Check vulnerabilities in another job

ant-media · Jun 30, 2024 · 742ed77 · 742ed77
1 parent b629c59
commit 742ed77
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 16 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -68,30 +68,59 @@ jobs:
           echo $RELEASE_VERSION
           mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent package -Dtest=!*/integration/* -Dorg.bytedeco.javacpp.logger.debug=true org.jacoco:jacoco-maven-plugin:report sonar:sonar -Dmaven.javadoc.skip=true --quiet
       
+      - name: Show MongoDB Log, Crash Log and Servis Status on failure
+        if: failure()
+        run: |
+          if [[ -f /var/log/mongodb/mongod.log ]]; then
+            sudo cat /var/log/mongodb/mongod.log
+          fi
+          if [[ -f hs_err_pid*.log ]]; then
+            cat hs_err_pid*.log
+          else
+            echo "No hs_err_pid*.log file found"
+          fi
+          sudo service mongod status
+          sudo service redis-server status
+
+  check-dependency-vulnerabilities:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'adopt' #openjdk
+          java-version: '17'
+          cache: 'maven'
+
+      - name: Build projects
+        uses: ./.github/actions/build-projects 
+        with:
+          branch_name: ${{ github.ref_name }}
+
       - name: Check vulnerabilities
-        run: mvn org.owasp:dependency-check-maven:check -DfailOnError=false --quiet
+        run: mvn org.owasp:dependency-check-maven:check -DfailOnError=false
+
 
-      - name: Show Ant Media Server logs on failure
+      - name: Show MongoDB Log, Crash Log and Servis Status on failure
         if: failure()
         run: |
           if [[ -f /var/log/mongodb/mongod.log ]]; then
             sudo cat /var/log/mongodb/mongod.log
           fi
-          if [[ -f /usr/local/antmedia/hs_err_pid*.log ]]; then
-            cat /usr/local/antmedia/hs_err_pid*.log
-          fi
           if [[ -f hs_err_pid*.log ]]; then
             cat hs_err_pid*.log
+          else
+            echo "No hs_err_pid*.log file found"
           fi
           sudo service mongod status
-          sudo service redis-server status
+          sudo service redis-server status           
           
   run-integration-tests:
     runs-on: ubuntu-22.04
-    env:
-      GPG_TTY: ${{ secrets.GPG_TTY }}
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      SONAR_HOST_URL: https://sonarcloud.io
 
     steps:
       - name: Checkout code
@@ -167,11 +196,17 @@ jobs:
           mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent package -Dtest=*/integration/* -Dmaven.javadoc.skip=true --quiet
       
 
-      - name: Show Ant Media Server logs on failure
+      - name: Show Ant Media Server Error Log on failure
+        if: failure()
+        run: cat /usr/local/antmedia/log/antmedia-error.log
+
+      - name: Show Ant Media Server Log on failure
+        if: failure()
+        run: cat /usr/local/antmedia/log/ant-media-server.log
+
+      - name: Show MongoDB Log, Crash Log and Servis Status on failure
         if: failure()
         run: |
-          cat /usr/local/antmedia/log/ant-media-server.log
-          cat /usr/local/antmedia/log/antmedia-error.log
           if [[ -f /var/log/mongodb/mongod.log ]]; then
             sudo cat /var/log/mongodb/mongod.log
           fi
@@ -180,9 +215,11 @@ jobs:
           fi
           if [[ -f hs_err_pid*.log ]]; then
             cat hs_err_pid*.log
+          else
+            echo "No hs_err_pid*.log file found"
           fi
           sudo service mongod status
-          sudo service redis-server status  
+          sudo service redis-server status    
    
 
   deploy:   

diff --git a/pom.xml b/pom.xml
@@ -392,13 +392,13 @@
 		    <artifactId>commons-io</artifactId>
 		    <version>${commons-io}</version>
 		</dependency>
-        <!-- we just override the version of ehcache because of the vulnerability. It's dependency of red5-io -->
+        <!-- we just override the version of ehcache because of the vulnerability. It's a dependency of red5-io -->
         <dependency>
             <groupId>net.sf.ehcache</groupId>
             <version>2.10.9.2</version>
             <artifactId>ehcache</artifactId>
         </dependency>
-	   <!-- we just override the version of tika because of the vulnerability. It's dependency of red5-io -->
+	   <!-- we just override the version of tika because of the vulnerability. It's a dependency of red5-io -->
 	    <dependency>
 	        <groupId>org.apache.tika</groupId>
 	        <artifactId>tika-core</artifactId>