ci: Fix JDK 25 and OWASP CI failures for v0.6.0 release (#43) #163
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: ['trunk'] | |
| pull_request: | |
| branches: ['trunk'] | |
| workflow_dispatch: | |
| jobs: | |
| build_multi_os: | |
| name: Build and test ${{matrix.os}} | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 (Oracle) | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: oracle | |
| cache: maven | |
| - name: Display Java version | |
| run: java -version | |
| - name: Display Javac version | |
| run: javac -version | |
| - name: Display Maven version | |
| run: mvn -version | |
| - name: Build (Unix) | |
| if: matrix.os != 'windows-latest' | |
| run: mvn install -DskipTests=true -Dgpg.skip -B -V | |
| - name: Build (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: mvn --% install -DskipTests=true -Dgpg.skip -B -V # tell powershell to stop parsing with --% so it doesn't error with "Unknown lifecycle phase .skip" | |
| - name: Install Spice (https://install.spiceai.org) (Unix) | |
| if: matrix.os == 'ubuntu-latest' || matrix.os == 'macos-latest' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| curl https://install.spiceai.org | /bin/bash | |
| echo "$HOME/.spice/bin" >> $GITHUB_PATH | |
| $HOME/.spice/bin/spice install | |
| - name: install Spice (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: | | |
| curl -L "https://install.spiceai.org/Install.ps1" -o Install.ps1 && PowerShell -ExecutionPolicy Bypass -File ./Install.ps1 | |
| - name: add Spice bin to PATH (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: | | |
| Add-Content $env:GITHUB_PATH (Join-Path $HOME ".spice\bin") | |
| shell: pwsh | |
| - name: Init and start spice app (Unix) | |
| if: matrix.os != 'windows-latest' | |
| run: | | |
| spice init spice_qs | |
| cd spice_qs | |
| spice add spiceai/quickstart | |
| spiced &> spice.log & | |
| # time to initialize added dataset | |
| sleep 10 | |
| - name: Init and start spice app (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: | | |
| spice init spice_qs | |
| cd spice_qs | |
| spice add spiceai/quickstart | |
| Start-Process -FilePath spice run | |
| # time to initialize added dataset | |
| Start-Sleep -Seconds 10 | |
| shell: pwsh | |
| - name: Test | |
| run: mvn test -B | |
| env: | |
| API_KEY: ${{ secrets.SPICE_CLOUD_QUICKSTART_API_KEY }} | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results-${{ matrix.os }} | |
| path: target/surefire-reports/ | |
| retention-days: 7 | |
| - name: Upload coverage report | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report-${{ matrix.os }} | |
| path: target/site/jacoco/ | |
| retention-days: 7 | |
| build: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| java: | |
| # Microsoft OpenJDK (LTS versions only) | |
| - version: 11 | |
| distribution: microsoft | |
| - version: 17 | |
| distribution: microsoft | |
| - version: 21 | |
| distribution: microsoft # LTS | |
| # Eclipse Temurin (Adoptium) - LTS and recent non-LTS | |
| - version: 21 | |
| distribution: temurin # LTS | |
| - version: 23 | |
| distribution: temurin # Non-LTS - released Sept 2024 | |
| - version: 24 | |
| distribution: temurin # Non-LTS - released March 2025 | |
| # Oracle JDK (17 and later only) | |
| - version: 17 | |
| distribution: oracle | |
| - version: 21 | |
| distribution: oracle # LTS - support until 2031 | |
| - version: 23 | |
| distribution: oracle # Non-LTS - released Sept 2024 | |
| - version: 24 | |
| distribution: oracle # Non-LTS - released March 2025 | |
| - version: 25 | |
| distribution: oracle # LTS - released Sept 2025, support until 2033 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK ${{ matrix.java.version }} (${{ matrix.java.distribution }}) | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ matrix.java.version }} | |
| distribution: ${{ matrix.java.distribution }} | |
| cache: maven | |
| - name: Display Java version | |
| run: java -version | |
| - name: Display Javac version | |
| run: javac -version | |
| - name: Display Maven version | |
| run: mvn -version | |
| - name: Build | |
| run: mvn install -DskipTests=true -Dgpg.skip -B -V | |
| - name: Install Spice (https://install.spiceai.org) | |
| run: | | |
| curl https://install.spiceai.org | /bin/bash | |
| echo "$HOME/.spice/bin" >> $GITHUB_PATH | |
| - name: Init and start spice app | |
| run: | | |
| spice init spice_qs | |
| cd spice_qs | |
| spice add spiceai/quickstart | |
| spice run &> spice.log & | |
| # time to initialize added dataset | |
| sleep 10 | |
| - name: Test | |
| run: | | |
| EXTRA="" | |
| # JDK 23+ disables sun.misc.Unsafe memory methods by default (JEP 471). | |
| # Arrow/Netty still require them for off-heap memory allocation. | |
| if [ "${{ matrix.java.version }}" -ge 23 ] 2>/dev/null; then | |
| EXTRA="--sun-misc-unsafe-memory-access=allow" | |
| fi | |
| mvn test -B -DextraArgLine="$EXTRA" | |
| env: | |
| API_KEY: ${{ secrets.SPICE_CLOUD_QUICKSTART_API_KEY }} | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results-jdk${{ matrix.java.version }}-${{ matrix.java.distribution }} | |
| path: target/surefire-reports/ | |
| retention-days: 7 | |
| quality: | |
| name: Code quality checks | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 (Oracle) | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: oracle | |
| cache: maven | |
| - name: Build | |
| run: mvn install -DskipTests=true -Dgpg.skip -B -V | |
| - name: Maven Enforcer | |
| run: mvn validate -B | |
| - name: SpotBugs | |
| run: mvn spotbugs:check -B | |
| - name: Checkstyle | |
| run: mvn checkstyle:check -B | |
| - name: Cache OWASP Dependency-Check data | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository/org/owasp/dependency-check-data | |
| key: dependency-check-data-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| dependency-check-data-${{ runner.os }}- | |
| - name: OWASP Dependency-Check | |
| # NVD API is unreliable (429s, timeouts without API key). Don't block CI. | |
| continue-on-error: true | |
| env: | |
| NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
| run: mvn dependency-check:check -B -DnvdApiKey="$NVD_API_KEY" | |
| - name: Upload dependency-check report | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dependency-check-report | |
| path: target/dependency-check-report.html | |
| retention-days: 30 |