Maven local 2 #130

tiagobento · 2024-09-29T19:24:34Z

Maven local 2

apache#1335) * [KOGITO-7697] - Group all Jobs service jdbc flavors on one container image Signed-off-by: spolti <[email protected]> * review and improvements Signed-off-by: spolti <[email protected]> review changes and remove leftovers Signed-off-by: spolti <[email protected]> Update build-kogito-apps-components.sh Update build-kogito-apps-components.sh update script * make the all in one module independent Signed-off-by: spolti <[email protected]> * Apply suggestions from code review Signed-off-by: spolti <[email protected]> Co-authored-by: Tristan Radisson <[email protected]>

Co-authored-by: Jenkins CI <[email protected]>

* [main] Bump Quarkus version to 2.14.0.Final * Update GraalVM module to 22.2.0 Co-authored-by: Jenkins CI <[email protected]> Co-authored-by: radtriste <[email protected]>

Co-authored-by: Jenkins CI <[email protected]>

…configuration container field (apache#1374) Signed-off-by: spolti <[email protected]>

* Build `kogito-swf-builder` quarkus app locally * review comments

* update * correction

…pache#1381) * [KOGITO-8304] - Document the usage of all-in-one jobs-service image Signed-off-by: spolti <[email protected]> * Update README.md * Update README.md Co-authored-by: Tristan Radisson <[email protected]> * Update README.md Co-authored-by: Tristan Radisson <[email protected]> * Update README.md Signed-off-by: spolti <[email protected]> Co-authored-by: Tristan Radisson <[email protected]>

)

* [main] Bump Quarkus version to 2.15.0.CR1 * [main] Bump Quarkus version to 2.15.0.Final * Update tests/features/kogito-swf-builder.feature * update * added backporting * Revert "added backporting" This reverts commit 7d28f58bf908136f0c33b4e4716284bdc9a09c49. Co-authored-by: Jenkins CI <[email protected]> Co-authored-by: radtriste <[email protected]>

- fixes KOGITO-8420 - fixes KOGITO-8421 - remove unnecessary files from builder image Signed-off-by: Your Name <[email protected]>

…builder context (apache#1401) Signed-off-by: Spolti <[email protected]>

apache#1402) * [KOGITO-8421] - [SW] Ensure that the Kogito SW builder image has the correct Quarkus version - Apply review suggestions Signed-off-by: Spolti <[email protected]> * Update scripts/build-quarkus-app.sh * Update modules/kogito-swf-builder/added/create-app.sh Signed-off-by: Spolti <[email protected]>

…#1405) Signed-off-by: Spolti <[email protected]>

Signed-off-by: Spolti <[email protected]>

* KOGITO-8510 Solve kogito-swf-builder long builds

* KOGITO-8393 Clean release notes on branching * Update .ci/jenkins/Jenkinsfile.setup-branch

…y default (apache#1404) * [KOGITO-8469] Adapt Kogito SWF Builder image to run quarkus devmode by default Signed-off-by: Ricardo Zanini <[email protected]> * Add RELEASE NOTES Signed-off-by: Ricardo Zanini <[email protected]> * Add behave tests for running the app in devmode Signed-off-by: Ricardo Zanini <[email protected]> * Remove service description from ports Signed-off-by: Ricardo Zanini <[email protected]> * Forcing quarkus version to the runner Signed-off-by: Ricardo Zanini <[email protected]> * Formatting runner command Co-authored-by: Tristan Radisson <[email protected]> * Updating docs Signed-off-by: Ricardo Zanini <[email protected]> * Apply suggestions from code review Co-authored-by: Tristan Radisson <[email protected]> Signed-off-by: Ricardo Zanini <[email protected]> Co-authored-by: Tristan Radisson <[email protected]>

…ory in packages format (apache#2612)

…ache#2629) Signed-off-by: Ricardo Zanini <[email protected]> Co-authored-by: Ricardo Zanini <[email protected]>

…ode-images (apache#2617)

packages/maven-config-setup-helper/index.js

Rename Fix build reproducibility v2 Oops Fix DashBuilder configuration of maven-deploy-plugin Oops Fix maven-m2-repo-via-http-image configuration . Fix config

packages/maven-config-setup-helper/index.js

packages/maven-base/index.js

+`.trim();
+
+const DEFAULT_LOCAL_REPO = String(
+  cp.execSync(`mvn help:evaluate -Dexpression=settings.localRepository -q -DforceStdout -f ${EMPTY_POM_XML_PATH}`, {


To fix the problem, we should avoid constructing the shell command dynamically and instead use cp.execFileSync to pass the command and its arguments separately. This approach ensures that the shell does not misinterpret any special characters in the file paths.

Replace the dynamic command string with a static command and an array of arguments.

Use cp.execFileSync instead of cp.execSync to execute the command with the arguments.

packages/maven-base/index.js

+   * @param dirname A list of paths representing additional Maven repository directories, to be concatenated the default one (I.e, `maven.repo.local`)
+   *  */
+  prepareHardLinkedM2ForPackage: (tmpM2Dir, relativePackagePath) => {
+    const resolvedTmpM2Dir = path.resolve(tmpM2Dir);


To fix the problem, we should avoid directly embedding the tmpM2Dir parameter in the shell command. Instead, we can use the child_process.execFile method, which allows us to pass arguments as an array, thus avoiding shell interpretation of the input. This method is safer and prevents command injection vulnerabilities.

Replace the cp.execSync calls with cp.execFileSync and pass the command and arguments separately.

Ensure that all paths and arguments are passed as separate elements in the array to execFileSync.

packages/maven-base/index.js

+    fs.mkdirSync(resolvedTmpM2Dir, { recursive: true });
+
+    // head
+    cp.execSync(`cp -nal ${DEFAULT_LOCAL_REPO}/* ${resolvedTmpM2Dir}`, { stdio: "inherit" });


To fix the problem, we should avoid directly concatenating user input into shell commands. Instead, we can use the child_process.execFile method, which allows us to pass arguments as an array, thus avoiding shell interpretation of special characters. This method is safer and prevents command injection vulnerabilities.

Replace the cp.execSync call with cp.execFileSync to safely pass the command and its arguments.

Ensure that all paths and arguments are passed as separate elements in the array to execFileSync.

packages/maven-base/index.js

+    fs.mkdirSync(resolvedTmpM2Dir, { recursive: true });
+
+    // head
+    cp.execSync(`cp -nal ${DEFAULT_LOCAL_REPO}/* ${resolvedTmpM2Dir}`, { stdio: "inherit" });


To fix the problem, we should avoid constructing the shell command as a single string and instead use cp.execFileSync or cp.spawnSync to pass the command and its arguments separately. This approach prevents the shell from interpreting special characters in the arguments.

Replace the cp.execSync call on line 107 with cp.execFileSync to pass the command and arguments separately.

Ensure that the DEFAULT_LOCAL_REPO and resolvedTmpM2Dir paths are passed as arguments to avoid shell interpretation.

packages/maven-base/index.js

+    // tail
+    for (const t of tail) {
+      if (fs.existsSync(path.resolve(t))) {
+        cp.execSync(`cp -al ${path.resolve(t)}/* ${resolvedTmpM2Dir}`, { stdio: "inherit" });


To fix the problem, we should avoid constructing shell commands using string concatenation with untrusted input. Instead, we can use the child_process.execFile method, which allows us to pass arguments as an array, thereby avoiding shell interpretation of special characters.

Replace the cp.execSync calls with cp.execFileSync to safely pass arguments.

Ensure that all dynamic parts of the command are passed as separate arguments in the array.

packages/maven-base/index.js

+    // tail
+    for (const t of tail) {
+      if (fs.existsSync(path.resolve(t))) {
+        cp.execSync(`cp -al ${path.resolve(t)}/* ${resolvedTmpM2Dir}`, { stdio: "inherit" });


To fix the problem, we should avoid constructing the shell command as a single string and instead use cp.execFileSync or cp.spawnSync to pass the command and its arguments separately. This approach ensures that the shell does not interpret any special characters in the arguments.

Replace the cp.execSync call on line 116 with cp.execFileSync to pass the command and arguments separately.

Ensure that the paths are passed as separate arguments to avoid shell interpretation issues.

packages/maven-base/index.js

+    console.info(`[maven-base] Setting property '${key}' with value '${value}'...`);
+    console.time(`[maven-base] Setting property '${key}' with value '${value}'...`);
+
+    const cmd = `mvn versions:set-property -Dproperty=${key} -DnewVersion=${value} -DgenerateBackupPoms=false ${BOOTSTRAP_CLI_ARGS}`;


To fix the problem, we should avoid using string concatenation to construct the shell command. Instead, we can use child_process.execFile to safely pass the arguments to the mvn command. This approach ensures that the inputs are not interpreted by the shell, preventing command injection.

Replace the string concatenation with an array of arguments.

Use cp.execFile instead of cp.execSync to execute the command with the arguments array.

packages/maven-base/index.js

+    const cmd = `mvn versions:set-property -Dproperty=${key} -DnewVersion=${value} -DgenerateBackupPoms=false ${BOOTSTRAP_CLI_ARGS}`;
+
+    if (process.platform === "win32") {
+      cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });


To fix the problem, we should avoid constructing the shell command as a single string and instead use cp.execFileSync to separate the command and its arguments. This approach prevents the shell from interpreting special characters in the arguments, thus mitigating the risk of command injection.

Replace the dynamic command construction with a command and arguments array.

Use cp.execFileSync to execute the command with the arguments array.

packages/maven-base/index.js

+    if (process.platform === "win32") {
+      cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });
+    } else {
+      cp.execSync(cmd, { stdio: "inherit" });


To fix the problem, we should avoid constructing the shell command as a single string that includes potentially unsafe environment values. Instead, we should use cp.execFileSync to pass the command and its arguments separately. This approach ensures that the shell does not misinterpret any special characters or spaces in the paths.

Replace the construction of the cmd variable with an array of arguments.

Use cp.execFileSync instead of cp.execSync to execute the command with the arguments array.

packages/maven-base/index.js

+    if (process.platform === "win32") {
+      cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });
+    } else {
+      cp.execSync(cmd, { stdio: "inherit" });


To fix the problem, we should avoid constructing the shell command as a single string that includes potentially unsafe environment values. Instead, we should use cp.execFileSync to pass the command and its arguments separately. This approach ensures that the shell does not misinterpret any special characters in the paths.

Replace the construction of the cmd variable with separate command and arguments.

Use cp.execFileSync instead of cp.execSync to execute the command with the arguments passed as an array.

packages/maven-base/index.js

+    const cmd = `mvn versions:set-property -Dproperty=${key} -DnewVersion=${value} -DgenerateBackupPoms=false ${BOOTSTRAP_CLI_ARGS}`;
+
+    if (process.platform === "win32") {
+      cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });


To fix the problem, we should avoid constructing the shell command as a single string that includes environment-derived paths. Instead, we should use cp.execFileSync to pass the command and its arguments separately. This approach ensures that the shell does not misinterpret special characters in the paths.

Replace the construction of the cmd variable with an array of arguments.

Use cp.execFileSync to execute the command with the arguments array.

Ensure the fix is applied consistently across different platforms (Windows and non-Windows).

radtriste and others added 30 commits October 18, 2022 10:21

Correct DSL GHA (apache#1353)

8ce3039

KOGITO-8143 Include shell testing into CI (apache#1354)

830d0d2

KOGITO-8144 Setup quarkus version script/job (apache#1355)

cacaa16

[main] Bump Quarkus version to 2.13.3.Final (apache#1356)

b7bcd18

Co-authored-by: Jenkins CI <[email protected]>

[main] Update version to 2.0.0-snapshot

3446f7e

Promote pipeline: Correct install of gh-release cli (apache#1369)

a71b87c

[main] Bump Quarkus version to 2.14.0.Final (apache#1361)

a038c7d

* [main] Bump Quarkus version to 2.14.0.Final * Update GraalVM module to 22.2.0 Co-authored-by: Jenkins CI <[email protected]> Co-authored-by: radtriste <[email protected]>

[main] Bump Quarkus version to 2.14.1.Final (apache#1373)

22df4d0

Co-authored-by: Jenkins CI <[email protected]>

[main] Update version to 2.0.0-snapshot

84bf54b

[SRVLOGIC-58] - Cekit Image validator does not know about image osbs …

299f800

…configuration container field (apache#1374) Signed-off-by: spolti <[email protected]>

Build kogito-swf-builder quarkus app locally (apache#1364)

e6af9a1

* Build `kogito-swf-builder` quarkus app locally * review comments

KOGITO-8291 Setup Prod Jenkins check (apache#1372)

bb3d75e

* update * correction

KOGITO-8062 DSL: Refactor environments and export to config (apache#1350

c0f52db

)

Automated pull request backporting workflow (apache#1390)

dcb8282

set logic-data-index-ephemeral image version to 1.27.0 (apache#1389)

022c970

[KIECLOUD-672] add kogito-pkg-update module (apache#1392)

a4428c8

Correct update quarkus version script (apache#1398)

7d60095

[KOGITO-8420/8421] - auto configure jvm and few tweaks (apache#1400)

779dbd2

- fixes KOGITO-8420 - fixes KOGITO-8421 - remove unnecessary files from builder image Signed-off-by: Your Name <[email protected]>

[KOGITO-8429] - [SWF-Builder] Copy only the supported files into the …

785dafc

…builder context (apache#1401) Signed-off-by: Spolti <[email protected]>

[main] Update version to 2.0.0-snapshot

6273e9e

[KOGITO-8472] - CeKit Validator Unrecognized field entrypoint (apache…

7155066

…#1405) Signed-off-by: Spolti <[email protected]>

[KOGITO-8509] - CeKit Validator Unrecognized field service (apache#1406)

6b14ff5

Signed-off-by: Spolti <[email protected]>

KOGITO-8510 Solve kogito-swf-builder long builds (apache#1408)

d75c32e

* KOGITO-8510 Solve kogito-swf-builder long builds

Pipelines: Update Cekit path (apache#1407)

0009444

KOGITO-8393 Clean release notes on branching (apache#1410)

2000d33

* KOGITO-8393 Clean release notes on branching * Update .ci/jenkins/Jenkinsfile.setup-branch

tiagobento and others added 3 commits September 26, 2024 23:20

kie-tools#2604: Migrate incubator-kie-kogito-images repository hist…

d2fa9cb

…ory in packages format (apache#2612)

NO-ISSUE: Fix tests and test command of sonataflow-image-common (ap…

b4e3804

…ache#2629) Signed-off-by: Ricardo Zanini <[email protected]> Co-authored-by: Ricardo Zanini <[email protected]>

NO-ISSUE: Use maven-m2-repo-via-http to build sonataflow-builder/devm…

275c07d

…ode-images (apache#2617)

github-advanced-security bot found potential problems Sep 29, 2024

View reviewed changes

tiagobento force-pushed the maven-local-2 branch 4 times, most recently from 1d0dd07 to 840e606 Compare September 30, 2024 14:44

github-advanced-security bot found potential problems Sep 30, 2024

View reviewed changes

packages/maven-config-setup-helper/index.js Fixed Show fixed Hide fixed

tiagobento force-pushed the maven-local-2 branch from 840e606 to 3545c64 Compare September 30, 2024 15:21

Maven local

076fb41

Rename Fix build reproducibility v2 Oops Fix DashBuilder configuration of maven-deploy-plugin Oops Fix maven-m2-repo-via-http-image configuration . Fix config

tiagobento force-pushed the maven-local-2 branch from 3545c64 to 076fb41 Compare September 30, 2024 19:53

github-advanced-security bot found potential problems Sep 30, 2024

View reviewed changes

packages/maven-config-setup-helper/index.js Fixed Show fixed Hide fixed

packages/maven-config-setup-helper/index.js Fixed Show fixed Hide fixed

packages/maven-config-setup-helper/index.js Fixed Show fixed Hide fixed

removing mvn.tail

8363fec

github-advanced-security bot found potential problems Sep 30, 2024

View reviewed changes

packages/maven-config-setup-helper/index.js Fixed Show fixed Hide fixed

packages/maven-config-setup-helper/index.js Fixed Show fixed Hide fixed

tiagobento added 5 commits October 1, 2024 00:26

Maybe fix build

008b2ff

Rename method

f759e7f

Oops

d06f2ca

Merge maven-config-setup-helper with maven-base

73d8570

Oops

65acbff

github-advanced-security bot found potential problems Oct 1, 2024

View reviewed changes

tiagobento added 5 commits October 1, 2024 13:48

Oops

d441742

env and more stuff

d6d7c38

Oops. Lockfile

a624739

Force not skipping local deploy

6b45ecf

Fix

954d8a8

github-advanced-security bot found potential problems Oct 1, 2024

View reviewed changes

tiagobento added 2 commits October 2, 2024 00:44

Hm

a067801

No transfer progres

1e5b256

tiagobento closed this Oct 2, 2024

@@ -39,3 +39,3 @@
             const DEFAULT_LOCAL_REPO = String(
-              cp.execSync(`mvn help:evaluate -Dexpression=settings.localRepository -q -DforceStdout -f ${EMPTY_POM_XML_PATH}`, {
+              cp.execFileSync("mvn", ["help:evaluate", "-Dexpression=settings.localRepository", "-q", "-DforceStdout", "-f", EMPTY_POM_XML_PATH], {
                 stdio: "pipe",

@@ -134,8 +134,14 @@
-                const cmd = `mvn versions:set-property -Dproperty=${key} -DnewVersion=${value} -DgenerateBackupPoms=false ${BOOTSTRAP_CLI_ARGS}`;
+                const args = [
+                  "versions:set-property",
+                  `-Dproperty=${key}`,
+                  `-DnewVersion=${value}`,
+                  "-DgenerateBackupPoms=false",
+                  ...BOOTSTRAP_CLI_ARGS.split(" ")
+                ];
                 if (process.platform === "win32") {
-                  cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });
+                  cp.execFileSync("mvn", args, { stdio: "inherit", shell: "powershell.exe" });
                 } else {
-                  cp.execSync(cmd, { stdio: "inherit" });
+                  cp.execFileSync("mvn", args, { stdio: "inherit" });
                 }

@@ -70,8 +70,13 @@
-                const cmd = `mvn -e org.apache.maven.plugins:maven-wrapper-plugin:${env.mvnw.version}:wrapper ${BOOTSTRAP_CLI_ARGS}`;
+                const cmd = "mvn";
+                const args = [
+                  "-e",
+                  `org.apache.maven.plugins:maven-wrapper-plugin:${env.mvnw.version}:wrapper`,
+                  ...BOOTSTRAP_CLI_ARGS.split(" ")
+                ];
                 if (process.platform === "win32") {
-                  cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });
+                  cp.execFileSync(cmd, args, { stdio: "inherit", shell: "powershell.exe" });
                 } else {
-                  cp.execSync(cmd, { stdio: "inherit" });
+                  cp.execFileSync(cmd, args, { stdio: "inherit" });
                 }

@@ -134,8 +134,14 @@
-                const cmd = `mvn versions:set-property -Dproperty=${key} -DnewVersion=${value} -DgenerateBackupPoms=false ${BOOTSTRAP_CLI_ARGS}`;
+                const args = [
+                  "versions:set-property",
+                  `-Dproperty=${key}`,
+                  `-DnewVersion=${value}`,
+                  "-DgenerateBackupPoms=false",
+                  ...BOOTSTRAP_CLI_ARGS.split(" ")
+                ];
                 if (process.platform === "win32") {
-                  cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });
+                  cp.execFileSync("mvn", args, { stdio: "inherit", shell: "powershell.exe" });
                 } else {
-                  cp.execSync(cmd, { stdio: "inherit" });
+                  cp.execFileSync("mvn", args, { stdio: "inherit" });
                 }

@@ -70,8 +70,13 @@
-                const cmd = `mvn -e org.apache.maven.plugins:maven-wrapper-plugin:${env.mvnw.version}:wrapper ${BOOTSTRAP_CLI_ARGS}`;
+                const cmd = "mvn";
+                const args = [
+                  "-e",
+                  `org.apache.maven.plugins:maven-wrapper-plugin:${env.mvnw.version}:wrapper`,
+                  ...BOOTSTRAP_CLI_ARGS.split(" ")
+                ];
                 if (process.platform === "win32") {
-                  cp.execSync(cmd.replaceAll(" -", " `-"), { stdio: "inherit", shell: "powershell.exe" });
+                  cp.execFileSync(cmd, args, { stdio: "inherit", shell: "powershell.exe" });
                 } else {
-                  cp.execSync(cmd, { stdio: "inherit" });
+                  cp.execFileSync(cmd, args, { stdio: "inherit" });
                 }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Maven local 2 #130

Maven local 2 #130

tiagobento commented Sep 29, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

@@ -106,3 +106,3 @@
                 // head
-                cp.execSync(`cp -nal ${DEFAULT_LOCAL_REPO}/* ${resolvedTmpM2Dir}`, { stdio: "inherit" });
+                cp.execFileSync("cp", ["-nal", `${DEFAULT_LOCAL_REPO}/*`, resolvedTmpM2Dir], { stdio: "inherit" });
@@ -115,3 +115,3 @@
                   if (fs.existsSync(path.resolve(t))) {
-                    cp.execSync(`cp -al ${path.resolve(t)}/* ${resolvedTmpM2Dir}`, { stdio: "inherit" });
+                    cp.execFileSync("cp", ["-al", `${path.resolve(t)}/*`, resolvedTmpM2Dir], { stdio: "inherit" });
                   }

Maven local 2 #130

Maven local 2 #130

Conversation

tiagobento commented Sep 29, 2024