Skip to content

fix(vulnerable-code): Correct an URL escape fixup case #10887

fix(vulnerable-code): Correct an URL escape fixup case

fix(vulnerable-code): Correct an URL escape fixup case #10887

Workflow file for this run

name: Build and Test
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
GRADLE_OPTS: -Dorg.gradle.daemon=false
jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Build all classes
uses: gradle/gradle-build-action@v3
with:
gradle-home-cache-cleanup: true
arguments: --scan classes -x :plugins:reporters:web-app-template:yarnBuild
build-web-app-reporter:
needs: build
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Build the web-app-reporter
uses: gradle/gradle-build-action@v3
with:
gradle-home-cache-cleanup: true
arguments: --scan :plugins:reporters:web-app-template:yarnBuild
codeql-analysis:
needs: build
runs-on: ubuntu-22.04
permissions:
security-events: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java
tools: latest
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Build all classes
uses: gradle/gradle-build-action@v3
with:
gradle-home-cache-cleanup: true
arguments: -Dorg.gradle.jvmargs=-Xmx1g classes -x :plugins:reporters:web-app-template:yarnBuild
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
test:
needs: build
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Run unit tests
uses: gradle/gradle-build-action@v3
with:
gradle-home-cache-cleanup: true
arguments: --scan test jacocoTestReport -x :plugins:reporters:web-app-template:yarnBuild
- name: Upload code coverage data
uses: codecov/codecov-action@v4
with:
flags: test
funTest-non-docker:
needs: build-web-app-reporter
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Set tool version environment variables
run: cat .versions >> $GITHUB_ENV
- name: Install required tools
run: |
# Uninstall mono-devel because it contains the "lc" command which conflicts with BoyterLc.
sudo apt-get -qq remove mono-devel
# Install git-repo.
mkdir -p $HOME/.local/bin
curl https://storage.googleapis.com/git-repo-downloads/repo -o $HOME/.local/bin/repo
chmod a+x $HOME/.local/bin/repo
# Install Askalono for functional tests.
curl -LOs https://github.com/amzn/askalono/releases/download/$ASKALONO_VERSION/askalono-Linux.zip
unzip askalono-Linux.zip -d $HOME/.local/bin
# Install Boyter Lc for functional tests.
curl -LOs https://github.com/boyter/lc/releases/download/v$BOYTERLC_VERSION/lc-$BOYTERLC_VERSION-x86_64-unknown-linux.zip
unzip lc-$BOYTERLC_VERSION-x86_64-unknown-linux.zip -d $HOME/.local/bin
# Install Licensee for functional tests.
echo "gem: --bindir $HOME/.local/bin" > $HOME/.gemrc
gem install --user-install licensee -v $LICENSEE_VERSION
# Install ScanCode for license texts.
curl -Os https://raw.githubusercontent.com/nexB/scancode-toolkit/v$SCANCODE_VERSION/requirements.txt
pip install --no-cache-dir --constraint requirements.txt scancode-toolkit==$SCANCODE_VERSION
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Run functional tests that do not require external tools
uses: gradle/gradle-build-action@v3
with:
gradle-home-cache-cleanup: true
arguments: --scan -Ptests.exclude=org.ossreviewtoolkit.plugins.packagemanagers.* funTest jacocoFunTestReport
- name: Upload code coverage data
uses: codecov/codecov-action@v4
with:
flags: funTest-non-docker
funTest-docker:
runs-on: ubuntu-22.04
container:
image: ghcr.io/oss-review-toolkit/ort:snapshot
options: --user 1001
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Run functional tests that do require external tools
uses: gradle/gradle-build-action@v3
with:
gradle-home-cache-cleanup: true
arguments: --scan -Ptests.include=org.ossreviewtoolkit.plugins.packagemanagers.* funTest jacocoFunTestReport
- name: Upload code coverage data
uses: codecov/codecov-action@v4
with:
flags: funTest-docker