Merge pull request #514 from liquibase/DAT-15456

DAT-15456 Possible vulnerability in extensions repository's workflows

.github/workflows/test.yml

@@ -9,13 +9,88 @@ on:
       - synchronize
 
 jobs:
-  build-test:
-    uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.3.1
-    secrets: inherit
+  build:
+    # This extension can not execute hibernete tests on Java 8/11. This needs to be fixed and then uncomment the following 2 lines and remove the build and unit-test logic from here
+    #uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.3.3
+    #secrets: inherit
+    name: Build & Package
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Build and Package
+        run: mvn -B dependency:go-offline clean package -DskipTests=true
+
+      - name: Get Artifact ID
+        id: get-artifact-id
+        run: echo "::set-output name=artifact_id::$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)"
+
+      - name: Save Artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ steps.get-artifact-id.outputs.artifact_id }}-artifacts
+          path: |
+            target/*
+
+      - name: Save Event File
+        uses: actions/upload-artifact@v3
+        with:
+          name: Event File
+          path: ${{ github.event_path }}
+
+    outputs:
+      artifact_id: ${{ steps.get-artifact-id.outputs.artifact_id }}
+
+  unit-test:
+    name: Test Java ${{ matrix.java }}
+    runs-on: ubuntu-latest
+    needs: build
+
+    strategy:
+      fail-fast: false
+      matrix:
+        java: [ 17, 19 ]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v2
+        with:
+          java-version: ${{ matrix.java }}
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Build Cache
+        uses: actions/cache@v3.0.5
+        with:
+          key: build-${{ github.run_number }}-${{ github.run_attempt }}
+          path: |
+            **/target/**
+            ~/.m2/repository/org/liquibase/
+
+      - name: Run Tests
+        run: mvn -B jacoco:prepare-agent surefire:test
+
+      - name: Archive Test Results
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: test-reports-jdk-${{ matrix.java }}
+          path: |
+            **/target/surefire-reports
+            **/target/jacoco.exec
 
   hibernate-test:
     name: Test Hibernate ${{ matrix.hibernate }}
-    needs: build-test
+    needs: build
     runs-on: ubuntu-latest
 
     strategy:
@@ -34,10 +109,10 @@ jobs:
           cache: 'maven'
 
       - name: Run Compatibility Tests
-        run: mvn -qB jacoco:prepare-agent surefire:test -Dhibernate.version=${{ matrix.hibernate }}
+        run: mvn -B jacoco:prepare-agent surefire:test -Dhibernate.version=${{ matrix.hibernate }}
 
       - name: Run Tests
-        run: mvn -qB jacoco:prepare-agent surefire:test
+        run: mvn -B jacoco:prepare-agent surefire:test
 
       - name: Archive Test Results
         if: ${{ always() }}

build/spock-reports/index.html

@@ -0,0 +1,134 @@
+<!DOCTYPE html><html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></meta>
+<style>body {
+  font-family: Helvetica, Arial, sans-serif;
+  font-weight: 300;
+}
+
+h2 {
+  font-weight: 400;
+}
+
+h3 {
+  font-weight: 200;
+}
+
+table {
+  margin: 5px;
+}
+
+.ignored {
+  color: gray;
+}
+
+div.project-header {
+  margin-bottom: 10px;
+  font-size: large;
+}
+
+div.project-header &gt; span.project-name {
+
+}
+
+div.project-header &gt; span.project-version {
+  padding-left: 20px;
+}
+
+div.date-test-ran {
+  font-size: small;
+  font-style: italic;
+}
+
+div.spec-title {
+  padding: 10px 0px 5px 0px;
+}
+
+table.summary-table {
+  width: 800px;
+  text-align: left;
+  font-weight: 500;
+  font-size: small;
+}
+
+table.summary-table th {
+  background: lightblue;
+  padding: 6px;
+}
+
+table.summary-table td {
+  background: #E0E0E0;
+  padding: 6px;
+}
+
+tr.error td, td.error {
+  background-color: #F89A4F !important;
+}
+
+tr.failure td, td.failure {
+  color: red;
+}
+
+div.footer {
+  text-align: center;
+  font-size: small;
+}
+</style>
+</head>
+<body>
+<h2>Specification run results</h2>
+<hr></hr>
+<div class='summary-report'>
+<h3>Specifications summary:</h3>
+<div class='date-test-ran'>Created on Fri Jul 28 14:00:37 CEST 2023 by jandro</div>
+<table class='summary-table'>
+<thead>
+<tr>
+<th>Total</th>
+<th>Passed</th>
+<th>Failed</th>
+<th>Skipped</th>
+<th>Ft Total</th>
+<th>Ft Passed</th>
+<th>Ft Failed</th>
+<th>Ft Skipped</th>
+<th>Success rate</th>
+<th>Total time</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>0</td>
+<td>0</td>
+<td>0</td>
+<td>0</td>
+<td>0</td>
+<td>0</td>
+<td>0</td>
+<td>0</td>
+<td>100.0%</td>
+<td>0</td>
+</tr>
+</tbody>
+</table>
+</div>
+<h3>Specifications:</h3>
+<table class='summary-table'>
+<thead>
+<tr>
+<th>Name</th>
+<th>Features</th>
+<th>Iterations</th>
+<th>Failed</th>
+<th>Errors</th>
+<th>Skipped</th>
+<th>Success rate</th>
+<th>Time</th>
+</tr>
+</thead>
+<tbody></tbody>
+</table>
+<hr></hr>
+<div class='footer'>Generated by <a href='https://github.com/renatoathaydes/spock-reports'>Athaydes Spock Reports</a></div>
+</body>
+</html>