Skip to content

PBES2 decryption maximum iterations (#911) #611

PBES2 decryption maximum iterations (#911)

PBES2 decryption maximum iterations (#911) #611

Workflow file for this run

name: CI
on:
pull_request: # all pull requests
push:
branches:
- master
env:
MVN_CMD: ./mvnw --no-transfer-progress -B
jobs:
oracle:
strategy:
matrix:
java: [ '17' ]
runs-on: 'ubuntu-latest'
name: jdk-${{ matrix.java }}-oracle
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: oracle-actions/setup-java@v1
with:
release: ${{ matrix.java }}
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: ${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
temurin:
strategy:
matrix:
java: [ '8', '11', '17', '18' ]
runs-on: 'ubuntu-latest'
name: jdk-${{ matrix.java }}-temurin
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'temurin'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: ${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
zulu:
strategy:
matrix:
java: [ '7', '8', '9', '11', '12', '13', '14', '15', '16', '17', '18', '21' ]
runs-on: 'ubuntu-latest'
env:
JDK_MAJOR_VERSION: ${{ matrix.java }}
name: jdk-${{ matrix.java }}-zulu
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: |
if [ "$JDK_MAJOR_VERSION" == "7" ]; then export MAVEN_OPTS="-Xmx512m -XX:MaxPermSize=128m"; fi
${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
# ensure all of our files have the correct/updated license header
license-check:
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # avoid license plugin history warnings (plus it needs full history)
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '8'
cache: 'maven'
check-latest: true
- name: License Check
# This adds about 1 minute to any build, which is why we don't want to do it on every other build:
run: |
${{env.MVN_CMD}} license:check
code-coverage:
# (commented out for now - see the comments in 'Wait to start' below for why. Keeping this here as a placeholder
# as it may be better to use instead of an artificial delay once we no longer need to build on JDK 7):
#needs: zulu # wait until others finish so a coverage failure doesn't cancel others accidentally
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '8'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Wait to start
# wait a little to start: code coverage usually only takes about 1 1/2 minutes. If coverage fails, it will
# cancel the other running builds, and we don't want that (because we want to see if jobs fail due to
# build issues, not due to the code-coverage job causing the others to cancel). We could have used the
# 'need' property (commented out above), and that would wait until all the other jobs have finished before
# starting this one, but that introduces unnecessary (sometimes 2 1/2 minute) delay, whereas delaying the
# start of the code coverage checks a bit should allow everything to finish around the same time without having
# much of an adverse effect on the other jobs above.
run: sleep 90s
shell: bash
- name: Code Coverage
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: |
${{env.MVN_CMD}} clover:setup test && \
${{env.MVN_CMD}} -pl . clover:clover clover:check coveralls:report \
-DrepoToken="${{ secrets.GITHUB_TOKEN }}" \
-DserviceName=github \
-DserviceBuildNumber="${{ env.GITHUB_RUN_ID }}"