Skip to content

Fix profile xss

Fix profile xss #1129

Workflow file for this run

name: CI
# This will run when:
# - a new release is created, and will attach the generated
# artifacts to the release
# - when new code is pushed to master/develop to make sure the
# code does compile.
# - when a pull request is created and updated to make sure the
# code does compile.
on:
release:
types: created
push:
branches:
- master
- develop
pull_request:
# The jobs are chained, the first thing that is run is the code to
# update all the dependencies (which are cached). The cache is
# linked to the project/Build.scala file, if this changes the cache
# is invalidated.
# Once build is done it will start the test, dist and documentation
# phases (which are executed in parallel).
jobs:
# downloads all the dependencies and compiles the scala code
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: github branch
run: |
if [ "${{ github.event.release.target_commitish }}" != "" ]; then
BRANCH="${{ github.event.release.target_commitish }}"
else
BRANCH=${GITHUB_REF##*/}
fi
echo "GITHUB_BRANCH=${BRANCH}" >> $GITHUB_ENV
if [ "$BRANCH" == "master" ]; then
echo "CLOWDER_VERSION=$(awk '/version = / { print $4 }' project/Build.scala | sed 's/"//g')" >> $GITHUB_ENV
elif [ "$BRANCH" == "develop" ]; then
echo "CLOWDER_VERSION=develop" >> $GITHUB_ENV
else
echo "CLOWDER_VERSION=testing" >> $GITHUB_ENV
fi
- uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: 8
- name: Cache SBT ivy cache
uses: actions/cache@v1
with:
path: ~/.ivy2/cache
key: ${{ runner.os }}-sbt-ivy-cache-${{ hashFiles('project/Build.scala') }}
- name: Cache SBT
uses: actions/cache@v1
with:
path: ~/.sbt
key: ${{ runner.os }}-sbt-${{ hashFiles('project/Build.scala') }}
- name: sbt clean update
run: ./sbt clean update
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
VERSION: ${{ env.CLOWDER_VERSION }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
- name: sbt compile
run: ./sbt compile
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
VERSION: ${{ env.CLOWDER_VERSION }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
# starts a mongodb instance, and runs the scala tests
test:
runs-on: ubuntu-latest
needs: build
services:
mongodb:
image: mongo:3.6
ports:
- 27017:27017
steps:
- uses: actions/checkout@v3
- name: github branch
run: |
if [ "${{ github.event.release.target_commitish }}" != "" ]; then
BRANCH="${{ github.event.release.target_commitish }}"
else
BRANCH=${GITHUB_REF##*/}
fi
echo "GITHUB_BRANCH=${BRANCH}" >> $GITHUB_ENV
if [ "$BRANCH" == "master" ]; then
echo "CLOWDER_VERSION=$(awk '/version = / { print $4 }' project/Build.scala | sed 's/"//g')" >> $GITHUB_ENV
elif [ "$BRANCH" == "develop" ]; then
echo "CLOWDER_VERSION=develop" >> $GITHUB_ENV
else
echo "CLOWDER_VERSION=testing" >> $GITHUB_ENV
fi
- uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: 8
- name: Cache SBT ivy cache
uses: actions/cache@v3
with:
path: ~/.ivy2/cache
key: ${{ runner.os }}-sbt-ivy-cache-${{ hashFiles('project/Build.scala') }}
- name: Cache SBT
uses: actions/cache@v3
with:
path: ~/.sbt
key: ${{ runner.os }}-sbt-${{ hashFiles('project/Build.scala') }}
- name: sbt test
run: ./sbt "test-only integration.APITestSuite"
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
VERSION: ${{ env.CLOWDER_VERSION }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
# creates zip file of the dist compiled version. The results are
# uploaded as artifacts for this build as well to the release if
# created.
dist:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v3
- name: github branch
run: |
if [ "${{ github.event.release.target_commitish }}" != "" ]; then
BRANCH="${{ github.event.release.target_commitish }}"
else
BRANCH=${GITHUB_REF##*/}
fi
echo "GITHUB_BRANCH=${BRANCH}" >> $GITHUB_ENV
if [ "$BRANCH" == "master" ]; then
echo "CLOWDER_VERSION=$(awk '/version = / { print $4 }' project/Build.scala | sed 's/"//g')" >> $GITHUB_ENV
elif [ "$BRANCH" == "develop" ]; then
echo "CLOWDER_VERSION=develop" >> $GITHUB_ENV
else
echo "CLOWDER_VERSION=testing" >> $GITHUB_ENV
fi
- uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: 8
- name: Cache SBT ivy cache
uses: actions/cache@v3
with:
path: ~/.ivy2/cache
key: ${{ runner.os }}-sbt-ivy-cache-${{ hashFiles('project/Build.scala') }}
- name: Cache SBT
uses: actions/cache@v3
with:
path: ~/.sbt
key: ${{ runner.os }}-sbt-${{ hashFiles('project/Build.scala') }}
- name: sbt dist
run: ./sbt dist
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
VERSION: ${{ env.CLOWDER_VERSION }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
- name: fix log4j
run: |
ZIPFILE=$(ls -1rt target/universal/*.zip | head -1)
DIR=$(basename ${ZIPFILE} .zip)
unzip -q ${ZIPFILE}
for x in $(find ${DIR} -name \*.jar); do
zip -d $x org/apache/log4j/net/JMSAppender.class org/apache/log4j/net/SocketServer.class | grep 'deleting:' && echo "fixed $x"
done
rm ${ZIPFILE}
zip -r ${ZIPFILE} ${DIR}
- uses: actions/upload-artifact@v2
with:
name: clowder.zip
path: target/universal/clowder-*.zip
- name: Upload files to a GitHub release
if: github.event_name == 'release' && github.event.action == 'created'
uses: svenstaro/[email protected]
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ github.ref }}
overwrite: true
asset_name: clowder.zip
file: target/universal/clowder-*.zip
file_glob: true
- name: Upload dist to NCSA
if: github.event_name == 'push'
uses: robkooper/sftp-action@master
with:
host: ${{ secrets.SCP_HOST }}
username: ${{ secrets.SCP_USERNAME }}
key: ${{ secrets.SCP_KEY }}
files: "target/universal/clowder-*.zip"
target: "CATS/${{ env.CLOWDER_VERSION }}/files"
# creates scaladoc, html and epub (no pdflatex) and uploads those
# as artifacts for this build as well to the release if created.
documentation:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v3
- name: github branch
run: |
if [ "${{ github.event.release.target_commitish }}" != "" ]; then
BRANCH="${{ github.event.release.target_commitish }}"
else
BRANCH=${GITHUB_REF##*/}
fi
echo "GITHUB_BRANCH=${BRANCH}" >> $GITHUB_ENV
if [ "$BRANCH" == "master" ]; then
echo "CLOWDER_VERSION=$(awk '/version = / { print $4 }' project/Build.scala | sed 's/"//g')" >> $GITHUB_ENV
elif [ "$BRANCH" == "develop" ]; then
echo "CLOWDER_VERSION=develop" >> $GITHUB_ENV
else
echo "CLOWDER_VERSION=testing" >> $GITHUB_ENV
fi
- uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: 8
- name: Cache SBT ivy cache
uses: actions/cache@v3
with:
path: ~/.ivy2/cache
key: ${{ runner.os }}-sbt-ivy-cache-${{ hashFiles('project/Build.scala') }}
- name: Cache SBT
uses: actions/cache@v3
with:
path: ~/.sbt
key: ${{ runner.os }}-sbt-${{ hashFiles('project/Build.scala') }}
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: sbt doc
run: ./sbt doc
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
VERSION: ${{ env.CLOWDER_VERSION }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
- uses: actions/upload-artifact@v2
with:
name: ScalaDoc
path: target/scala-*/api/
- name: Upload scaladoc to NCSA
if: github.event_name == 'push'
uses: robkooper/sftp-action@master
with:
host: ${{ secrets.SCP_HOST }}
username: ${{ secrets.SCP_USERNAME }}
key: ${{ secrets.SCP_KEY }}
files: "target/scala-*/api/*"
target: "CATS/${{ env.CLOWDER_VERSION }}/documentation/scaladoc"
- name: sphinx
run: |
cd doc/src/sphinx/
python -m pip install -r requirements.txt
make html epub
- uses: actions/upload-artifact@v2
with:
name: HTML Documentation
path: doc/src/sphinx/_build/html
- name: Upload sphinx to NCSA
if: github.event_name == 'push'
uses: robkooper/sftp-action@master
with:
host: ${{ secrets.SCP_HOST }}
username: ${{ secrets.SCP_USERNAME }}
key: ${{ secrets.SCP_KEY }}
files: "doc/src/sphinx/_build/html/*"
target: "CATS/${{ env.CLOWDER_VERSION }}/documentation/sphinx"
- uses: actions/upload-artifact@v2
with:
name: EPUB Documentation
path: doc/src/sphinx/_build/epub/Clowder.epub
- name: Upload files to a GitHub release
if: github.event_name == 'release' && github.event.action == 'created'
uses: svenstaro/[email protected]
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ github.ref }}
overwrite: true
asset_name: clowder.epub
file: doc/src/sphinx/_build/epub/Clowder.epub
- name: Upload epub to NCSA
if: github.event_name == 'push'
uses: robkooper/sftp-action@master
with:
host: ${{ secrets.SCP_HOST }}
username: ${{ secrets.SCP_USERNAME }}
key: ${{ secrets.SCP_KEY }}
files: "doc/src/sphinx/_build/epub/Clowder.epub"
target: "CATS/${{ env.CLOWDER_VERSION }}/files"