chore: upgrade testbench to 10.1.2 (25.1) #6352
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SBOM | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, edited] | |
| paths: ["versions.json", "**/pom.xml", ".github/workflows/sbom.yml", "scripts/generateAndCheckSBOM.js", "scripts/generator/templates/*.xml"] | |
| release: | |
| types: ["published"] | |
| workflow_dispatch: | |
| inputs: | |
| useSnapshots: | |
| description: 'Use snapthots for all vaadin products' | |
| required: false | |
| type: boolean | |
| default: false | |
| useBomber: | |
| description: 'Use bomber' | |
| required: false | |
| type: boolean | |
| default: true | |
| useOSV: | |
| description: 'Use osv-scanner' | |
| required: false | |
| type: boolean | |
| default: true | |
| useOWASP: | |
| description: 'Use owasp:dependency-check-maven' | |
| required: false | |
| type: boolean | |
| default: true | |
| useFullOWASP: | |
| description: 'Use full owasp:dependency-check' | |
| required: false | |
| type: boolean | |
| default: false | |
| updateNVD: | |
| description: 'Force NVD database update (ignore cache)' | |
| required: false | |
| type: boolean | |
| default: false | |
| version: | |
| description: 'Use set Platform Version to:' | |
| required: false | |
| type: string | |
| default: '' | |
| jobs: | |
| run: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: | | |
| [ -z "${{secrets.TB_LICENSE}}" ] \ | |
| && echo "🚫 **TB_LICENSE** is not defined, check that **${{github.repository}}** repo has a valid secret" \ | |
| | tee -a $GITHUB_STEP_SUMMARY && exit 1 || exit 0 | |
| name: Check secrets | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - uses: stCarolas/setup-maven@v5 | |
| with: | |
| maven-version: '3.8.2' | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: 'stable' | |
| - run: go install github.com/google/osv-scanner/cmd/osv-scanner@v1 | |
| - run: | | |
| wget -q https://github.com/devops-kung-fu/bomber/releases/download/v0.5.1/bomber_0.5.1_linux_amd64.deb | |
| sudo dpkg -i bomber_0.5.1_linux_amd64.deb | |
| name: Install bomber-0.5.1 | |
| - run: | | |
| # Install dependency-check-12.1.9 | |
| cd /tmp | |
| wget -q https://github.com/dependency-check/DependencyCheck/releases/download/v12.1.9/dependency-check-12.1.9-release.zip | |
| unzip dependency-check-12.1.9-release.zip | |
| sudo ln -s /tmp/dependency-check/bin/dependency-check.sh /usr/bin/dependency-check | |
| name: Install dependency-check-12.1.9 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '24' | |
| - run: npm install -g npm@11.6.4 | |
| - run: | | |
| mkdir -p ~/.vaadin/ | |
| echo '{"username":"'`echo ${{secrets.TB_LICENSE}} | cut -d / -f1`'","proKey":"'`echo ${{secrets.TB_LICENSE}} | cut -d / -f2`'"}' > ~/.vaadin/proKey | |
| name: Install proKey | |
| - name: Restore NVD database cache | |
| id: nvd-cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /tmp/nvd-cache | |
| key: nvd-db-will-not-match | |
| restore-keys: nvd-db- | |
| - run: | | |
| [ false = "${{github.event.inputs.useBomber}}" ] && A="$A --disable-bomber" | |
| [ false = "${{github.event.inputs.useOSV}}" ] && A="$A --disable-osv-scan" | |
| [ false = "${{github.event.inputs.useOWASP}}" ] && A="$A --disable-owasp" | |
| [ true = "${{github.event.inputs.useFullOWASP}}" ] && A="$A --enable-full-owasp" | |
| [ true = "${{github.event.inputs.useSnapshots}}" ] && A="$A --useSnapshots" | |
| V="${{ github.event.inputs.version || github.event.release.tag_name }}" | |
| [ -n "$V" ] && A="$A --version $V" | |
| if [ "${{ steps.nvd-cache.outputs.cache-matched-key }}" != "" ] && [ true != "${{ github.event.inputs.updateNVD }}" ]; then | |
| A="$A --nvd-cache-dir /tmp/nvd-cache --skip-nvd-update" | |
| fi | |
| cmd="scripts/generateAndCheckSBOM.js $A" | |
| echo "Running: $cmd" | |
| $cmd | |
| name: Generate And Check SBOM | |
| env: | |
| OSSINDEX_USER: ${{secrets.OSSINDEX_USER}} | |
| OSSINDEX_TOKEN: ${{secrets.OSSINDEX_TOKEN}} | |
| NVD_API_KEY: ${{secrets.NVD_API_KEY}} | |
| - if: ${{always() && env.DEPENDENCIES_REPORT && github.event.pull_request}} | |
| uses: thollander/actions-comment-pull-request@v2 | |
| with: | |
| message: "${{env.DEPENDENCIES_REPORT}}\n[[Click for more Details](${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}})]" | |
| comment_tag: dependencies_report | |
| - if: ${{always()}} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: files | |
| path: | | |
| **/target/bom-vaadin.json | |
| **/target/*-report.json | |
| **/target/tree-*.txt | |
| **/target/dependencies.html | |
| if-no-files-found: error | |
| retention-days: 60 | |
| - if: ${{ always() && (github.event.release.tag_name || github.event.inputs.version) }} | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: vaadin-platform-sbom/target/bom-vaadin.json | |
| asset_name: "Software.Bill.Of.Materials.json" | |
| tag: ${{ github.event.inputs.version || github.event.release.tag_name }} | |
| overwrite: true | |
| - if: ${{ always() && (github.event.release.tag_name || github.event.inputs.version) }} | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: vaadin-platform-sbom/target/dependencies.html | |
| asset_name: "Dependencies.Report.html" | |
| tag: ${{ github.event.inputs.version || github.event.release.tag_name }} | |
| overwrite: true | |