diff --git a/.github/workflows/cloud_code_scan.yml b/.github/workflows/cloud_code_scan.yml index f735fd3d9..9b693b1d8 100644 --- a/.github/workflows/cloud_code_scan.yml +++ b/.github/workflows/cloud_code_scan.yml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - name: codeScan - uses: layotto/alipay-cloud-devops-codescan@main + uses: huqiuxiang/alipay-cloud-devops-codescan@main with: parent_uid: ${{ secrets.ALI_PID }} private_key: ${{ secrets.ALI_PK }} @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: codeScan - uses: layotto/alipay-cloud-devops-codescan@main + uses: huqiuxiang/alipay-cloud-devops-codescan@main with: parent_uid: ${{ secrets.ALI_PID }} private_key: ${{ secrets.ALI_PK }} diff --git a/.github/workflows/fossa_scan.yml b/.github/workflows/fossa_scan.yml new file mode 100644 index 000000000..07ff58e84 --- /dev/null +++ b/.github/workflows/fossa_scan.yml @@ -0,0 +1,22 @@ +name: FOSSA Scan + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + fossa: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Run FOSSA Scan + uses: fossa-contrib/fossa-action@v1 + with: + fossa-api-key: ${{ secrets.FOSSA_API_KEY }} + # 可选:指定FOSSA命令行参数,例如目录、排除等 + # args: '--exclude=**/node_modules,**/vendor' diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml deleted file mode 100644 index 53b1d6e2f..000000000 --- a/.github/workflows/maven.yml +++ /dev/null @@ -1,32 +0,0 @@ -# This workflow will build a Java project with Maven -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: build -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - # enable manually running the workflow - workflow_dispatch: - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Set up JDK 1.8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - cache: maven - - name: Build with Maven - run: ./mvnw clean install -Pci-install -B -U -e && bash ./tools/check_format.sh - - name: Test with Maven - run: ./mvnw package -Pci-test - - name: Codecov - uses: codecov/codecov-action@v1 - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 78ce020f0..000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,45 +0,0 @@ -# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Release - -on: - workflow_dispatch: - - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - cache: maven - - name: Build with Maven - run: mvn clean install -Pci-install -B -U -e && bash ./tools/check_format.sh - release: - needs: build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - cache: maven - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import - gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase - - name: Build with Maven - run: mvn --batch-mode deploy -DskipTests -Prelease - env: - MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} diff --git a/.github/workflows/sonarqube_scan.yml b/.github/workflows/sonarqube_scan.yml new file mode 100644 index 000000000..9ac7f8388 --- /dev/null +++ b/.github/workflows/sonarqube_scan.yml @@ -0,0 +1,20 @@ +name: sonarqube scan +on: + push: + branches: [ master ] +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - name: Set up JDK 17 + uses: actions/setup-java@v2 + with: + java-version: '17' + distribution: 'adopt' + + # 如果是Maven + - name: Build and analyze with Maven + run: mvn clean verify sonar:sonar -Dmaven.test.skip=true -Dsonar.projectKey=${{ github.event.repository.name }} -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} -Dsonar.login=${{ secrets.SONARQUBE_TOKEN }} diff --git a/.github/workflows/soos_scan.yml b/.github/workflows/soos_scan.yml new file mode 100644 index 000000000..d13b8af67 --- /dev/null +++ b/.github/workflows/soos_scan.yml @@ -0,0 +1,31 @@ +# This is a basic workflow to help you get started with Actions +name: SOOS SCA SARIF Example CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the main branch + push: + branches: [ master ] + pull_request: + branches: [ master ] + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + + # Runs a single command using the runners shell + - name: SOOS SCA Analysis + uses: soos-io/soos-sca-github-action@v2 + with: + project_name: "/" # Also you can use the var ${{ github.repository }} + output_format: "sarif" + client_id: ${{ secrets.SOOS_CLIENT_ID }} + api_key: ${{ secrets.SOOS_API_KEY }} diff --git a/pom.xml b/pom.xml index 2ea91a865..b251c248d 100644 --- a/pom.xml +++ b/pom.xml @@ -51,6 +51,19 @@ pom import + + + javax.xml.bind + jaxb-api + 2.3.1 + + + + jakarta.annotation + jakarta.annotation-api + 2.0.0 + provided + diff --git a/registry/registry-local/pom.xml b/registry/registry-local/pom.xml index c777cb2e4..573326001 100644 --- a/registry/registry-local/pom.xml +++ b/registry/registry-local/pom.xml @@ -13,6 +13,10 @@ sofa-rpc-registry-local + + javax.xml.bind + jaxb-api + com.alipay.sofa sofa-rpc-log diff --git a/remoting/remoting-triple/pom.xml b/remoting/remoting-triple/pom.xml index 6c9458d33..345392baf 100644 --- a/remoting/remoting-triple/pom.xml +++ b/remoting/remoting-triple/pom.xml @@ -16,6 +16,11 @@ com.alipay.sofa sofa-rpc-log + + javax.annotation + javax.annotation-api + 1.3.2 + com.alipay.sofa sofa-rpc-api diff --git a/test_hqx b/test_hqx new file mode 100644 index 000000000..9daeafb98 --- /dev/null +++ b/test_hqx @@ -0,0 +1 @@ +test