[Snyk] Security upgrade tomcat from 9.0.20-jre8 to 9.0.86-jre8 #267
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Maven | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven | |
name: Sakai Server for Cypress | |
on: | |
pull_request: | |
jobs: | |
sakai-deploy: | |
runs-on: ubuntu-20.04 | |
env: | |
JAVA_OPTS: "-Dhttp.agent=Sakai -Xms2512m -Xmx2512m -Dsakai.cookieName=SAKAIID -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dsakai.demo=true -Djava.awt.headless=true --add-exports=java.base/jdk.internal.misc=ALL-UNNAMED --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=java.management/com.sun.jmx.mbeanserver=ALL-UNNAMED --add-exports=jdk.internal.jvmstat/sun.jvmstat.monitor=ALL-UNNAMED --add-exports=java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED --illegal-access=permit -Dsakai.demo=true" | |
steps: | |
- name: Git Checkout | |
uses: actions/checkout@v2 | |
- name: JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
architecture: x64 | |
- name: Cache local Maven repository | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Build with Maven | |
env: | |
MAVEN_OPTS: -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true -Dmaven.wagon.http.retryHandler.count=2 -Dmaven.wagon.http.pool=true | |
run: | | |
sudo systemctl start mysql.service | |
echo "127.0.0.1 repository.dev.java.net" | sudo tee -a /etc/hosts | |
echo "127.0.0.1 maven-repository.dev.java.net" | sudo tee -a /etc/hosts | |
echo "127.0.0.1 maven2-repository.dev.java.net" | sudo tee -a /etc/hosts | |
export TOMCAT_DIR=$PWD/tomcat | |
mkdir $TOMCAT_DIR | |
cd $TOMCAT_DIR | |
curl -s -o tomcat.tar.gz https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.62/bin/apache-tomcat-9.0.62.tar.gz | |
tar --strip-components=1 -xzf tomcat.tar.gz | |
git clone https://github.com/sakaiproject/nightly-config.git sakai | |
cp sakai/master.properties sakai/sakai.properties | |
sed -i 's:<Context>:<Context><JarScanner><JarScanFilter defaultPluggabilityScan="false" /></JarScanner>:g' conf/context.xml | |
sed -i 's:<Service name="Catalina">:<Service name="Catalina"><Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" />:g' conf/server.xml | |
mysql -u root -proot -e "create database sakai"; | |
echo "url@javax.sql.BaseDataSource=jdbc:mysql://127.0.0.1:3306/sakai?useUnicode=true&characterEncoding=UTF-8&log=true&profileSQL=true" >> sakai/local.properties | |
echo "vendor@org.sakaiproject.db.api.SqlService=mysql" >> sakai/local.properties | |
echo "username@javax.sql.BaseDataSource=root" >> sakai/local.properties | |
echo "password@javax.sql.BaseDataSource=root" >> sakai/local.properties | |
echo "driverClassName@javax.sql.BaseDataSource=org.mariadb.jdbc.Driver" >> sakai/local.properties | |
echo "hibernate.dialect=org.hibernate.dialect.MySQL57InnoDBDialect" >> sakai/local.properties | |
echo "log.config=DEBUG.org.mariadb.jdbc" >> sakai/local.properties | |
cd .. | |
mvn --batch-mode -DskipTests install sakai:deploy-exploded -Dmaven.tomcat.home=$TOMCAT_DIR | |
cd $TOMCAT_DIR | |
bin/catalina.sh start | |
- name: Start cloudflared | |
run: | | |
curl -sL -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb | |
sudo dpkg -i cloudflared.deb | |
cloudflared tunnel --url http://localhost:8443 & | |
- name: Cypress Checkout | |
uses: actions/checkout@v2 | |
with: | |
repository: sakaicontrib/cypress-sakai | |
path: './cypress-sakai' | |
- name: Cypress run | |
uses: cypress-io/github-action@v2 | |
with: | |
config: baseUrl=http://localhost:8080 | |
working-directory: cypress-sakai | |
wait-on: 'http://localhost:8080/portal/' | |
wait-on-timeout: 1800 | |
record: true | |
browser: chrome | |
headless: true | |
env: | |
CYPRESS_RECORD_KEY: f2049235-3f10-4142-a26c-fc017211a776 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }} | |
- name: Check number of MySQL statements | |
if: ${{ always() }} | |
run: | | |
export QUERIES=$(grep ProtocolLoggingProxy tomcat/logs/catalina.out|grep -v ROLLBACK|grep -v COMMIT | wc -l) | |
echo "::notice title={MySQL Queries}::$QUERIES" | |
- name: Sleep four hours to allow testing | |
if: ${{ always() }} | |
run: sleep 4h |