[Snyk] Security upgrade commons-io:commons-io from 2.7 to 2.14.0 #103
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow is responsible for building, testing & packaging the Java server codebase | |
name: Appsmith Server Workflow | |
on: | |
# This line enables manual triggering of this workflow. | |
workflow_dispatch: | |
push: | |
branches: [release, release-frozen, master] | |
# Only trigger if files have changed in this specific path | |
paths: | |
- "app/server/**" | |
pull_request: | |
branches: [release, master] | |
paths: | |
- "app/server/**" | |
# Change the working directory for all the jobs in this workflow | |
defaults: | |
run: | |
working-directory: app/server | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
# Only run this workflow for internally triggered events | |
if: | | |
github.event.pull_request.head.repo.full_name == github.repository || | |
github.event_name == 'push' || | |
github.event_name == 'workflow_dispatch' | |
# Service containers to run with this job. Required for running tests | |
services: | |
# Label used to access the service container | |
redis: | |
# Docker Hub image for Redis | |
image: redis | |
ports: | |
# Opens tcp port 6379 on the host and service container | |
- 6379:6379 | |
steps: | |
# Checkout the code | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
# Setup Java | |
- name: Set up JDK 1.11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: "11.0.10" | |
# Retrieve maven dependencies from cache. After a successful run, these dependencies are cached again | |
- name: Cache maven dependencies | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-maven-dependencies | |
with: | |
# maven dependencies are stored in `~/.m2` on Linux/macOS | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
# Here, the GITHUB_REF is of type /refs/head/<branch_name>. We extract branch_name from this by removing the | |
# first 11 characters. This can be used to build images for several branches | |
# Since this is an unreleased build, we get the latest released version number, increment the minor number in it, | |
# append a `-SNAPSHOT` at it's end to prepare the snapshot version number. This is used as the project's version. | |
- name: Get the version to tag the Docker image | |
id: vars | |
run: | | |
# Since this is an unreleased build, we set the version to incremented version number with a | |
# `-SNAPSHOT` suffix. | |
latest_released_version="$(git tag --list 'v*' --sort=-version:refname | head -1)" | |
echo "latest_released_version = $latest_released_version" | |
next_version="$(echo "$latest_released_version" | awk -F. -v OFS=. '{ $NF++; print }')" | |
echo "next_version = $next_version" | |
echo ::set-output name=version::$next_version-SNAPSHOT | |
echo ::set-output name=tag::$(echo ${GITHUB_REF:11}) | |
# Build and test the code | |
- name: Build and test | |
env: | |
APPSMITH_MONGODB_URI: "mongodb://localhost:27017/mobtools" | |
APPSMITH_CLOUD_SERVICES_BASE_URL: "https://release-cs.appsmith.com" | |
APPSMITH_REDIS_URL: "redis://127.0.0.1:6379" | |
APPSMITH_ENCRYPTION_PASSWORD: "password" | |
APPSMITH_ENCRYPTION_SALT: "salt" | |
APPSMITH_IS_SELF_HOSTED: false | |
run: | | |
mvn --batch-mode versions:set \ | |
-DnewVersion=${{ steps.vars.outputs.version }} \ | |
-DgenerateBackupPoms=false \ | |
-DprocessAllModules=true | |
./build.sh | |
# These are dummy jobs in the CI build to satisfy required status checks for merging PRs. This is a hack because Github doesn't support conditional | |
# required checks in monorepos. These jobs are a clone of similarly named jobs in client.yml. | |
# | |
# Check support request at: https://github.community/t/feature-request-conditional-required-checks/16761 | |
ui-test: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
job: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15] | |
steps: | |
# Checkout the code | |
- uses: actions/checkout@v2 | |
- name: Do nothing as this is a dummy step | |
shell: bash | |
run: | | |
exit 0 | |
package: | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout the code | |
- uses: actions/checkout@v2 | |
- name: Do nothing as this is a dummy step | |
shell: bash | |
run: | | |
exit 0 |