Skip to content

CVE-2016-6814 Deserialization of Untrusted Data in Groovy CVE-2020-17… #160

CVE-2016-6814 Deserialization of Untrusted Data in Groovy CVE-2020-17…

CVE-2016-6814 Deserialization of Untrusted Data in Groovy CVE-2020-17… #160

Workflow file for this run

name: Build
on:
push:
pull_request:
branches: [ master ]
jobs:
build-maven:
runs-on: ${{ matrix.os }}
strategy:
matrix:
java: [ '8', '11', '17', '21', '23' ]
os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Java ${{ matrix.Java }} (${{ matrix.os }})
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-repository-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2-repository
- name: Build with Maven
env:
MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
run: mvn --batch-mode --errors --update-snapshots verify --file pom.xml
- name: Test on Unix
if: runner.os != 'Windows'
run: |
if [ "$RUNNER_OS" == "Linux" ]; then
sudo apt-get install jsvc
else
brew install coreutils jsvc
fi
unzip OpenICF-java-framework/openicf-zip/target/openicf-*.zip
openicf/bin/ConnectorServer.sh
openicf/bin/openicf.sh start
openicf/bin/openicf.sh stop
rm -rf openicf/logs
openicf/bin/ConnectorServer.sh /run &
timeout 2m bash -c 'until grep -q "ConnectorServer listening on" openicf/logs/ConnectorServer.log ; do sleep 5; done'
! grep " ERROR " openicf/logs/ConnectorServer.log
- name: Test on Windows
if: runner.os == 'Windows'
run: |
unzip OpenICF-java-framework/openicf-zip/target/openicf-*.zip
openicf\bin\ConnectorServer.bat
openicf\bin\ConnectorServer.bat /install openicf
net start openicf
net stop openicf
openicf\bin\ConnectorServer.bat /uninstall openicf
Remove-Item -Path openicf\logs -Force -Recurse
cmd /c "START /b openicf\bin\ConnectorServer.bat /run"
Start-Sleep -s 15
findstr "ConnectorServer listening on" openicf\logs\ConnectorServer.log
findstr " ERROR " openicf\logs\ConnectorServer.log | find /c '"ERROR"' | findstr "0"
- name: Upload failure artifacts
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: failure-${{ matrix.os }}-${{ matrix.java }}
retention-days: 1
path: |
**
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}-${{ matrix.java }}
retention-days: 5
path: |
OpenICF-java-framework/openicf-zip/target/*.zip
OpenICF-csvfile-connector/target/*.jar
OpenICF-databasetable-connector/target/*.jar
OpenICF-groovy-connector/target/*.jar
OpenICF-kerberos-connector/target/*.jar
OpenICF-ldap-connector/target/*.jar
OpenICF-ssh-connector/target/*.jar
OpenICF-xml-connector/target/*.jar
!**/*-sources.jar
build-docker:
runs-on: 'ubuntu-latest'
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get latest release version
shell: bash
run: |
export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenICF/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
echo "release_version=$git_version_last" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
localhost:5000/${{ github.repository }}
tags: |
type=raw,value=${{ env.release_version }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build image (default)
uses: docker/build-push-action@v5
continue-on-error: true
with:
context: .
file: ./Dockerfile
build-args: |
VERSION=${{ env.release_version }}
platforms: linux/amd64, linux/arm64/8, linux/ppc64le, linux/s390x #, linux/arm/v7
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Docker test
shell: bash
run: |
docker run --rm -it -d --memory="1g" --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
build-docker-alpine:
runs-on: 'ubuntu-latest'
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get latest release version
shell: bash
run: |
export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenICF/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
echo "release_version=$git_version_last" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
localhost:5000/${{ github.repository }}
tags: |
type=raw,value=alpine
type=raw,value=${{ env.release_version }}-alpine
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build image
continue-on-error: true
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile-alpine
build-args: |
VERSION=${{ env.release_version }}
platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Docker test
shell: bash
run: |
docker run --rm -it -d --memory="1g" --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'