Skip to content

Fix security issue third parties #87

Fix security issue third parties

Fix security issue third parties #87

Workflow file for this run

name: Build
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
build:
name: Build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Git
run: |
git config --global user.name 'coremedia-ci'
git config --global user.email 'coremedia-ci@coremedia.com'
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'adopt'
server-id: coremedia.external.releases
server-username: PLUGINS_NEXUS_USER
server-password: PLUGINS_NEXUS_PASSWORD
cache: 'maven'
- name: Setup PNPM
uses: pnpm/action-setup@v3
with:
version: 8
- name: Setup NodeJS
uses: actions/setup-node@v4
with:
node-version: 18
cache: 'pnpm'
cache-dependency-path: "studio-client/pnpm-lock.yaml"
- name: Setup registry npm.coremedia.io
run: |
NPM_AUTH_TOKEN=$(curl -s -H "Accept: application/json" -H "Content-Type:application/json" -X PUT --data '{"name": "${{ secrets.CM_NPM_USER }}", "password": "${{ secrets.CM_NPM_READ_ONLY_PASSWORD }}"}' https://npm.coremedia.io/-/user/org.couchdb.user:${{ secrets.CM_NPM_USER }} | jq -r .token)
echo "::add-mask::$NPM_AUTH_TOKEN"
pnpm config set //npm.coremedia.io/:_authToken=$NPM_AUTH_TOKEN
pnpm config set @coremedia:registry=https://npm.coremedia.io
pnpm config set @jangaroo:registry=https://npm.coremedia.io
- name: Install PNPM Dependencies
working-directory: studio-client
run: pnpm install
- name: Set Release Version
id: set-release-version
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main'
env:
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }}
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }}
run: |
mvn --batch-mode org.codehaus.mojo:versions-maven-plugin:2.8.1:set -DremoveSnapshot -DartifactId='*'
release_version=$(mvn --batch-mode org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
cd studio-client
pnpm set-version ${release_version}
cd ..
git add .
git commit -m "set release version: ${release_version}"
release_tag="v${release_version}"
git tag "${release_tag}"
echo "version=${release_version}" >> $GITHUB_OUTPUT
echo "tag=${release_tag}" >> $GITHUB_OUTPUT
- name: Output Version
id: output-version
env:
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }}
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }}
run: |
version=$(mvn --batch-mode org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Build with Pnpm
working-directory: studio-client
run: |
pnpm -r build
pnpm -r package
- name: Build with Maven
env:
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }}
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }}
run: mvn --batch-mode --update-snapshots install
- name: Update license info
if: github.event_name == 'pull_request'
env:
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }}
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }}
run: |
mvn --batch-mode -Pdocs-third-party generate-resources
if [ -n "$(git status --porcelain documentation)" ]; then
git add documentation
git commit -m "update license information"
branch_name=${{ github.head_ref }}
git pull origin $branch_name --rebase
git push origin HEAD:$branch_name
fi
- name: Create Bundle
env:
VERSION: ${{ steps.output-version.outputs.version }}
DESCRIPTOR_TEMPLATE: 'content-hub-adapter-youtube.json'
CREATE_RELEASE: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
RELEASE_TAG: ${{ steps.set-release-version.outputs.tag }}
URL_PATTERN: 'https://github.com/${GITHUB_REPOSITORY}/releases/download/${RELEASE_TAG}/${REL_FILE}'
run: |
mkdir -p target/bundle
RESULT="$(cat ${DESCRIPTOR_TEMPLATE})"
APPS=$(cat ${DESCRIPTOR_TEMPLATE} | jq -r '.plugins | keys[]')
for APP in ${APPS}; do
FILE_TEMPLATE=$(cat ${DESCRIPTOR_TEMPLATE} | jq -r --arg APP "${APP}" '.plugins[$APP].file')
FILE=$(eval echo ${FILE_TEMPLATE})
REL_FILE=$(echo "${FILE}" | sed 's#.*/##g')
cp "${FILE}" target/bundle
if [ "${CREATE_RELEASE}" = true ]; then
URL=$(eval echo ${URL_PATTERN})
RESULT="$(echo ${RESULT} | jq -r --arg APP "${APP}" --arg URL "${URL}" '.plugins[$APP] = {"url": $URL}')"
else
RESULT="$(echo ${RESULT} | jq -r --arg APP "${APP}" --arg REL_FILE "${REL_FILE}" '.plugins[$APP] = {"file": $REL_FILE}')"
fi
done
echo "${RESULT}" > "target/bundle/$(echo ${DESCRIPTOR_TEMPLATE} | sed 's#.*/##g' | cut -d '.' -f1)-${VERSION}.json"
- name: Set Next Snapshot Version
id: set-snapshot-version
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main'
env:
PLUGINS_NEXUS_USER: ${{ secrets.PLUGINS_NEXUS_USER }}
PLUGINS_NEXUS_PASSWORD: ${{ secrets.PLUGINS_NEXUS_PASSWORD }}
run: |
mvn --batch-mode org.codehaus.mojo:versions-maven-plugin:2.8.1:set -DnextSnapshot -DartifactId='*'
snapshot_version=$(mvn --batch-mode org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
cd studio-client
pnpm set-version ${snapshot_version}
cd ..
git add .
git commit -m "set next snapshot version"
git push && git push --tags
echo "version=${snapshot_version}" >> $GITHUB_OUTPUT
- name: Upload Build Artifacts
uses: actions/upload-artifact@v4
with:
name: content-hub-adapter-youtube-${{ steps.output-version.outputs.version }}
path: target/bundle
if-no-files-found: error
- name: Upload Release Artifacts
if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main'
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ steps.set-release-version.outputs.version }}
files: target/bundle/*