Skip to content

Commit

Permalink
Merge branch 'release/2.0.7'
Browse files Browse the repository at this point in the history
  • Loading branch information
@infeo
infeo committed Oct 31, 2024
2 parents b02ef7a + c73b475 commit 55b350a
Show file tree
Hide file tree
Showing 6 changed files with 53 additions and 83 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
name: Build
on:
[push]
push:
pull_request_target:
types: [labeled]
jobs:
build:
name: Build and Test
Expand Down Expand Up @@ -29,9 +31,9 @@ jobs:
name: artifacts
path: target/*.jar
- name: Create Release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
prerelease: true
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
generate_release_notes: true
generate_release_notes: true
59 changes: 8 additions & 51 deletions .github/workflows/dependency-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,54 +10,11 @@ on:

jobs:
check-dependencies:
name: Check dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Setup Java
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: Cache NVD DB
uses: actions/cache@v4
with:
path: ~/.m2/repository/org/owasp/dependency-check-data/
key: dependency-check-${{ github.run_id }}
restore-keys: |
dependency-check
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
- name: Run org.owasp:dependency-check plugin
id: dependency-check
continue-on-error: true
run: mvn -B validate -Pdependency-check
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
- name: Upload report on failure
if: steps.dependency-check.outcome == 'failure'
uses: actions/upload-artifact@v4
with:
name: dependency-check-report
path: target/dependency-check-report.html
if-no-files-found: error
- name: Slack Notification on regular check
if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: 'Cryptobot'
SLACK_ICON: false
SLACK_ICON_EMOJI: ':bot:'
SLACK_CHANNEL: 'cryptomator-desktop'
SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
SLACK_MESSAGE: "Download the <https://github.com/${{ github.repository }}/actions/run/${{ github.run_id }}|report> for more details."
SLACK_FOOTER: false
MSG_MINIMAL: true
- name: Failing workflow on release branch
if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
shell: bash
run: exit 1
uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1
with:
runner-os: 'ubuntu-latest'
java-distribution: 'temurin'
java-version: 21
secrets:
nvd-api-key: ${{ secrets.NVD_API_KEY }}
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
6 changes: 3 additions & 3 deletions .github/workflows/publish-central.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,6 @@ jobs:
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_USERNAME # env variable for username in deploy
server-password: MAVEN_PASSWORD # env variable for token in deploy
gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Enforce project version ${{ github.event.inputs.tag }}
run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
- name: Deploy
Expand All @@ -35,4 +33,6 @@ jobs:
--add-opens=java.desktop/java.awt.font=ALL-UNNAMED
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
MAVEN_GPG_KEY_FINGERPRINT: "58117AFA1F85B3EEC154677D615D449FE6E6A235"
4 changes: 2 additions & 2 deletions .github/workflows/publish-github.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,15 @@ jobs:
java-version: 21
distribution: 'temurin'
cache: 'maven'
gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Enforce project version ${{ github.event.release.tag_name }}
run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
- name: Deploy
run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
MAVEN_GPG_KEY_FINGERPRINT: "58117AFA1F85B3EEC154677D615D449FE6E6A235"
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
Expand Down
49 changes: 26 additions & 23 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.cryptomator</groupId>
<artifactId>webdav-nio-adapter</artifactId>
<version>2.0.6</version>
<version>2.0.7</version>
<name>WebDAV-NIO Adapter</name>
<description>Embedded Jetty serving a WebDAV servlet to access resources at a given NIO path.</description>
<url>https://github.com/cryptomator/webdav-nio-adapter</url>
Expand All @@ -19,19 +19,25 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

<!-- dependencies -->
<integrations-api.version>1.3.0</integrations-api.version>
<webdavservlet.version>1.2.5</webdavservlet.version>
<jetty.version>10.0.20</jetty.version>
<slf4j.version>2.0.11</slf4j.version>
<integrations-api.version>1.4.0</integrations-api.version>
<webdavservlet.version>1.2.6</webdavservlet.version>
<jetty.version>10.0.24</jetty.version>
<slf4j.version>2.0.16</slf4j.version>

<!-- test dependencies -->
<junit.jupiter.version>5.10.1</junit.jupiter.version>
<junit.jupiter.version>5.11.0</junit.jupiter.version>

<!-- mvn plugin dependencies -->
<dependency-check.version>9.0.9</dependency-check.version>
<jacoco.version>0.8.11</jacoco.version>
<nexus-staging.version>1.6.13</nexus-staging.version>
<maven.deploy.version>3.1.1</maven.deploy.version>
<mvn-compiler.version>3.13.0</mvn-compiler.version>
<mvn-surefire.version>3.5.1</mvn-surefire.version>
<mvn-jar.version>3.4.2</mvn-jar.version>
<mvn-source.version>3.3.1</mvn-source.version>
<mvn-javadoc.version>3.10.1</mvn-javadoc.version>
<mvn-deploy.version>3.1.3</mvn-deploy.version>
<mvn-gpg.version>3.2.7</mvn-gpg.version>
<dependency-check.version>11.1.0</dependency-check.version>
<jacoco.version>0.8.12</jacoco.version>
<nexus-staging.version>1.7.0</nexus-staging.version>
</properties>

<licenses>
Expand Down Expand Up @@ -82,7 +88,7 @@
<dependency>
<groupId>org.jetbrains</groupId>
<artifactId>annotations</artifactId>
<version>24.1.0</version>
<version>26.0.1</version>
<scope>provided</scope>
</dependency>

Expand Down Expand Up @@ -113,7 +119,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.12.1</version>
<version>${mvn-compiler.version}</version>
<configuration>
<release>${project.build.jdk}</release>
<showWarnings>true</showWarnings>
Expand All @@ -122,16 +128,16 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.2.5</version>
<version>${mvn-surefire.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.3.0</version>
<version>${mvn-jar.version}</version>
</plugin>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.0</version>
<version>${mvn-source.version}</version>
<executions>
<execution>
<id>attach-sources</id>
Expand All @@ -143,7 +149,7 @@
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.6.3</version>
<version>${mvn-javadoc.version}</version>
<executions>
<execution>
<id>attach-javadocs</id>
Expand Down Expand Up @@ -171,7 +177,7 @@
<skipTestScope>true</skipTestScope>
<detail>true</detail>
<suppressionFile>suppression.xml</suppressionFile>
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
<nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
</configuration>
<executions>
<execution>
Expand Down Expand Up @@ -219,7 +225,7 @@
<plugins>
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.1.0</version>
<version>${mvn-gpg.version}</version>
<executions>
<execution>
<id>sign-artifacts</id>
Expand All @@ -228,10 +234,7 @@
<goal>sign</goal>
</goals>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
<signer>bc</signer>
</configuration>
</execution>
</executions>
Expand Down Expand Up @@ -280,7 +283,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>${maven.deploy.version}</version>
<version>${mvn-deploy.version}</version>
</plugin>
</plugins>
</build>
Expand Down
10 changes: 9 additions & 1 deletion suppression.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,13 @@
<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
<cve>CVE-2020-8908</cve>
</suppress>
<suppress>
<notes><![CDATA[
The project does not use the HttpURI class at all, so no decoded user data is passed to it.
See also https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty-http@.*$</packageUrl>
<vulnerabilityName>CVE-2024-6763</vulnerabilityName>
</suppress>

</suppressions>
</suppressions>

0 comments on commit 55b350a

Please sign in to comment.