Skip to content

[Snyk] Security upgrade tomcat from 9.0.20-jre8 to 9.0.86-jre8 #267

[Snyk] Security upgrade tomcat from 9.0.20-jre8 to 9.0.86-jre8

[Snyk] Security upgrade tomcat from 9.0.20-jre8 to 9.0.86-jre8 #267

Workflow file for this run

# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: Sakai Server for Cypress
on:
pull_request:
jobs:
sakai-deploy:
runs-on: ubuntu-20.04
env:
JAVA_OPTS: "-Dhttp.agent=Sakai -Xms2512m -Xmx2512m -Dsakai.cookieName=SAKAIID -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dsakai.demo=true -Djava.awt.headless=true --add-exports=java.base/jdk.internal.misc=ALL-UNNAMED --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=java.management/com.sun.jmx.mbeanserver=ALL-UNNAMED --add-exports=jdk.internal.jvmstat/sun.jvmstat.monitor=ALL-UNNAMED --add-exports=java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED --illegal-access=permit -Dsakai.demo=true"
steps:
- name: Git Checkout
uses: actions/checkout@v2
- name: JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
architecture: x64
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build with Maven
env:
MAVEN_OPTS: -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true -Dmaven.wagon.http.retryHandler.count=2 -Dmaven.wagon.http.pool=true
run: |
sudo systemctl start mysql.service
echo "127.0.0.1 repository.dev.java.net" | sudo tee -a /etc/hosts
echo "127.0.0.1 maven-repository.dev.java.net" | sudo tee -a /etc/hosts
echo "127.0.0.1 maven2-repository.dev.java.net" | sudo tee -a /etc/hosts
export TOMCAT_DIR=$PWD/tomcat
mkdir $TOMCAT_DIR
cd $TOMCAT_DIR
curl -s -o tomcat.tar.gz https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.62/bin/apache-tomcat-9.0.62.tar.gz
tar --strip-components=1 -xzf tomcat.tar.gz
git clone https://github.com/sakaiproject/nightly-config.git sakai
cp sakai/master.properties sakai/sakai.properties
sed -i 's:<Context>:<Context><JarScanner><JarScanFilter defaultPluggabilityScan="false" /></JarScanner>:g' conf/context.xml
sed -i 's:<Service name="Catalina">:<Service name="Catalina"><Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" />:g' conf/server.xml
mysql -u root -proot -e "create database sakai";
echo "url@javax.sql.BaseDataSource=jdbc:mysql://127.0.0.1:3306/sakai?useUnicode=true&characterEncoding=UTF-8&log=true&profileSQL=true" >> sakai/local.properties
echo "vendor@org.sakaiproject.db.api.SqlService=mysql" >> sakai/local.properties
echo "username@javax.sql.BaseDataSource=root" >> sakai/local.properties
echo "password@javax.sql.BaseDataSource=root" >> sakai/local.properties
echo "driverClassName@javax.sql.BaseDataSource=org.mariadb.jdbc.Driver" >> sakai/local.properties
echo "hibernate.dialect=org.hibernate.dialect.MySQL57InnoDBDialect" >> sakai/local.properties
echo "log.config=DEBUG.org.mariadb.jdbc" >> sakai/local.properties
cd ..
mvn --batch-mode -DskipTests install sakai:deploy-exploded -Dmaven.tomcat.home=$TOMCAT_DIR
cd $TOMCAT_DIR
bin/catalina.sh start
- name: Start cloudflared
run: |
curl -sL -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared.deb
cloudflared tunnel --url http://localhost:8443 &
- name: Cypress Checkout
uses: actions/checkout@v2
with:
repository: sakaicontrib/cypress-sakai
path: './cypress-sakai'
- name: Cypress run
uses: cypress-io/github-action@v2
with:
config: baseUrl=http://localhost:8080
working-directory: cypress-sakai
wait-on: 'http://localhost:8080/portal/'
wait-on-timeout: 1800
record: true
browser: chrome
headless: true
env:
CYPRESS_RECORD_KEY: f2049235-3f10-4142-a26c-fc017211a776
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }}
- name: Check number of MySQL statements
if: ${{ always() }}
run: |
export QUERIES=$(grep ProtocolLoggingProxy tomcat/logs/catalina.out|grep -v ROLLBACK|grep -v COMMIT | wc -l)
echo "::notice title={MySQL Queries}::$QUERIES"
- name: Sleep four hours to allow testing
if: ${{ always() }}
run: sleep 4h