Skip to content

HBASE-30263 Exclude transitive netty-resolver-dns to mitigate CVEs #2023

HBASE-30263 Exclude transitive netty-resolver-dns to mitigate CVEs

HBASE-30263 Exclude transitive netty-resolver-dns to mitigate CVEs #2023

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# yamllint disable rule:line-length
---
name: Yetus JDK17 Hadoop3 Unit Check
"on":
pull_request:
types: [opened, synchronize, reopened, labeled, unlabeled]
permissions:
contents: read
statuses: write
jobs:
jdk17-hadoop3-unit-check:
runs-on: ubuntu-latest
timeout-minutes: 360
strategy:
fail-fast: false
matrix:
include:
- name: "small"
test_profile: "runSmallTests"
- name: "medium"
test_profile: "runMediumTests"
# Large tests split alphabetically by class name (after "Test" prefix)
# Wave 1: Test[A-H]*, Wave 2: Test[I-R]*, Wave 3: Test[S-Z]*
- name: "large-wave-1"
test_profile: "runLargeTests-wave1"
- name: "large-wave-2"
test_profile: "runLargeTests-wave2"
- name: "large-wave-3"
test_profile: "runLargeTests-wave3"
name: ${{ matrix.name }}
env:
YETUS_VERSION: '0.15.0'
steps:
- name: Checkout HBase
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
path: src
fetch-depth: 0
persist-credentials: false
- name: Set up JDK 17
uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
java-version: '17'
distribution: 'temurin'
- name: Maven cache
uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
with:
path: ~/.m2
key: hbase-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: |
hbase-m2-
- name: Download Yetus (pinned release)
if: ${{ !contains(github.event.pull_request.labels.*.name, 'test-yetus-prerelease') }}
run: |
mkdir -p yetus
cd yetus
bash "${{ github.workspace }}/src/dev-support/jenkins-scripts/cache-apache-project-artifact.sh" \
--keys 'https://downloads.apache.org/yetus/KEYS' \
--verify-tar-gz \
./apache-yetus-${{ env.YETUS_VERSION }}-bin.tar.gz \
yetus/${{ env.YETUS_VERSION }}/apache-yetus-${{ env.YETUS_VERSION }}-bin.tar.gz
tar --strip-components=1 -xzf apache-yetus-${{ env.YETUS_VERSION }}-bin.tar.gz
rm apache-yetus-${{ env.YETUS_VERSION }}-bin.tar.gz
- name: Set up JDK 21 (prerelease, build-only)
if: ${{ contains(github.event.pull_request.labels.*.name, 'test-yetus-prerelease') }}
uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
java-version: '21'
distribution: 'temurin'
- name: Checkout apache/yetus@HEAD (prerelease)
if: ${{ contains(github.event.pull_request.labels.*.name, 'test-yetus-prerelease') }}
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
repository: apache/yetus
path: yetus-src
persist-credentials: false
- name: Build Yetus from source (prerelease)
if: ${{ contains(github.event.pull_request.labels.*.name, 'test-yetus-prerelease') }}
run: |
set -euo pipefail
YETUS_SHA="$(git -C yetus-src rev-parse HEAD)"
{
echo "## Yetus prerelease build"
echo ""
echo "- Source: \`apache/yetus@${YETUS_SHA}\`"
echo "- Triggered by \`test-yetus-prerelease\` label on this PR"
} >> "${GITHUB_STEP_SUMMARY}"
(cd yetus-src && mvn -B -DskipTests install)
mkdir -p yetus
tar --strip-components=1 \
-xzf yetus-src/yetus-dist/target/artifacts/apache-yetus-*-bin.tar.gz \
-C yetus
- name: Run Yetus JDK17 Hadoop3 Unit Check
env:
ARCHIVE_PATTERN_LIST: "TEST-*.xml,org.apache.h*.txt,*.dumpstream,*.dump"
DOCKERFILE: "${{ github.workspace }}/src/dev-support/docker/Dockerfile"
GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
GITHUB_USER: ${{ github.actor }}
PATCHDIR: "${{ github.workspace }}/yetus-jdk17-hadoop3-unit-check/output"
PLUGINS: "github,htmlout,maven,unit"
SET_JAVA_HOME: "/usr/lib/jvm/java-17"
SOURCEDIR: "${{ github.workspace }}/src"
YETUSDIR: "${{ github.workspace }}/yetus"
AUTHOR_IGNORE_LIST: "hbase-website/app/pages/_docs/docs/_mdx/(multi-page)/building-and-developing/developer-guidelines.mdx,hbase-website/public/book.html"
BLANKS_EOL_IGNORE_FILE: "dev-support/blanks-eol-ignore.txt"
BLANKS_TABS_IGNORE_FILE: "dev-support/blanks-tabs-ignore.txt"
EXCLUDE_TESTS_URL: "https://ci-hbase.apache.org/job/HBase-Find-Flaky-Tests/job/${{ github.base_ref }}/lastSuccessfulBuild/artifact/output/excludes"
BUILD_THREAD: "4"
SUREFIRE_FIRST_PART_FORK_COUNT: "1.0C"
SUREFIRE_SECOND_PART_FORK_COUNT: "0.5C"
BRANCH_NAME: "${{ github.base_ref }}"
SKIP_ERRORPRONE: 'true'
DEBUG: 'true'
TEST_PROFILE: ${{ matrix.test_profile }}
run: |
cd "${{ github.workspace }}"
bash src/dev-support/jenkins_precommit_github_yetus.sh
- name: Publish Job Summary
if: always()
run: |
cd "${{ github.workspace }}"
python3 src/dev-support/yetus_console_to_md.py yetus-jdk17-hadoop3-unit-check/output >> $GITHUB_STEP_SUMMARY
- name: Publish Test Results
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: yetus-jdk17-hadoop3-unit-check-${{ matrix.name }}
path: ${{ github.workspace }}/yetus-jdk17-hadoop3-unit-check/output
retention-days: 7