Skip to content

Commit

Permalink
Merge branch 'master' into gaction_freeze
Browse files Browse the repository at this point in the history
  • Loading branch information
karianna authored May 5, 2024
2 parents 88f53d2 + 9982cfe commit 7d92812
Show file tree
Hide file tree
Showing 21 changed files with 276 additions and 36 deletions.
14 changes: 11 additions & 3 deletions .azure-devops/build/steps/windows/before.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,17 @@ steps:
# install cygwin and build dependencies
- powershell: |
$ProgressPreference = 'SilentlyContinue';
Invoke-WebRequest -UseBasicParsing 'https://cygwin.com/setup-x86_64.exe' -OutFile '${{ parameters.dependenciesDir }}\cygwin.exe';
Start-Process -Wait -FilePath '${{ parameters.dependenciesDir }}\cygwin.exe' -ArgumentList '--packages wget,bsdtar,rsync,gnupg,git,autoconf,make,gcc-core,mingw64-x86_64-gcc-core,unzip,zip,cpio,curl,grep,perl --quiet-mode --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin/ --local-package-dir $(Agent.BuildDirectory)\cygwin_packages --root $(Agent.BuildDirectory)\cygwin64';
displayName: "[Windows Before] download and install Cygwin"
$DownloadedFile = "${{ parameters.dependenciesDir }}\cygwin.exe";
$DownloadUrl = 'https://cygwin.com/setup-x86_64.exe';
$ExpectedChecksum = 'e7815d360ab098fdd1f03f10f43f363c73a632e8866e304c72573cf1e6a0dec8';
Invoke-WebRequest -UseBasicParsing -Uri $DownloadUrl -OutFile $DownloadedFile;
# Calculate SHA256 checksum of the downloaded file
$DownloadedChecksum = (Get-FileHash -Path $DownloadedFile -Algorithm SHA256).Hash;
# Compare calculated checksum with the expected checksum
if ($DownloadedChecksum -eq $ExpectedChecksum) {
Start-Process -Wait -FilePath $DownloadedFile -ArgumentList '--packages wget,bsdtar,rsync,gnupg,git,autoconf,make,gcc-core,mingw64-x86_64-gcc-core,unzip,zip,cpio,curl,grep,perl --quiet-mode --download --local-install --delete-orphans --site
# add cygwin bin to PATH
- script: |
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/build-autotriage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ on:
env:
TRIAGE_SCRIPT: "tooling/build_autotriage/build_autotriage.sh"

permissions:
contents: read

jobs:
autotriage:
permissions:
Expand Down
32 changes: 29 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ jobs:
rm /usr/local/bin/python3-config || true
rm /usr/local/bin/python3.11-config || true
rm /usr/local/bin/python3.12-config || true
- name: Install Dependencies
run: |
brew install automake bash binutils freetype gnu-sed nasm
Expand All @@ -173,7 +173,7 @@ jobs:
java-version: 7
distribution: 'zulu'
if: matrix.version.name == 'jdk8u'

- name: Select correct Xcode (JDK8)
if: matrix.version.name == 'jdk8u'
run: |
Expand Down Expand Up @@ -206,7 +206,7 @@ jobs:
TARGET_OS: mac
FILENAME: OpenJDK.tar.gz
JDK7_BOOT_DIR: ${{ steps.setup-java.outputs.path }}

- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
name: Collect and Archive Artifacts
with:
Expand Down Expand Up @@ -328,6 +328,19 @@ jobs:
curl -L "$env:VS2017_URL" -o "$HOME/vs2017.exe"
if: steps.vs2017.outputs.cache-hit != 'true' && matrix.version == 'jdk8u'

- name: Verify Download Of Visual Studio 2017
shell: powershell
run: |
$expected_checksum="7ED8FA27575648163E07548FF5667B55B95663A2323E2B2A5F87B16284E481E6"
$actual_checksum=(Get-FileHash -Algorithm SHA256 -Path $HOME/vs2017.exe | Select-Object -ExpandProperty Hash)
echo "Expect : $expected_checksum"
echo "Actual : $actual_checksum"
if ($expected_checksum -ne $actual_checksum) {
Write-Output "Error - Checksum Verification Failed - Exiting"
exit 1
}
if: steps.vs2017.outputs.cache-hit != 'true' && matrix.version == 'jdk8u'

- name: Install Visual Studio 2017
if: matrix.version == 'jdk8u'
run: >
Expand All @@ -343,6 +356,19 @@ jobs:
curl -L "$env:VS2019_URL" -o "$HOME/vs2019.exe"
if: steps.vs2019.outputs.cache-hit != 'true' && (matrix.version == 'jdk11u' || matrix.version == 'jdk17u')

- name: Verify Download Of Visual Studio 2019
shell: powershell
run: |
$expected_checksum="F29399A618BD3A8D1DCC96D349453F686B6176590D904308402A6402543E310B"
$actual_checksum=(Get-FileHash -Algorithm SHA256 -Path $HOME/vs2019.exe | Select-Object -ExpandProperty Hash)
echo "Expect : $expected_checksum"
echo "Actual : $actual_checksum"
if ($expected_checksum -ne $actual_checksum) {
Write-Output "Error - Checksum Verification Failed - Exiting"
exit 1
}
if: steps.vs2019.outputs.cache-hit != 'true' && (matrix.version == 'jdk11u' || matrix.version == 'jdk17u')

- name: Install Visual Studio 2019
if: matrix.version == 'jdk11u' || matrix.version == 'jdk17u'
run: >
Expand Down
86 changes: 86 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# ********************************************************************************
# Copyright (c) 2021 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made
# available under the terms of the Apache Software License 2.0
# which is available at https://www.apache.org/licenses/LICENSE-2.0.
#
# SPDX-License-Identifier: Apache-2.0
# ********************************************************************************

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: ["master"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["master"]
schedule:
- cron: "0 0 * * 1"

permissions:
contents: read

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: ["java"]
# CodeQL supports [ $supported-codeql-languages ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
category: "/language:${{matrix.language}}"
3 changes: 3 additions & 0 deletions .github/workflows/comment-bot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ on:
pull_request_target:
types: [ opened ]

permissions:
contents: read

jobs:
comment:
permissions:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ on:
issues:
issue_comment:

permissions:
contents: read

jobs:
label:
permissions:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ossf-scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,6 @@ jobs:
name: SARIF file
path: results.sarif
retention-days: 5
- uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v2.13.4
with:
sarif_file: results.sarif
8 changes: 8 additions & 0 deletions .github/workflows/semgrep_diff.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
name: Semgrep Differential Scan
on:
pull_request:

jobs:
semgrep-diff:
uses: adoptium/.github/.github/workflows/semgrep_diff.yml@main
3 changes: 3 additions & 0 deletions .github/workflows/signsbom.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

permissions:
contents: read

jobs:
test_sbom_sign:
name: sign_sbom
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/testsbom.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

permissions:
contents: read

jobs:
test_sbom_gen:
name: gen_sbom
Expand Down
1 change: 1 addition & 0 deletions .semgrepignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

36 changes: 33 additions & 3 deletions build-farm/platform-specific-configurations/linux.sh
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,44 @@ function locateDragonwell8BootJDK()
else
echo Dragonwell 8 requires a Dragonwell boot JDK - downloading one ...
mkdir -p "$PWD/jdk-8"
# if [ "$(uname -m)" = "x86_64" ]; then
# curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.11.12_jdk8u332-ga/Alibaba_Dragonwell_8.11.12_x64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
# elif [ "$(uname -m)" = "aarch64" ]; then
# curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.8.9_jdk8u302-ga/Alibaba_Dragonwell_8.8.9_aarch64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
# else
# echo "Unknown architecture $(uname -m) for building Dragonwell - cannot download boot JDK"
# exit 1
# fi
## Secure Dragonwell Downloads By Validating Checksums
if [ "$(uname -m)" = "x86_64" ]; then
curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.11.12_jdk8u332-ga/Alibaba_Dragonwell_8.11.12_x64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
DOWNLOAD_URL="https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.11.12_jdk8u332-ga/Alibaba_Dragonwell_8.11.12_x64_linux.tar.gz"
EXPECTED_SHA256="E03923f200dffddf9eee2aadc0c495674fe0b87cc2eece94a9a8dec84812d12bd"
elif [ "$(uname -m)" = "aarch64" ]; then
curl -L "https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.8.9_jdk8u302-ga/Alibaba_Dragonwell_8.8.9_aarch64_linux.tar.gz" | tar xpzf - --strip-components=1 -C "$PWD/jdk-8"
DOWNLOAD_URL="https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.8.9_jdk8u302-ga/Alibaba_Dragonwell_8.8.9_aarch64_linux.tar.gz"
EXPECTED_SHA256="ff0594f36d13883972ca0b302d35cca5099f10b8be54c70c091f626e4e308774"
else
echo "Unknown architecture $(uname -m) for building Dragonwell - cannot download boot JDK"
exit 1
fi
# Download the file and calculate its SHA256 checksum
TMP_FILE=$(mktemp)
curl -L "$DOWNLOAD_URL" -o "$TMP_FILE"

# Calculate the SHA256 checksum of the downloaded file
ACTUAL_SHA256=$(sha256sum "$TMP_FILE" | awk '{print $1}')

# Compare the actual and expected SHA256 checksums
if [ "$ACTUAL_SHA256" != "$EXPECTED_SHA256" ]; then
echo "Checksum verification failed for downloaded file!"
rm "$TMP_FILE"
exit 1
fi

# Extract the downloaded file
tar xpzf "$TMP_FILE" --strip-components=1 -C "$PWD/jdk-8"

# Clean up the temporary file
rm "$TMP_FILE"
export "${BOOT_JDK_VARIABLE}"="$PWD/jdk-8"
fi
}
Expand Down Expand Up @@ -333,7 +363,7 @@ if [[ "${CONFIGURE_ARGS}" =~ .*"--with-devkit=".* ]]; then
echo "Using gcc from DevKit toolchain specified in configure args"
elif [[ "${BUILD_ARGS}" =~ .*"--use-adoptium-devkit".* ]]; then
echo "Using gcc from Adoptium DevKit toolchain specified in --use-adoptium-devkit build args"
else
else
if [ "${VARIANT}" == "${BUILD_VARIANT_DRAGONWELL}" ] && [ "$JAVA_FEATURE_VERSION" -eq 11 ] && [ -r /usr/local/gcc9/ ] && [ "${ARCHITECTURE}" == "aarch64" ]; then
# GCC9 rather than 10 requested by Alibaba for now
# Ref https://github.com/adoptium/temurin-build/issues/2250#issuecomment-732958466
Expand Down
7 changes: 7 additions & 0 deletions docker/buildDocker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,13 @@ useEclipseOpenJ9DockerFiles()
mkdir -p "$dockerfileDir"
cd "$dockerfileDir" || { echo "Dockerfile directory ($dockerfileDir) was not found"; exit 3; }
getFile https://raw.githubusercontent.com/eclipse-openj9/openj9/master/buildenv/docker/mkdocker.sh mkdocker.sh
MKDOCK_SHA="a09a00c2beb9c53985b4c3ed6fb62825d90808775941ab56417bef75a575be55"
mkd_downloaded_sha=$(sha256sum mkdocker.sh | awk '{print $1}')
if [ "$mkd_downloaded_sha" != "$MKDOCK_SHA" ]; then
echo "ERROR: SHA256 checksum mismatch for mkdocker.sh"
exit 1
fi

chmod +x mkdocker.sh
# Generate an Ubuntu1804 Dockerfile using mkdocker.sh
"$dockerfileDir/mkdocker.sh" --dist=ubuntu --version=18 --print >> "$dockerfileDir/Dockerfile"
Expand Down
6 changes: 6 additions & 0 deletions makejdk-any-platform.1
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,12 @@ Build JDK (tip), defaults to https://github.com/adoptium/jdk

.SH OPTIONS
.TP
.BR \-A ", " \-\-skip-alsa
Skip downloading of alsa automatically.
If you do so, the underlying configure will detect system lib and headers.
If you wish to point to some custom build/install pass it via \fI\-C, \-\-configure-args <args>\fR
Presence of \-\-with-alsa in \-\-configure-args will also not include freshly installed alsa to build.
.TP
.BR \-b ", " \-\-branch " " \fI<branch>\fR
specify a custom branch to build from, e.g. dev.
For reference, Adoptium GitHub source repos default to the \fI<dev>\fR
Expand Down
10 changes: 9 additions & 1 deletion sbin/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -479,7 +479,6 @@ buildingTheRestOfTheConfigParameters() {

if [ "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}" == "${JDK8_CORE_VERSION}" ]; then
addConfigureArg "--with-x=" "/usr/include/X11"
addConfigureArg "--with-alsa=" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/installedalsa"
fi
}

Expand All @@ -505,6 +504,14 @@ configureDebugParameters() {
fi
}

configureAlsaLocation() {
if [[ ! "${CONFIGURE_ARGS}" =~ "--with-alsa" ]]; then
if [[ "${BUILD_CONFIG[ALSA]}" == "true" ]]; then
addConfigureArg "--with-alsa=" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/installedalsa"
fi
fi
}

configureFreetypeLocation() {
if [[ ! "${CONFIGURE_ARGS}" =~ "--with-freetype" ]]; then
if [[ "${BUILD_CONFIG[FREETYPE]}" == "true" ]]; then
Expand Down Expand Up @@ -551,6 +558,7 @@ configureCommandParameters() {
else
echo "Building up the configure command..."
buildingTheRestOfTheConfigParameters
configureAlsaLocation
fi

echo "Adjust configure for reproducible build"
Expand Down
9 changes: 6 additions & 3 deletions sbin/common/common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,12 @@ function setOpenJdkVersion() {
# The argument passed here have actually very strict format of jdk8, jdk8u..., jdk
# the build may fail later if this is not honoured.
# If your repository has a different name, you can use --version or build from dir/snapshot
local forest_name_check=0
echo "$forest_name" | grep -q -e "^jdk$" -e "^jdk[0-9]\\{1,3\\}[u]\\{0,1\\}$" || forest_name_check=$?
if [ ${forest_name_check} -ne 0 ]; then
local forest_name_check1=0
local forest_name_check2=0
# This two returns condition is there to make grep on solaris happy. -e, -q and \( and \| do not work on that platform
echo "$forest_name" | grep "^jdk[0-9]\\{1,3\\}[u]\\{0,1\\}$" >/dev/null || forest_name_check1=$?
echo "$forest_name" | grep "^jdk$" >/dev/null || forest_name_check2=$?
if [ ${forest_name_check1} -ne 0 ] && [ ${forest_name_check2} -ne 0 ]; then
echo "The mandatory repo argument has a very strict format 'jdk[0-9]{1,3}[u]{0,1}' or just plain 'jdk' for tip. '$forest_name' does not match."
echo "This can be worked around by using '--version jdkXYu'. If set (and matching) then the main argument can have any value."
exit 1
Expand Down
Loading

0 comments on commit 7d92812

Please sign in to comment.