Skip to content

[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) #32203

[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857)

[Backport 1.3.x] Upgrade BouncyCastle from 1.75 to 1.78.1 (CVE-2024-30172, CVE-2024-30171 and CVE-2024-29857) #32203

Workflow file for this run

name: Gradle Check (Jenkins)
on:
push:
branches-ignore:
- 'backport/**'
- 'create-pull-request/**'
- 'dependabot/**'
pull_request_target:
types: [opened, synchronize, reopened]
jobs:
gradle-check:
runs-on: ubuntu-latest
timeout-minutes: 130
steps:
- name: Checkout OpenSearch repo
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup environment variables (PR)
if: github.event_name == 'pull_request_target'
run: |
echo "pr_from_sha=$(jq --raw-output .pull_request.head.sha $GITHUB_EVENT_PATH)" >> $GITHUB_ENV
echo "pr_from_clone_url=$(jq --raw-output .pull_request.head.repo.clone_url $GITHUB_EVENT_PATH)" >> $GITHUB_ENV
echo "pr_to_clone_url=$(jq --raw-output .pull_request.base.repo.clone_url $GITHUB_EVENT_PATH)" >> $GITHUB_ENV
echo "pr_title=$(jq --raw-output .pull_request.title $GITHUB_EVENT_PATH)" >> $GITHUB_ENV
echo "pr_number=$(jq --raw-output .pull_request.number $GITHUB_EVENT_PATH)" >> $GITHUB_ENV
- name: Setup environment variables (Push)
if: github.event_name == 'push'
run: |
repo_url="https://github.com/opensearch-project/OpenSearch"
ref_id=$(git rev-parse HEAD)
branch_name=$(git rev-parse --abbrev-ref HEAD)
echo "pr_from_sha=$ref_id" >> $GITHUB_ENV
echo "pr_from_clone_url=$repo_url" >> $GITHUB_ENV
echo "pr_to_clone_url=$repo_url" >> $GITHUB_ENV
echo "pr_title=Push trigger $branch_name $ref_id $repo_url" >> $GITHUB_ENV
echo "pr_number=Null" >> $GITHUB_ENV
- name: Checkout opensearch-build repo
uses: actions/checkout@v2
with:
repository: opensearch-project/opensearch-build
ref: main
path: opensearch-build
- name: Trigger jenkins workflow to run gradle check
run: |
set -e
set -o pipefail
bash opensearch-build/scripts/gradle/gradle-check.sh ${{ secrets.JENKINS_GRADLE_CHECK_GENERIC_WEBHOOK_TOKEN }} | tee -a gradle-check.log
- name: Setup Result Status
if: always()
run: |
WORKFLOW_URL=`cat gradle-check.log | grep 'WORKFLOW_URL' | awk '{print $2}'`
RESULT=`cat gradle-check.log | grep 'Result:' | awk '{print $2}'`
echo "workflow_url=$WORKFLOW_URL" >> $GITHUB_ENV
echo "result=$RESULT" >> $GITHUB_ENV
- name: Upload Coverage Report
if: success()
uses: codecov/codecov-action@v2
with:
files: ./codeCoverage.xml
- name: Create Comment Success
if: ${{ github.event_name == 'pull_request_target' && success() }}
uses: peter-evans/create-or-update-comment@v2
with:
issue-number: ${{ env.pr_number }}
body: |
### Gradle Check (Jenkins) Run Completed with:
* **RESULT:** ${{ env.result }} :white_check_mark:
* **URL:** ${{ env.workflow_url }}
* **CommitID:** ${{ env.pr_from_sha }}
- name: Create Comment Failure
if: ${{ github.event_name == 'pull_request_target' && failure() }}
uses: peter-evans/create-or-update-comment@v2
with:
issue-number: ${{ env.pr_number }}
body: |
### Gradle Check (Jenkins) Run Completed with:
* **RESULT:** ${{ env.result }} :x:
* **URL:** ${{ env.workflow_url }}
* **CommitID:** ${{ env.pr_from_sha }}