[RHPAM-4734] [CVE-2023-33201] bouncycastle upgraded to 1.74

[Ginxo]

Thank you for submitting this pull request

JIRA:

• https://issues.redhat.com/browse/RHPAM-4734

referenced Pull Requests: (please edit the URLs of referenced pullrequests if they exist)

• [RHPAM-4734] [CVE-2023-33201] bouncycastle upgraded to 1.74 #2324
• [RHPAM-4734] [CVE-2023-33201] bouncycastle upgraded to 1.74 jbpm#2315
• org.bouncycastle.bcp.*-jdk15on to org.bouncycastle.bcp.*-jdk15to18 jbpm-work-items#288

How to replicate CI configuration locally?

Build Chain tool does "simple" maven build(s), the builds are just Maven commands, but because the repositories relates and depends on each other and any change in API or class method could affect several of those repositories there is a need to use build-chain tool to handle cross repository builds and be sure that we always use latest version of the code for each repository.

build-chain tool is a build tool which can be used locally on command line or in Github Actions workflow(s), in case you need to change multiple repositories and send multiple dependent pull requests related with a change you can easily reproduce the same build by executing it on Github hosted environment or locally in your development environment. See local execution details to get more information about it.

A general local execution could be the following one, where the tool clones all dependent projects starting from the -sp one and it locally applies the pull request (if it exists) in order to reproduce a complete build scenario for the provided Pull Request.

Note: the tool considers multiple Pull Requests related to each other if their branches (generally in the forked repositories) have the same name.

$ build-chain-action -df 'https://raw.githubusercontent.com/${GROUP:kiegroup}/droolsjbpm-build-bootstrap/${BRANCH:main}/.ci/pull-request-config.yaml' build pr -url <pull-request-url> -sp kiegroup/kie-wb-distributions [--skipExecution]

Consider changing kiegroup/kie-wb-distributions with the correct starting project.

How to retest this PR or trigger a specific build:

• a pull request please add comment: Jenkins retest (using this e.g. Jenkins retest this optional but no longer required)

• for a full downstream build

  • for jenkins job: please add comment: Jenkins run fdb
  • for github actions job: add the label run_fdb

• a compile downstream build please add comment: Jenkins run cdb

• a full production downstream build please add comment: Jenkins execute product fdb

• an upstream build please add comment: Jenkins run upstream

• for windows-specific os job add the label windows_check

How to backport a pull request to a different branch?

In order to automatically create a backporting pull request please add one or more labels having the following format backport-<branch-name>, where <branch-name> is the name of the branch where the pull request must be backported to (e.g., backport-7.67.x to backport the original PR to the 7.67.x branch).

NOTE: backporting is an action aiming to move a change (usually a commit) from a branch (usually the main one) to another one, which is generally referring to a still maintained release branch. Keeping it simple: it is about to move a specific change or a set of them from one branch to another.

Once the original pull request is successfully merged, the automated action will create one backporting pull request per each label (with the previous format) that has been added.

If something goes wrong, the author will be notified and at this point a manual backporting is needed.

NOTE: this automated backporting is triggered whenever a pull request on main branch is labeled or closed, but both conditions must be satisfied to get the new PR created.

[Ginxo]

Jenkins run fdb

[Ginxo]

Jenkins run fdb

[mareknovotny]

@Ginxo i can see the problem with artifact we are trying to upgrade?

 Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact org.bouncycastle:bcprov-jdk15on:jar:1.74 in mirror-central (https://bxms-qe.rhev-ci-vms.eng.rdu2.redhat.com:8443/nexus/content/groups/kie-all/)

[rgdoliveira]

it seems bouncycastle stopped to release the artifacts with artifact id *-jdk15on from version 1.70 and they are now using *-jdk15to18?

E.g bcprov-jdk15on was released until version 1.70 and bcprov-jdk15to18 is released for version 1.74.

[Ginxo]

Jenkins run fdb

[Ginxo]

Jenkins run fdb

[Ginxo]

Jenkins run fdb

[mareknovotny]

jenkins retest this please

[mareknovotny]

jenkins do fdb

[Ginxo]

Jenkins run fdb

[Ginxo]

Jenkins run fdb

[Ginxo]

Jenkins run fdb

[Ginxo]

some of the tests from jbpm-workitems are failing, need further investigation:

• org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testGetBalance 1.9 sec 1
• org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testSendEther 11 ms 1
• org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testQueryExistingContract 11 ms 1
• org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testTransactExistingContract 9 ms 1
• org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testDeployContract 10 ms 1
• org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testObserveContractUpdates 15 ms 1
• org.jbpm.workitem.springboot.samples.KafkaProxyAsyncSampleTest.testAsyncKafkaWIHNoConnection[0: SINGLETON]

[Ginxo]

some of the tests from jbpm-workitems are failing, need further investigation:

* org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testGetBalance	1.9 sec	1

* org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testSendEther	11 ms	1

* org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testQueryExistingContract	11 ms	1

* org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testTransactExistingContract	9 ms	1

* org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testDeployContract	10 ms	1

* org.jbpm.process.workitem.ethereum.test.EthereumWorkitemHandlerTest.testObserveContractUpdates	15 ms	1

* org.jbpm.workitem.springboot.samples.KafkaProxyAsyncSampleTest.testAsyncKafkaWIHNoConnection[0: SINGLETON]

already solved by kiegroup/jbpm-work-items#288
Jenkins run fdb