- 3143:3143 #IMAP
- 3465:3465 #SMTPS
- 3993:3993 #IMAPS
- 3995:3995 #POP3S
- 8080:8080 #API
credentials:
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }}
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }}
greenmail_no_creds:
image: ${{ (github.secret_source == 'none') && 'greenmail/standalone:1.6.9' || '' }}
ports:
- 3025:3025 #SMTP
- 3110:3110 #POP3
- 3143:3143 #IMAP
- 3465:3465 #SMTPS
- 3993:3993 #IMAPS
- 3995:3995 #POP3S
- 8080:8080 #API
steps:
# when workflow is run via a workflow_call, these vars are found under input, which doesn't exist otherwise
# so lets copy them over to the normal env vars
- name: Login to Docker Hub
uses: docker/login-action@v3
if: ${{ github.secret_source != 'none' }}
with:
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME }}
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN }}
- name: Configure Build Java Version
if: ${{ inputs.LUCEE_BUILD_JAVA_VERSION != '' }}
run: echo "LUCEE_BUILD_JAVA_VERSION=${{ inputs.LUCEE_BUILD_JAVA_VERSION }}" >> $GITHUB_ENV
- name: Configure Test Java Version
if: ${{ inputs.LUCEE_TEST_JAVA_VERSION != '' }}
run: echo "LUCEE_TEST_JAVA_VERSION=${{ inputs.LUCEE_TEST_JAVA_VERSION }}" >> $GITHUB_ENV
- uses: szenius/[email protected]
with:
timezoneLinux: "UTC"
- uses: actions/checkout@v4
- name: Set up Test Java Version ${{ env.LUCEE_TEST_JAVA_VERSION }}
uses: actions/setup-java@v4
if: ${{ env.LUCEE_TEST_JAVA_VERSION != '' }}
with:
java-version: ${{ env.LUCEE_TEST_JAVA_VERSION }}
distribution: 'temurin'
- name: Stash Test Java Version Home
if: ${{ env.LUCEE_TEST_JAVA_VERSION != '' }}
run: echo "LUCEE_TEST_JAVA_EXEC=${{ env.JAVA_HOME }}/bin/java" >> $GITHUB_ENV
- name: Set up build JDK '${{ env.LUCEE_BUILD_JAVA_VERSION }}'
uses: actions/setup-java@v4
if: ${{ env.LUCEE_TEST_JAVA_VERSION != env.LUCEE_BUILD_JAVA_VERSION }}
with:
java-version: '${{ env.LUCEE_BUILD_JAVA_VERSION }}'
distribution: 'temurin'
- name: Disable DEPLOY if not building with Java 11 (Lucee default)
if: ${{ env.LUCEE_BUILD_JAVA_VERSION != '11' }}
run: echo "DO_DEPLOY=false" >> $GITHUB_ENV
- name: Cache Lucee extensions
uses: actions/cache@v4
with:
path: ~/work/Lucee/Lucee/cache/
key: lucee-extensions
restore-keys: lucee-extensions
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: |
~/.m2/repository/*
!~/.m2/repository/org/lucee/lucee/
key: ${{ runner.os }}-maven-${{ hashFiles('loader/pom.xml','core/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Import GPG key
run: |
if [[ ! -z "$GPG_PRIVATE_KEY" ]]; then
echo "$GPG_PRIVATE_KEY" | base64 --decode | gpg --batch --import
fi
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Set up MySQL (local)
run: |
sudo systemctl start mysql
mysql -e 'CREATE DATABASE lucee' -uroot -proot
mysql -e 'CREATE USER "lucee"@"localhost" IDENTIFIED WITH mysql_native_password BY "lucee";' -uroot -proot
mysql -e 'GRANT ALL PRIVILEGES ON lucee.* TO "lucee"@"localhost"' -uroot -proot
- name: Set up Postgres (local)
run: |
sudo /etc/init.d/postgresql start
sudo -u postgres psql -c 'create database lucee;'
sudo -u postgres psql -c "create user lucee with encrypted password 'lucee'";
sudo -u postgres psql -c 'grant all privileges on database lucee to lucee;'
- name: Start MongoDB (docker)
uses: supercharge/[email protected]
with:
mongodb-version: 4.4
mongodb-port: 27017
- name: Setup Memcached (docker)
uses: niden/actions-memcached@v7
- name: Extract version number
id: extract-version
run: |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Build Lucee with Maven
env:
MYSQL_SERVER: localhost
MYSQL_USERNAME: lucee
MYSQL_PASSWORD: lucee
MYSQL_PORT: 3306
MYSQL_DATABASE: lucee
POSTGRES_SERVER: localhost
POSTGRES_USERNAME: lucee
POSTGRES_PASSWORD: lucee
POSTGRES_PORT: 5432
POSTGRES_DATABASE: lucee
MONGODB_SERVER: localhost
MONGODB_PORT: 27017
MONGODB_DB: lucee
MONGODB_DATABASE: lucee
MSSQL_SERVER: localhost
MSSQL_USERNAME: sa
MSSQL_PASSWORD: Lucee!1433
MSSQL_PORT: 1433
MSSQL_DATABASE: master
MEMCACHED_PORT: 11211
MEMCACHED_SERVER: localhost
REDIS_PORT: 6379
REDIS_SERVER: localhost
SMTP_PORT_INSECURE: 3025
SMTP_PORT_SECURE: 3465
SMTP_SERVER: localhost
SMTP_USERNAME: lucee
SMTP_PASSWORD: doesntmatter
IMAP_PORT_INSECURE: 3143
IMAP_PORT_SECURE: 3993
IMAP_SERVER: localhost
IMAP_USERNAME: lucee
IMAP_PASSWORD: doesntmatter
POP_PORT_INSECURE: 3110
POP_PORT_SECURE: 3995
POP_SERVER: localhost
POP_USERNAME: lucee
POP_PASSWORD: doesntmatter
LDAP_SERVER: localhost
LDAP_PORT: 10389
LDAP_PORT_SECURE: 10636
LDAP_BASE_DN: dc=planetexpress,dc=com
LDAP_USERNAME: cn=admin,dc=planetexpress,dc=com
LDAP_PASSWORD: GoodNewsEveryone
S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_ID_TEST }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY_TEST }}
S3_BUCKET_PREFIX: lucee-ldev-6-
# for uploading successful builds
S3_ACCESS_ID_DOWNLOAD: ${{ secrets.S3_ACCESS_ID_DOWNLOAD }}
S3_SECRET_KEY_DOWNLOAD: ${{ secrets.S3_SECRET_KEY_DOWNLOAD }}
# used by maven-settings.xml
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
LUCEE_DOCKER_FILES_PAT_TOKEN: ${{ secrets.LUCEE_DOCKER_FILES_PAT_TOKEN }}
LUCEE_BUILD_FAIL_CONFIGURED_SERVICES_FATAL: true
#run: ant -noinput -buildfile loader/build.xml
run: |
echo "-------DO_DEPLOY: ${{ env.DO_DEPLOY }} -------";
if [[ "$VERSION" == *-SNAPSHOT ]]; then
echo "------- Maven Deploy SNAPSHOT on ${{ github.event_name }} ---------";
mvn -B -e -f loader/pom.xml clean deploy -DtestJavaVersionExec="${{ env.LUCEE_TEST_JAVA_EXEC }}"
else
echo "------- Maven Deploy RELEASE on ${{ github.event_name }} -------";
mvn -B -e -f loader/pom.xml clean deploy --settings maven-settings.xml -DperformRelease=true -DtestJavaVersionExec="${{ env.LUCEE_TEST_JAVA_EXEC }}";
fi
- name: clean github.ref_name
uses: mad9000/actions-find-and-replace-string@5
id: cleanrefname
if: always()
with:
source: ${{ github.ref_name }}
find: '/'
replace: '-'
- name: Upload Artifact (junit-test-results)
uses: actions/upload-artifact@v4
if: always()
with:
name: Lucee-${{ steps.cleanrefname.outputs.value }}-junit-test-results-${{ github.run_number }}
path: test/reports/*.xml
- name: Remove Lucee build artifacts from local maven cache (avoid growing cache)
run: |
rm -rfv ~/.m2/repository/org/lucee/lucee/
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
if: always()
with:
junit_files: test/reports/*.xml
check_name: "Lucee Test Results"
- name: Trigger Docker Build
if: ${{ env.DO_DEPLOY == 'true' }}
env:
TRAVIS_JOB_ID: ${{ github.run_id }}
TRAVIS_TOKEN: ${{ secrets.DOCKER_AUTH_TOKEN }} # not set up yet
run: |
echo "Trigger Docker Build on Travis https://travis-ci.com/github/lucee/lucee-dockerfiles"
chmod +x travis-docker-build.sh
./travis-docker-build.sh