[Io7UetI2] Update org.apache.poi to 5.3.0 to mitigate CVE-2024-25710 and CVE-2024-26308 #5809
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ "4.4" ] | |
pull_request: | |
branches: [ "4.4" ] | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
TEAMCITY_FOUR_FOUR_URL: ${{ secrets.TEAMCITY_FOUR_FOUR_URL }} | |
TEAMCITY_USER: ${{ secrets.TEAMCITY_USER }} | |
TEAMCITY_PASSWORD: ${{ secrets.TEAMCITY_PASSWORD }} | |
jobs: | |
compile: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Compile | |
run: ./gradlew compileJava compileTestJava | |
code-ql: | |
runs-on: ubuntu-latest | |
needs: compile | |
# required by CodeQL | |
permissions: | |
security-events: write | |
actions: read | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: java | |
- name: Compile | |
run: ./gradlew compileJava compileTestJava | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
format-checks: | |
runs-on: ubuntu-latest | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Check all the files are properly formatted | |
run: ./gradlew spotlessCheck | |
license-checks: | |
runs-on: ubuntu-latest | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Check LICENSE and NOTICE files | |
run: ./gradlew validateLicenses generateLicensesFiles | |
tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
project: ['core', 'full', 'processor', 'test-utils', 'core-it', 'full-it'] | |
env: | |
DOCKER_ENTERPRISE_FOUR_FOUR_URL: ${{ secrets.DOCKER_ENTERPRISE_FOUR_FOUR_URL }} | |
DOCKER_COMMUNITY_FOUR_FOUR_URL: ${{ secrets.DOCKER_COMMUNITY_FOUR_FOUR_URL }} | |
ENTERPRISE_TAR: enterprise-docker.tar | |
COMMUNITY_TAR: community-docker.tar | |
runs-on: ubuntu-latest | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download neo4j 4.4 docker container | |
if: matrix.project == 'core-it' || matrix.project == 'full-it' || matrix.project == 'core' | |
run: | | |
curl -s -L0 -u "${TEAMCITY_USER}:${TEAMCITY_PASSWORD}" -X GET ${DOCKER_ENTERPRISE_FOUR_FOUR_URL} -o ${ENTERPRISE_TAR} & | |
curl -s -L0 -u "${TEAMCITY_USER}:${TEAMCITY_PASSWORD}" -X GET ${DOCKER_COMMUNITY_FOUR_FOUR_URL} -o ${COMMUNITY_TAR} & | |
wait | |
docker load --input ${ENTERPRISE_TAR} | |
docker load --input ${COMMUNITY_TAR} | |
- name: Run ${{ matrix.project }} tests | |
uses: ./.github/actions/test-gradle-project | |
with: | |
project-name: ${{ matrix.project }} |