Skip to content

Commit

Permalink
Merge branch 'master' into localBuild3
Browse files Browse the repository at this point in the history
  • Loading branch information
karianna authored May 1, 2024
2 parents 45e4efb + 48a734d commit 23454cc
Show file tree
Hide file tree
Showing 40 changed files with 382 additions and 106 deletions.
14 changes: 11 additions & 3 deletions .azure-devops/build/steps/windows/before.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,17 @@ steps:
# install cygwin and build dependencies
- powershell: |
$ProgressPreference = 'SilentlyContinue';
Invoke-WebRequest -UseBasicParsing 'https://cygwin.com/setup-x86_64.exe' -OutFile '${{ parameters.dependenciesDir }}\cygwin.exe';
Start-Process -Wait -FilePath '${{ parameters.dependenciesDir }}\cygwin.exe' -ArgumentList '--packages wget,bsdtar,rsync,gnupg,git,autoconf,make,gcc-core,mingw64-x86_64-gcc-core,unzip,zip,cpio,curl,grep,perl --quiet-mode --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin/ --local-package-dir $(Agent.BuildDirectory)\cygwin_packages --root $(Agent.BuildDirectory)\cygwin64';
displayName: "[Windows Before] download and install Cygwin"
$DownloadedFile = "${{ parameters.dependenciesDir }}\cygwin.exe";
$DownloadUrl = 'https://cygwin.com/setup-x86_64.exe';
$ExpectedChecksum = 'e7815d360ab098fdd1f03f10f43f363c73a632e8866e304c72573cf1e6a0dec8';
Invoke-WebRequest -UseBasicParsing -Uri $DownloadUrl -OutFile $DownloadedFile;
# Calculate SHA256 checksum of the downloaded file
$DownloadedChecksum = (Get-FileHash -Path $DownloadedFile -Algorithm SHA256).Hash;
# Compare calculated checksum with the expected checksum
if ($DownloadedChecksum -eq $ExpectedChecksum) {
Start-Process -Wait -FilePath $DownloadedFile -ArgumentList '--packages wget,bsdtar,rsync,gnupg,git,autoconf,make,gcc-core,mingw64-x86_64-gcc-core,unzip,zip,cpio,curl,grep,perl --quiet-mode --download --local-install --delete-orphans --site
# add cygwin bin to PATH
- script: |
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/build-autotriage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ on:
env:
TRIAGE_SCRIPT: "tooling/build_autotriage/build_autotriage.sh"

permissions:
contents: read

jobs:
autotriage:
permissions:
Expand Down
38 changes: 32 additions & 6 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ jobs:
os: [macOS]
version: [
{ name: jdk8u, distro: macos-11 },
{ name: jdk11u, distro: macos-13 },
{ name: jdk11u, distro: macos-14 },
{ name: jdk17u, distro: macos-14 }
]
variant: [temurin]
Expand Down Expand Up @@ -162,7 +162,7 @@ jobs:
rm /usr/local/bin/python3-config || true
rm /usr/local/bin/python3.11-config || true
rm /usr/local/bin/python3.12-config || true
- name: Install Dependencies
run: |
brew install automake bash binutils freetype gnu-sed nasm
Expand All @@ -173,7 +173,7 @@ jobs:
java-version: 7
distribution: 'zulu'
if: matrix.version.name == 'jdk8u'

- name: Select correct Xcode (JDK8)
if: matrix.version.name == 'jdk8u'
run: |
Expand All @@ -184,7 +184,7 @@ jobs:
if: matrix.version.name != 'jdk8u'
run: |
rm -rf /Applications/Xcode.app
ln -s /Applications/Xcode_15.0.1.app /Applications/Xcode.app
ln -s /Applications/Xcode_15.2.app /Applications/Xcode.app
- name: Build macOS
run: |
Expand All @@ -206,7 +206,7 @@ jobs:
TARGET_OS: mac
FILENAME: OpenJDK.tar.gz
JDK7_BOOT_DIR: ${{ steps.setup-java.outputs.path }}

- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
name: Collect and Archive Artifacts
with:
Expand Down Expand Up @@ -328,6 +328,19 @@ jobs:
curl -L "$env:VS2017_URL" -o "$HOME/vs2017.exe"
if: steps.vs2017.outputs.cache-hit != 'true' && matrix.version == 'jdk8u'

- name: Verify Download Of Visual Studio 2017
shell: powershell
run: |
$expected_checksum="7ED8FA27575648163E07548FF5667B55B95663A2323E2B2A5F87B16284E481E6"
$actual_checksum=(Get-FileHash -Algorithm SHA256 -Path $HOME/vs2017.exe | Select-Object -ExpandProperty Hash)
echo "Expect : $expected_checksum"
echo "Actual : $actual_checksum"
if ($expected_checksum -ne $actual_checksum) {
Write-Output "Error - Checksum Verification Failed - Exiting"
exit 1
}
if: steps.vs2017.outputs.cache-hit != 'true' && matrix.version == 'jdk8u'

- name: Install Visual Studio 2017
if: matrix.version == 'jdk8u'
run: >
Expand All @@ -343,6 +356,19 @@ jobs:
curl -L "$env:VS2019_URL" -o "$HOME/vs2019.exe"
if: steps.vs2019.outputs.cache-hit != 'true' && (matrix.version == 'jdk11u' || matrix.version == 'jdk17u')

- name: Verify Download Of Visual Studio 2019
shell: powershell
run: |
$expected_checksum="F29399A618BD3A8D1DCC96D349453F686B6176590D904308402A6402543E310B"
$actual_checksum=(Get-FileHash -Algorithm SHA256 -Path $HOME/vs2019.exe | Select-Object -ExpandProperty Hash)
echo "Expect : $expected_checksum"
echo "Actual : $actual_checksum"
if ($expected_checksum -ne $actual_checksum) {
Write-Output "Error - Checksum Verification Failed - Exiting"
exit 1
}
if: steps.vs2019.outputs.cache-hit != 'true' && (matrix.version == 'jdk11u' || matrix.version == 'jdk17u')

- name: Install Visual Studio 2019
if: matrix.version == 'jdk11u' || matrix.version == 'jdk17u'
run: >
Expand Down Expand Up @@ -409,7 +435,7 @@ jobs:
path: workspace/target/*

- name: Restore build artifacts
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}
path: ~/${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}
Expand Down
86 changes: 86 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# ********************************************************************************
# Copyright (c) 2021 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made
# available under the terms of the Apache Software License 2.0
# which is available at https://www.apache.org/licenses/LICENSE-2.0.
#
# SPDX-License-Identifier: Apache-2.0
# ********************************************************************************

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: ["master"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["master"]
schedule:
- cron: "0 0 * * 1"

permissions:
contents: read

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: ["java"]
# CodeQL supports [ $supported-codeql-languages ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
with:
category: "/language:${{matrix.language}}"
3 changes: 3 additions & 0 deletions .github/workflows/comment-bot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ on:
pull_request_target:
types: [ opened ]

permissions:
contents: read

jobs:
comment:
permissions:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ on:
issues:
issue_comment:

permissions:
contents: read

jobs:
label:
permissions:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/signsbom.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

permissions:
contents: read

jobs:
test_sbom_sign:
name: sign_sbom
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/testsbom.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

permissions:
contents: read

jobs:
test_sbom_gen:
name: gen_sbom
Expand Down
1 change: 1 addition & 0 deletions .licenserc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,6 @@ header:
- 'sbin/*.template'
- '.github/linters/*'
- 'cyclonedx-lib/getDependencies'
- 'cyclonedx-lib/dependency_data/**'
- 'makejdk-any-platform.1'
- 'serverTimestamp.properties'
36 changes: 33 additions & 3 deletions build-farm/platform-specific-configurations/linux.sh
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,44 @@ function locateDragonwell8BootJDK()
else
echo Dragonwell 8 requires a Dragonwell boot JDK - downloading one ...
mkdir -p "$PWD/jdk-8"
# if [ "$(uname -m)" = "x86_64" ]; then
# curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.11.12_jdk8u332-ga/Alibaba_Dragonwell_8.11.12_x64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
# elif [ "$(uname -m)" = "aarch64" ]; then
# curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.8.9_jdk8u302-ga/Alibaba_Dragonwell_8.8.9_aarch64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
# else
# echo "Unknown architecture $(uname -m) for building Dragonwell - cannot download boot JDK"
# exit 1
# fi
## Secure Dragonwell Downloads By Validating Checksums
if [ "$(uname -m)" = "x86_64" ]; then
curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.11.12_jdk8u332-ga/Alibaba_Dragonwell_8.11.12_x64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
DOWNLOAD_URL="https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.11.12_jdk8u332-ga/Alibaba_Dragonwell_8.11.12_x64_linux.tar.gz"
EXPECTED_SHA256="E03923f200dffddf9eee2aadc0c495674fe0b87cc2eece94a9a8dec84812d12bd"
elif [ "$(uname -m)" = "aarch64" ]; then
curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.8.9_jdk8u302-ga/Alibaba_Dragonwell_8.8.9_aarch64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
DOWNLOAD_URL="https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.8.9_jdk8u302-ga/Alibaba_Dragonwell_8.8.9_aarch64_linux.tar.gz"
EXPECTED_SHA256="ff0594f36d13883972ca0b302d35cca5099f10b8be54c70c091f626e4e308774"
else
echo "Unknown architecture $(uname -m) for building Dragonwell - cannot download boot JDK"
exit 1
fi
# Download the file and calculate its SHA256 checksum
TMP_FILE=$(mktemp)
curl -L "$DOWNLOAD_URL" -o "$TMP_FILE"

# Calculate the SHA256 checksum of the downloaded file
ACTUAL_SHA256=$(sha256sum "$TMP_FILE" | awk '{print $1}')

# Compare the actual and expected SHA256 checksums
if [ "$ACTUAL_SHA256" != "$EXPECTED_SHA256" ]; then
echo "Checksum verification failed for downloaded file!"
rm "$TMP_FILE"
exit 1
fi

# Extract the downloaded file
tar xpzf "$TMP_FILE" --strip-components=1 -C "$PWD/jdk-8"

# Clean up the temporary file
rm "$TMP_FILE"
export "${BOOT_JDK_VARIABLE}"="$PWD/jdk-8"
fi
}
Expand Down Expand Up @@ -333,7 +363,7 @@ if [[ "${CONFIGURE_ARGS}" =~ .*"--with-devkit=".* ]]; then
echo "Using gcc from DevKit toolchain specified in configure args"
elif [[ "${BUILD_ARGS}" =~ .*"--use-adoptium-devkit".* ]]; then
echo "Using gcc from Adoptium DevKit toolchain specified in --use-adoptium-devkit build args"
else
else
if [ "${VARIANT}" == "${BUILD_VARIANT_DRAGONWELL}" ] && [ "$JAVA_FEATURE_VERSION" -eq 11 ] && [ -r /usr/local/gcc9/ ] && [ "${ARCHITECTURE}" == "aarch64" ]; then
# GCC9 rather than 10 requested by Alibaba for now
# Ref https://github.com/adoptium/temurin-build/issues/2250#issuecomment-732958466
Expand Down
11 changes: 5 additions & 6 deletions cyclonedx-lib/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,12 @@ formulation section (mostly because the author of this added such a section
recently)

1. Check that the version of CycloneDX you are using supports the
functionality you want. If not, it will need to be updated. To do this
you need to do three steps [Sample PR](https://github.com/adoptium/temurin-build/pull/3558/files):
- Update [getDependencies](https://github.com/adoptium/temurin-build/blob/master/cyclonedx-lib/getDependencies) with the new version and SHA
functionality you want. If not, it will need to be updated. To do this
you need to do two steps:
- Update the [sha and version files](https://github.com/adoptium/temurin-build/blob/master/cyclonedx-lib/dependency_data) for each jar you plan to change.
- Ensure [build.getDependency](https://ci.adoptium.net/job/build.getDependency/) is run to pick up the new version
- Update [build.xml](https://github.com/adoptium/temurin-build/blob/master/cyclonedx-lib/build.xml) with the new SHA to allow it to be downloaded successfully during the build (This change can be made along with the getDependencies one if you co--ordinate the update appopriately
2. If the build and java code does not already have support for the CycloneDX functionality that you need the follow ([Sample PR](https://github.com/adoptium/temurin-build/blob/master/cyclonedx-lib/build.xml))
- Updates to [cyclonedx-lib/TemurinGenSBOM.java])https://github.com/adoptium/temurin-build/blob/master/sbin/common/sbom.sh) to add a new parameter, a new function to implement it, the call to that function from the `switch` functionality in the `main` function
2. If the build and java code does not already have support for the CycloneDX functionality that you need, then follow these steps ([Sample PR](https://github.com/adoptium/temurin-build/pull/3538))
- Updates to [cyclonedx-lib/TemurinGenSBOM.java](https://github.com/adoptium/temurin-build/blob/master/sbin/common/sbom.sh) to add a new parameter, a new function to implement it, the call to that function from the `switch` functionality in the `main` function
- Update [cyclonedx-lib/build.xml](https://github.com/adoptium/temurin-build/blob/master/cyclonedx-lib/build.xml) to add tests for the new functionality
- Add a new function to [sbin/common/sbom.sh](https://github.com/adoptium/temurin-build/blob/master/sbin/common/sbom.sh) to add the fields you need
- Updates to [sbin/build.sh](https://github.com/adoptium/temurin-build/blob/master/sbin/build.sh) to invoke the new function(s) in sbom.sh
Expand Down
Loading

0 comments on commit 23454cc

Please sign in to comment.