Fix security issues #127
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: perl-openwsman | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| paths: | |
| - ".github/workflows/perl-openwsman.yml" | |
| - "dependencies/perl-openwsman/**" | |
| push: | |
| branches: | |
| - develop | |
| - master | |
| paths: | |
| - ".github/workflows/perl-openwsman.yml" | |
| - "dependencies/perl-openwsman/**" | |
| jobs: | |
| dependency-scan: | |
| uses: centreon/security-tools/.github/workflows/dependency-analysis.yml@main | |
| get-environment: | |
| needs: [dependency-scan] | |
| uses: ./.github/workflows/get-environment.yml | |
| package: | |
| needs: [get-environment] | |
| if: | | |
| needs.get-environment.outputs.skip_workflow == 'false' && | |
| needs.get-environment.outputs.stability != 'stable' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - image: packaging-plugins-alma8 | |
| distrib: el8 | |
| package_extension: rpm | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-alma9 | |
| distrib: el9 | |
| package_extension: rpm | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-alma10 | |
| distrib: el10 | |
| package_extension: rpm | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-bullseye | |
| distrib: bullseye | |
| package_extension: deb | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-bookworm | |
| distrib: bookworm | |
| package_extension: deb | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-trixie | |
| distrib: trixie | |
| package_extension: deb | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-jammy | |
| distrib: jammy | |
| package_extension: deb | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-noble | |
| distrib: noble | |
| package_extension: deb | |
| runner: ubuntu-24.04 | |
| arch: amd64 | |
| - image: packaging-plugins-bullseye-arm64 | |
| distrib: bullseye | |
| package_extension: deb | |
| runner: ubuntu-24.04-arm | |
| arch: arm64 | |
| runs-on: ${{ matrix.runner }} | |
| container: | |
| image: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}:latest | |
| credentials: | |
| username: ${{ secrets.HARBOR_CENTREON_PULL_USERNAME }} | |
| password: ${{ secrets.HARBOR_CENTREON_PULL_TOKEN }} | |
| name: package ${{ matrix.distrib }} ${{ matrix.arch }} | |
| env: | |
| version: "2.7.2" | |
| release: "6" | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install locally sblim-sfcc | |
| env: | |
| PACKAGE_EXTENSION: ${{ matrix.package_extension }} | |
| DISTRIB: ${{ matrix.distrib }} | |
| run: | | |
| if [[ "$PACKAGE_EXTENSION" == "deb" ]]; then | |
| apt-get update | |
| apt-get install -y libcurl4-openssl-dev | |
| cd /tmp | |
| if [ "$DISTRIB" = "bullseye" ]; then | |
| wget -O - https://github.com/kkaempf/sblim-sfcc/archive/refs/tags/SFCC_2_2_8.tar.gz|tar zxvf - | |
| mv sblim-sfcc-SFCC_2_2_8 sblim-sfcc | |
| else | |
| wget -O - https://github.com/kkaempf/sblim-sfcc/archive/881fccbaf19e26cbef3da1bebe2b42b3a9de1147/.tar.gz|tar zxvf - | |
| mv sblim-sfcc-881fccbaf19e26cbef3da1bebe2b42b3a9de1147 sblim-sfcc | |
| fi | |
| cd sblim-sfcc | |
| ./autoconfiscate.sh | |
| ./configure --prefix=/usr | |
| make | |
| make install | |
| else | |
| dnf install -y 'dnf-command(config-manager)' | |
| if [ "$DISTRIB" = "el8" ]; then | |
| dnf config-manager --set-enabled powertools | |
| else | |
| dnf config-manager --set-enabled crb | |
| fi | |
| dnf install -y sblim-sfcc-devel | |
| fi | |
| shell: bash | |
| - name: Build openwsman | |
| env: | |
| PACKAGE_EXTENSION: ${{ matrix.package_extension }} | |
| OPENWSMAN_VERSION: ${{ env.version }} | |
| run: | | |
| if [[ "$PACKAGE_EXTENSION" == "deb" ]]; then | |
| apt-get install -y cmake libssl-dev libpam-dev swig libxml2-dev | |
| else | |
| dnf install -y wget cmake gcc-c++ libcurl-devel pam-devel swig libxml2-devel openssl-devel | |
| fi | |
| cd /tmp | |
| wget -O - https://github.com/Openwsman/openwsman/archive/refs/tags/v${OPENWSMAN_VERSION}.tar.gz|tar zxvf - | |
| cd openwsman-${OPENWSMAN_VERSION}/ | |
| mkdir build | |
| cd build | |
| cmake .. -DBUILD_PYTHON=No -DBUILD_PYTHON3=No -DBUILD_JAVA=No -DBUILD_RUBY=No -DBUILD_PERL=Yes | |
| make | |
| shell: bash | |
| - name: Set package name and paths according to distrib | |
| env: | |
| PACKAGE_EXTENSION: ${{ matrix.package_extension }} | |
| DISTRIB: ${{ matrix.distrib }} | |
| ARCH: ${{ matrix.arch }} | |
| run: | | |
| if [[ "$PACKAGE_EXTENSION" == "deb" ]]; then | |
| apt-get install -y perl | |
| else | |
| dnf install -y perl | |
| fi | |
| PERL_VERSION=$(perl -E "say $^V" | sed -E "s/v([0-9]+\.[0-9]+).+/\1/g") | |
| echo "Perl version is $PERL_VERSION" | |
| if [[ "$PACKAGE_EXTENSION" == "deb" ]]; then | |
| NAME_PERL="libopenwsman-perl" | |
| USRLIB="/usr/lib/" | |
| if [ "$ARCH" = "amd64" ]; then | |
| PERL_VENDORARCH="/usr/lib/x86_64-linux-gnu/perl/$PERL_VERSION" | |
| else | |
| PERL_VENDORARCH="/usr/lib/aarch64-linux-gnu/perl/$PERL_VERSION" | |
| fi | |
| else | |
| NAME_PERL="openwsman-perl" | |
| USRLIB="/usr/lib64/" | |
| if [ "$DISTRIB" = "el8" ]; then | |
| PERL_VENDORARCH="/usr/local/lib64/perl5" | |
| else | |
| PERL_VENDORARCH="/usr/local/lib64/perl5/$PERL_VERSION" | |
| fi | |
| fi | |
| sed -i "s#@USRLIB@#$USRLIB#g" dependencies/perl-openwsman/libwsman.yaml | |
| sed -i "s/@NAME@/$NAME_PERL/g" dependencies/perl-openwsman/perl-openwsman.yaml | |
| sed -i "s#@PERL_VENDORARCH@#$PERL_VENDORARCH#g" dependencies/perl-openwsman/perl-openwsman.yaml | |
| cat dependencies/perl-openwsman/sblim-sfcc.yaml | |
| cat dependencies/perl-openwsman/libwsman.yaml | |
| cat dependencies/perl-openwsman/perl-openwsman.yaml | |
| shell: bash | |
| - name: Package sblim-sfcc | |
| if: ${{ matrix.package_extension == 'deb' }} | |
| uses: ./.github/actions/package-nfpm | |
| with: | |
| nfpm_file_pattern: "dependencies/perl-openwsman/sblim-sfcc.yaml" | |
| distrib: ${{ matrix.distrib }} | |
| package_extension: ${{ matrix.package_extension }} | |
| arch: ${{ matrix.arch }} | |
| version: ${{ env.version }} | |
| release: ${{ env.release }} | |
| commit_hash: ${{ github.sha }} | |
| cache_key: cache-${{ github.sha }}-${{ matrix.package_extension }}-sblim-sfcc-${{ matrix.distrib }}-${{ matrix.arch }}-${{ github.head_ref || github.ref_name }} | |
| rpm_gpg_key: ${{ secrets.RPM_GPG_SIGNING_KEY }} | |
| rpm_gpg_signing_key_id: ${{ secrets.RPM_GPG_SIGNING_KEY_ID }} | |
| rpm_gpg_signing_passphrase: ${{ secrets.RPM_GPG_SIGNING_PASSPHRASE }} | |
| stability: ${{ needs.get-environment.outputs.stability }} | |
| - name: Package libwsman | |
| uses: ./.github/actions/package-nfpm | |
| with: | |
| nfpm_file_pattern: "dependencies/perl-openwsman/libwsman.yaml" | |
| distrib: ${{ matrix.distrib }} | |
| package_extension: ${{ matrix.package_extension }} | |
| arch: ${{ matrix.arch }} | |
| version: ${{ env.version }} | |
| release: ${{ env.release }} | |
| commit_hash: ${{ github.sha }} | |
| cache_key: cache-${{ github.sha }}-${{ matrix.package_extension }}-libwsman-${{ matrix.distrib }}-${{ matrix.arch }}-${{ github.head_ref || github.ref_name }} | |
| rpm_gpg_key: ${{ secrets.RPM_GPG_SIGNING_KEY }} | |
| rpm_gpg_signing_key_id: ${{ secrets.RPM_GPG_SIGNING_KEY_ID }} | |
| rpm_gpg_signing_passphrase: ${{ secrets.RPM_GPG_SIGNING_PASSPHRASE }} | |
| stability: ${{ needs.get-environment.outputs.stability }} | |
| - name: Package perl-openwsman | |
| uses: ./.github/actions/package-nfpm | |
| with: | |
| nfpm_file_pattern: "dependencies/perl-openwsman/perl-openwsman.yaml" | |
| distrib: ${{ matrix.distrib }} | |
| package_extension: ${{ matrix.package_extension }} | |
| arch: ${{ matrix.arch }} | |
| version: ${{ env.version }} | |
| release: ${{ env.release }} | |
| commit_hash: ${{ github.sha }} | |
| cache_key: cache-${{ github.sha }}-${{ matrix.package_extension }}-perl-openwsman-${{ matrix.distrib }}-${{ matrix.arch }}-${{ github.head_ref || github.ref_name }} | |
| rpm_gpg_key: ${{ secrets.RPM_GPG_SIGNING_KEY }} | |
| rpm_gpg_signing_key_id: ${{ secrets.RPM_GPG_SIGNING_KEY_ID }} | |
| rpm_gpg_signing_passphrase: ${{ secrets.RPM_GPG_SIGNING_PASSPHRASE }} | |
| stability: ${{ needs.get-environment.outputs.stability }} | |
| - uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: ./*.${{ matrix.package_extension }} | |
| key: cache-${{ github.sha }}-${{ matrix.package_extension }}-wsman-${{ matrix.distrib }}-${{ matrix.arch }}-${{ github.head_ref || github.ref_name }} | |
| deliver-packages: | |
| needs: [get-environment, package] | |
| if: | | |
| needs.get-environment.outputs.skip_workflow == 'false' && | |
| (contains(fromJson('["testing", "unstable"]'), needs.get-environment.outputs.stability) || ( needs.get-environment.outputs.stability == 'stable' && github.event_name != 'workflow_dispatch')) && | |
| ! cancelled() && | |
| ! contains(needs.*.result, 'failure') && | |
| ! contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - distrib: el8 | |
| package_extension: rpm | |
| arch: amd64 | |
| - distrib: el9 | |
| package_extension: rpm | |
| arch: amd64 | |
| - distrib: el10 | |
| package_extension: rpm | |
| arch: amd64 | |
| - distrib: bullseye | |
| package_extension: deb | |
| arch: amd64 | |
| - distrib: bullseye | |
| package_extension: deb | |
| arch: arm64 | |
| - distrib: bookworm | |
| package_extension: deb | |
| arch: amd64 | |
| - distrib: trixie | |
| package_extension: deb | |
| arch: amd64 | |
| - distrib: jammy | |
| package_extension: deb | |
| arch: amd64 | |
| - distrib: noble | |
| package_extension: deb | |
| arch: amd64 | |
| name: deliver ${{ matrix.distrib }} ${{ matrix.arch }} | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Delivery | |
| uses: ./.github/actions/package-delivery | |
| with: | |
| module_name: wsman-${{ matrix.arch }} | |
| distrib: ${{ matrix.distrib }} | |
| arch: ${{ matrix.arch }} | |
| cache_key: cache-${{ github.sha }}-${{ matrix.package_extension }}-wsman-${{ matrix.distrib }}-${{ matrix.arch }}-${{ github.head_ref || github.ref_name }} | |
| stability: ${{ needs.get-environment.outputs.stability }} | |
| release_type: ${{ needs.get-environment.outputs.release_type }} | |
| artifactory_token: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| set-skip-label: | |
| needs: [get-environment, deliver-packages] | |
| if: | | |
| needs.get-environment.outputs.skip_workflow == 'false' && | |
| ! cancelled() && | |
| ! contains(needs.*.result, 'failure') && | |
| ! contains(needs.*.result, 'cancelled') | |
| uses: ./.github/workflows/set-pull-request-skip-label.yml |