[Snyk] Fix for 3 vulnerabilities #575

Workflow file for this run

.github/workflows/continuous-integration-workflow.yml at bab2c25

	name: Openfire CI

	env:
	CI: true
	REGISTRY: ghcr.io
	IMAGE_NAME: openfire

	on: [push, pull_request]

	jobs:
	build:

	name: Build Openfire from source
	runs-on: ubuntu-latest
	strategy:
	matrix:
	java: [ 17, 21 ]
	distribution: [ zulu ] # We could add more here: temurin, adopt, liberica, microsoft, corretto

	steps:
	- uses: actions/checkout@v4
	- name: Set up JDK ${{ matrix.java }} ${{ matrix.distribution }}
	uses: actions/setup-java@v4
	with:
	java-version: ${{ matrix.java }}
	distribution: ${{ matrix.distribution }}
	cache: maven
	- name: Build with Maven # We install instead of package, because we want the result in the local mvn repo
	run: \|
	if [[ ${{ github.ref_name }} == 'main' ]]; then
	./mvnw -B install -Pcoverage --file pom.xml
	else
	./mvnw -B install
	fi
	- name: Upload failed test reports
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: Openfire Build Java ${{ matrix.java }} JUnit Test reports
	path: xmppserver/target/surefire-reports
	- name: tar distribution # sharing artifacts that consist of many files can be slow. Share one file instead.
	if: ${{ matrix.distribution == 'zulu' }}
	run: tar -cf distribution-artifact.tar distribution/target/distribution-base
	- name: Upload distribution
	if: ${{ matrix.distribution == 'zulu' }}
	uses: actions/upload-artifact@v4
	with:
	name: Openfire Distribution Java ${{ matrix.java }}
	path: distribution-artifact.tar
	- name: Upload coverage report for 'xmppserver' module
	if: ${{ matrix.distribution == 'zulu' && matrix.java == 17 && github.ref_name == 'main'}}
	uses: actions/upload-artifact@v4
	with:
	name: Openfire Build Java ${{ matrix.java }} Unit Test Coverage Report (for 'xmppserver' module)
	path: xmppserver/target/site/jacoco/
	- name: Temporarily stash openfire artifacts from the mvn repo for later jobs
	if: ${{ matrix.distribution == 'zulu' && matrix.java == 17 }}
	uses: actions/upload-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	retention-days: 1


	integration:
	name: Execute Integration CI tests
	runs-on: ubuntu-latest
	needs: build
	permissions:
	contents: read
	packages: read

	steps:
	# The first 2 steps (checking out, and building from Openfire Dockerfile)
	# can be removed when the docker image is published to a registry.
	# This 'integration' job should then need the 'build-and-push-docker' job as a dependency.
	- uses: actions/checkout@v4

	- name: Build Docker Image
	run: \|
	docker build -t openfire:latest .

	- name: Checkout Integration Tests
	uses: actions/checkout@v4
	with:
	repository: igniterealtime/openfire-integration-tests
	path: openfire-integration-tests

	- name: Initialize Integration Tests Submodules
	working-directory: openfire-integration-tests
	run: \|
	git submodule update --init

	- name: Setup Java
	uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: '17'
	cache: 'maven'

	- name: Run Integration Tests
	working-directory: openfire-integration-tests
	run: ./mvnw -B verify

	- name: Upload test reports
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: Integration Test Reports
	path: openfire-integration-tests/target/failsafe-reports

	aioxmpp:

	name: Execute aioxmpp-based CI tests
	runs-on: ubuntu-latest
	needs: build

	steps:
	- name: Checkout local actions (that are invoked in the 'startCIServer' and 'stopCIServer' steps) # Do this _before_ untarring the distribution, as the checkout will empty the directory prior to the checkout!
	uses: actions/checkout@v4
	with:
	sparse-checkout: \|
	.github
	- name: Download distribution artifact from build job.
	uses: actions/download-artifact@v4
	with:
	name: Openfire Distribution Java 17
	path: .
	- name: untar distribution # sharing artifacts that consist of many files can be slow. Share one file instead.
	run: tar -xf distribution-artifact.tar
	- name: Checkout aioxmpp devel/head
	run: git clone https://codeberg.org/jssfr/aioxmpp.git aioxmpp
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: 3.11
	check-latest: true # attempt to prevent to use 3.11.3 by enticing the runner to update (to something later)
	- name: Install aoixmpp dependencies
	run: python -m pip install setuptools pytest pytest-cov coveralls pyOpenSSL pytz
	- name: Build aioxmpp
	working-directory: ./aioxmpp
	run: python -m pip install .
	- name: Create Openfire config file for aioxmpp
	working-directory: ./aioxmpp
	run: \|
	cat >"openfire-config.ini" <<EOL
	[global]
	provisioner=aioxmpp.e2etest.provision.AnonymousProvisioner

	[aioxmpp.e2etest.provision.AnonymousProvisioner]
	domain=example.org
	host=localhost
	port=5222
	no_verify=true
	quirks=["https://zombofant.net/xmlns/aioxmpp/e2etest/quirks#no-adhoc-ping", "https://zombofant.net/xmlns/aioxmpp/e2etest/quirks#no-xep-0049", "https://zombofant.net/xmlns/aioxmpp/e2etest/quirks#muc-no-333"]
	EOL
	- name: Start CI server from distribution
	id: startCIServer
	uses: ./.github/actions/startserver-action
	with:
	logLevel: debug
	- name: Run aioxmpp tests
	working-directory: ./aioxmpp
	run: \|
	set -e
	mkdir output
	# OF-2849 test_publish_and_purge
	# OF-2850 test_publish_multiple_and_get_by_id
	# OF-2851 test_convert_field_datetime_default_locale
	# OF-2853 test_set_topic
	python -m pytest -p aioxmpp.e2etest --e2etest-config="openfire-config.ini" -k 'not (test_set_topic or test_publish_and_purge or test_publish_multiple_and_get_by_id or test_convert_field_datetime_default_locale)' tests 2>&1 \| tee output/aioxmpp.test.output.txt
	if [ ${PIPESTATUS[0]} -ne 0 ]; then false; fi;
	- name: Expose test output
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: Aioxmpp Test Output
	path: aioxmpp/output
	- name: Stop CI server
	if: ${{ always() && steps.startCIServer.conclusion == 'success' }} # TODO figure out if this is correct. The intent is to have the server stopped if it was successfully started, even if the tests fail. Failing tests should still cause the job to fail.
	uses: ./.github/actions/stopserver-action
	- name: Expose openfire output
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: Aioxmpp Test Openfire logs
	path: distribution/target/distribution-base/logs/*

	check_branch:
	runs-on: ubuntu-latest
	outputs:
	is_publishable_branch: ${{ steps.check-branch.outputs.is_publishable_branch }}
	branch_tag: ${{ steps.check-branch.outputs.branch_tag }}
	steps:
	- name: check branch ${{ github.ref }} is either main or a version number
	id: check-branch
	run: \|
	if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then
	echo "is_publishable_branch=true" >> "${GITHUB_OUTPUT}"
	echo "branch_tag=development" >> "${GITHUB_OUTPUT}"
	elif [[ ]${{ github.ref }} =~ refs\/heads\/[0-9]+\.[0-9]+ ]]; then
	echo "is_publishable_branch=true" >> "${GITHUB_OUTPUT}"
	echo -n "branch_tag=" >> "${GITHUB_OUTPUT}"
	sed -e '!refs/heads/!!' >> "${GITHUB_OUTPUT}"
	else
	echo "is_publishable_branch=false" >> "${GITHUB_OUTPUT}"
	echo "branch_tag=rando" >> "${GITHUB_OUTPUT}"
	fi

	connectivity:

	name: Execute Connectivity CI tests
	runs-on: ubuntu-latest
	needs: build

	steps:
	- name: Checkout local actions (that are invoked in the 'startCIServer' and 'stopCIServer' steps) # Do this _before_ untarring the distribution, as the checkout will empty the directory prior to the checkout!
	uses: actions/checkout@v4
	with:
	sparse-checkout: \|
	.github
	- name: Download distribution artifact from build job.
	uses: actions/download-artifact@v4
	with:
	name: Openfire Distribution Java 17
	path: .
	- name: untar distribution # sharing artifacts that consist of many files can be slow. Share one file instead.
	run: tar -xf distribution-artifact.tar
	- name: Start CI server from distribution
	id: startCIServer
	uses: ./.github/actions/startserver-action
	with:
	logLevel: debug
	- name: Run connectivity tests
	uses: ./.github/actions/connectivitytests-action
	- name: Stop CI server
	if: ${{ always() && steps.startCIServer.conclusion == 'success' }} # TODO figure out if this is correct. The intent is to have the server stopped if it was successfully started, even if the tests fail. Failing tests should still cause the job to fail.
	uses: ./.github/actions/stopserver-action

	smack:
	name: Execute Smack-based CI tests
	runs-on: ubuntu-latest
	needs: build

	steps:
	- name: Checkout local actions (that are invoked in the 'startCIServer' and 'stopCIServer' steps) # Do this _before_ untarring the distribution, as the checkout will empty the directory prior to the checkout!
	uses: actions/checkout@v4
	with:
	sparse-checkout: \|
	.github
	- name: Download distribution artifact from build job.
	uses: actions/download-artifact@v4
	with:
	name: Openfire Distribution Java 17
	path: .
	- name: untar distribution # sharing artifacts that consist of many files can be slow. Share one file instead.
	run: tar -xf distribution-artifact.tar
	- name: Start CI server from distribution
	id: startCIServer
	uses: ./.github/actions/startserver-action
	with:
	logLevel: debug
	- name: Run Smack tests against server
	uses: XMPP-Interop-Testing/xmpp-interop-tests-action@main # TODO replace 'main' with a proper versioned tag, like 'v1'.
	with:
	domain: 'example.org'
	adminAccountUsername: 'admin'
	adminAccountPassword: 'admin'
	disabledTests: 'EntityCapsTest,SoftwareInfoIntegrationTest,XmppConnectionIntegrationTest,StreamManagementTest,WaitForClosingStreamElementTest,IoTControlIntegrationTest,ModularXmppClientToServerConnectionLowLevelIntegrationTest'
	- name: Stop CI server
	if: ${{ always() && steps.startCIServer.conclusion == 'success' }} # TODO figure out if this is correct. The intent is to have the server stopped if it was successfully started, even if the tests fail. Failing tests should still cause the job to fail.
	uses: ./.github/actions/stopserver-action

	should-do-database-tests:
	name: Check if database install/upgrade tests should be run
	runs-on: ubuntu-latest
	permissions:
	pull-requests: read
	outputs:
	check: ${{ steps.filter.outputs.database-relevant-files }}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Check for differences
	uses: dorny/paths-filter@v3
	id: filter
	with:
	filters: \|
	database-relevant-files:
	- 'distribution/src/database/**'
	- 'build/ci/**'
	- '.github/workflows/continuous-integration-workflow.yml'
	- 'xmppserver/pom.xml'
	- 'xmppserver/src/main/java/org/jivesoftware/database/**'


	hsqldb-install:
	name: Test HSQLDB install script
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:hsqldb:hsql://localhost/openfire" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=org.hsqldb.jdbc.JDBCDriver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=sa" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Start database server with an empty database
	run: \|
	docker compose -f ./build/ci/compose/hsqldb.yml up --detach
	docker exec -i compose-db-1 bash -c "sed -i 's/password/password '"$CONNECTION_PASSWORD"'/' ~/sqltool.rc"
	- name: Execute Openfire's database install script
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	hsqldb-upgrade:
	name: Test HSQLDB upgrade scripts
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:hsqldb:hsql://localhost/openfire" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=org.hsqldb.jdbc.JDBCDriver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=sa" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Download an old Openfire database installation script
	run: \|
	mkdir olddb
	curl https://raw.githubusercontent.com/igniterealtime/Openfire/v4.3.0/distribution/src/database/openfire_hsqldb.sql > $GITHUB_WORKSPACE/olddb/openfire_hsqldb.sql
	sed -i '/^\/\//d' $GITHUB_WORKSPACE/olddb/openfire_hsqldb.sql
	sed '/^SET /d' $GITHUB_WORKSPACE/olddb/openfire_hsqldb.sql
	- name: Start database server, install old version of the Openfire database
	run: \|
	docker compose -f ./build/ci/compose/hsqldb.yml up --detach
	docker exec -i compose-db-1 bash -c "sed -i 's/password/password '"$CONNECTION_PASSWORD"'/' ~/sqltool.rc"
	docker exec -i compose-db-1 bash -c "java -jar /opt/hsqldb/sqltool.jar db /olddb/openfire_hsqldb.sql"
	- name: Execute Openfire's database upgrade scripts
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	sqlserver-install:
	name: Test MS SQL Server install script
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:sqlserver://localhost:1433;databaseName=openfire;applicationName=Openfire" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=sa" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Start database server with an empty database
	run: \|
	mkdir olddb
	echo 'CREATE DATABASE openfire;' > $GITHUB_WORKSPACE/olddb/1-init-empty-database.sql
	docker compose -f ./build/ci/compose/mssql.yml up --detach
	- name: Execute Openfire's database install script
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	sqlserver-upgrade:
	name: Test MS SQL Server upgrade scripts
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:sqlserver://localhost:1433;databaseName=openfire;applicationName=Openfire" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=sa" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Download an old Openfire database installation script
	run: \|
	mkdir olddb
	curl https://raw.githubusercontent.com/igniterealtime/Openfire/v4.3.0/distribution/src/database/openfire_sqlserver.sql > $GITHUB_WORKSPACE/olddb/openfire_sqlserver.sql
	- name: Start database server, install old version of the Openfire database
	run: docker compose -f ./build/ci/compose/mssql.yml up --detach
	- name: Execute Openfire's database upgrade scripts
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	postgres-install:
	name: Test Postgres install script
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:postgresql://localhost:5432/openfire" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=org.postgresql.Driver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=openfire" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Start database server with an empty database
	run: \|
	docker compose -f ./build/ci/compose/postgresql.yml up --wait
	- name: Execute Openfire's database install script
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	postgres-upgrade:
	name: Test Postgres upgrade scripts
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:postgresql://localhost:5432/openfire" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=org.postgresql.Driver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=openfire" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Download an old Openfire database installation script
	run: \|
	mkdir olddb
	curl https://raw.githubusercontent.com/igniterealtime/Openfire/v4.3.0/distribution/src/database/openfire_postgresql.sql > $GITHUB_WORKSPACE/olddb/openfire_postgresql.sql
	- name: Start database server, install old version of the Openfire database
	run: docker compose -f ./build/ci/compose/postgresql.yml up --wait
	- name: Execute Openfire's database upgrade scripts
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	mysql-install:
	name: Test MySQL install script
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:mysql://localhost:3306/openfire?rewriteBatchedStatements=true&characterEncoding=UTF-8&characterSetResults=UTF-8&serverTimezone=UTC" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=com.mysql.cj.jdbc.Driver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=root" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Start database server with an empty database
	run: \|
	mkdir olddb
	echo 'CREATE TABLE imready AS (SELECT 1);' > $GITHUB_WORKSPACE/olddb/ZZZ-signal-ready.sql
	docker compose -f ./build/ci/compose/mysql.yml up --detach --wait
	- name: Build & run database tester
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	mysql-upgrade:
	name: Test MySQL upgrade scripts
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:mysql://localhost:3306/openfire?rewriteBatchedStatements=true&characterEncoding=UTF-8&characterSetResults=UTF-8&serverTimezone=UTC" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=com.mysql.cj.jdbc.Driver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=root" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Download an old Openfire database installation script
	run: \|
	mkdir olddb
	curl https://raw.githubusercontent.com/igniterealtime/Openfire/v4.3.0/distribution/src/database/openfire_mysql.sql > $GITHUB_WORKSPACE/olddb/openfire_mysql.sql
	echo 'CREATE TABLE imready AS (SELECT 1);' > $GITHUB_WORKSPACE/olddb/ZZZ-signal-ready.sql
	- name: Start database server, install old version of the Openfire database
	run: \|
	docker compose -f ./build/ci/compose/mysql.yml up --detach --wait
	- name: Execute Openfire's database upgrade scripts
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	oracle-install:
	name: Test Oracle install scripts
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:oracle:thin:@localhost:1521/FREEPDB1" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=oracle.jdbc.driver.OracleDriver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=openfire" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Start database server with an empty database
	run: \|
	mkdir olddb
	cp ./build/ci/compose/scripts/1.oracle-init.sql $GITHUB_WORKSPACE/olddb/1.install-db.sql
	docker compose -f ./build/ci/compose/oracle.yml up --wait
	- name: Execute Openfire's database install script
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	oracle-upgrade:
	name: Test Oracle upgrade scripts
	needs: [build, should-do-database-tests, check_branch]
	runs-on: ubuntu-latest
	if: ${{ needs.should-do-database-tests.outputs.check == 'true' \|\| needs.check_branch.outputs.is_publishable_branch == 'true'}}
	steps:
	- name: Checkout Openfire
	uses: actions/checkout@v4
	- name: Set up JDK 17 Zulu
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	- name: Restore mvn repo artifacts from build job
	uses: actions/download-artifact@v4
	with:
	name: Maven Repository
	path: ~/.m2/repository/org/igniterealtime/openfire/
	- name: Set environment variables
	run: \|
	echo "CONNECTION_STRING=jdbc:oracle:thin:@localhost:1521/FREEPDB1" >> $GITHUB_ENV
	echo "CONNECTION_DRIVER=oracle.jdbc.driver.OracleDriver" >> $GITHUB_ENV
	echo "CONNECTION_USERNAME=openfire" >> $GITHUB_ENV
	echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV
	OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV
	echo "JAVA_HOME=$(echo $JAVA_HOME_17_X64)" >> $GITHUB_ENV
	- name: Download an old Openfire database installation script
	run: \|
	mkdir olddb
	curl https://raw.githubusercontent.com/igniterealtime/Openfire/v4.3.0/distribution/src/database/openfire_oracle.sql > $GITHUB_WORKSPACE/openfire_oracle.sql
	- name: Start database server, install old version of the Openfire database
	run: \|
	cat ./build/ci/compose/scripts/1.oracle-init.sql $GITHUB_WORKSPACE/openfire_oracle.sql > $GITHUB_WORKSPACE/olddb/1.install-db.sql
	docker compose -f ./build/ci/compose/oracle.yml up --wait
	- name: Execute Openfire's database upgrade scripts
	run: \|
	pushd ./build/ci/updater
	./mvnw -B clean package exec:java -Dexec.args="$GITHUB_WORKSPACE"


	publish-maven:
	name: Publish to Maven
	runs-on: ubuntu-latest
	needs: [aioxmpp, connectivity, smack, check_branch, hsqldb-install, hsqldb-upgrade, sqlserver-install, sqlserver-upgrade, postgres-install, postgres-upgrade, mysql-install, mysql-upgrade, oracle-install, oracle-upgrade]
	if: ${{github.repository == 'igniterealtime/Openfire' && github.event_name == 'push' && needs.check_branch.outputs.is_publishable_branch == 'true'}}

	steps:
	- uses: actions/checkout@v4
	with:
	# Defend against another commit quickly following the first
	# We want the one that's been tested, rather than the head of main
	ref: ${{ github.event.push.after }}
	- name: Set up Java for publishing
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: zulu
	cache: maven
	server-id: igniterealtime
	server-username: IGNITE_REALTIME_MAVEN_USERNAME
	server-password: IGNITE_REALTIME_MAVEN_PASSWORD
	- name: Publish
	run: ./mvnw -B deploy -Pci -Dmaven.test.skip=true
	env:
	IGNITE_REALTIME_MAVEN_USERNAME: ${{ secrets.IGNITE_REALTIME_MAVEN_USERNAME }}
	IGNITE_REALTIME_MAVEN_PASSWORD: ${{ secrets.IGNITE_REALTIME_MAVEN_PASSWORD }}

	build-and-push-docker:
	name: Publish to GitHub's Docker registry
	runs-on: ubuntu-latest
	needs: [aioxmpp, connectivity, smack, check_branch, hsqldb-install, hsqldb-upgrade, sqlserver-install, sqlserver-upgrade, postgres-install, postgres-upgrade, mysql-install, mysql-upgrade, oracle-install, oracle-upgrade]
	if: \|
	github.event_name == 'push' &&
	(contains(github.ref, 'refs/tags/') \|\| github.ref == 'refs/heads/main')

	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Log in to the Container registry
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for image registry
	id: meta
	uses: docker/metadata-action@418e4b98bf2841bd337d0b24fe63cb36dc8afa55
	with:
	images: ${{ env.REGISTRY }}/igniterealtime/${{ env.IMAGE_NAME }}

	- name: Build and push Docker image
	id: push
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	context: .
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v2
	with:
	subject-name: ${{ env.REGISTRY }}/igniterealtime/${{ env.IMAGE_NAME}}
	subject-digest: ${{ steps.push.outputs.digest }}
	push-to-registry: true

	build-deb-artifact:
	name: Generate DEB artifact
	runs-on: ubuntu-latest
	needs: [build]
	steps:
	- uses: actions/checkout@v4
	with:
	# Defend against another commit quickly following the first
	# We want the one that's been tested, rather than the head of main
	ref: ${{ github.event.push.after }}
	- name: Download distribution artifact from build job.
	uses: actions/download-artifact@v4
	with:
	name: Openfire Distribution Java 17
	path: .
	- name: untar distribution # sharing artifacts that consist of many files can be slow. Share one file instead.
	run: tar -xf distribution-artifact.tar
	- name: Install build deps
	run: sudo apt-get install -y debhelper-compat=13
	- name: Run build script
	run: bash build/debian/build_debs.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 3 vulnerabilities #575

Workflow file

[Snyk] Fix for 3 vulnerabilities #575

Uh oh!

Jobs

Run details

Workflow file for this run