fix(cli): Update bundled dependency versions (#78) #6

Workflow file for this run

.github/workflows/ci-cli.yaml at e2797ee

	name: CI CLI

	on:
	push:
	paths:
	- 'cli/**'
	- 'scripts/**'
	- '.github/workflows/ci-cli.yaml'
	branches:
	- main
	pull_request:
	paths:
	- 'cli/**'
	- 'scripts/**'
	- '.github/workflows/ci-cli.yaml'
	branches:
	- main
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	env:
	GO_VERSION: '1.25.x'
	GOLANGCI_LINT_VERSION: v2.7
	STIRLING_PDF_VERSION: 'v2.5.3'

	jobs:
	build-and-lint:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Fix git safe directory
	uses: ./.github/actions/cli/fix-git-safe-directory

	- name: Build and lint
	uses: ./.github/actions/cli/build-and-lint
	with:
	GO_VERSION: ${{ env.GO_VERSION }}
	GOLANGCI_LINT_VERSION: ${{ env.GOLANGCI_LINT_VERSION }}

	- name: Run all tests
	working-directory: cli
	run: \|
	go test ./... -v -count=1

	goreleaser-check:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}
	cache-dependency-path: cli/go.sum
	- uses: goreleaser/goreleaser-action@v6
	with:
	args: release --snapshot --clean
	workdir: cli
	env:
	HOMEBREW_TAP_OWNER: ${{ github.repository_owner }}

	shellcheck:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: ludeeus/action-shellcheck@master
	with:
	scandir: './scripts'

	run-on-petclinic-without-installed-java-17:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Setup OpenTaint
	uses: ./.github/actions/cli/setup-opentaint
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Set GitHub token arg
	id: github-token
	uses: ./.github/actions/cli/github-token-arg
	with:
	github-token: ${{ secrets.SEQRA_GITHUB_TOKEN }}
	owner: ${{ github.repository_owner }}
	repo: ${{ github.event.repository.name }}

	- uses: actions/checkout@v4
	with:
	repository: spring-projects/spring-petclinic
	path: project-root-java-11
	ref: a5cbb8505a1df3c348c06607933a07fc8c87c222
	fetch-depth: 0

	- name: Set up JDK 11
	uses: actions/setup-java@v4
	with:
	java-version: '11'
	distribution: 'temurin'

	- name: Run opentaint scan in native environment when user can build project but has no java 17+
	working-directory: cli
	run: \|
	./opentaint scan ${{ steps.github-token.outputs.arg }} --output report.sarif ../project-root-java-11 --verbosity debug

	run-on-petclinic:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Setup OpenTaint
	uses: ./.github/actions/cli/setup-opentaint

	- name: Set GitHub token arg
	id: github-token
	uses: ./.github/actions/cli/github-token-arg
	with:
	github-token: ${{ secrets.SEQRA_GITHUB_TOKEN }}
	owner: ${{ github.repository_owner }}
	repo: ${{ github.event.repository.name }}

	- uses: actions/checkout@v4
	with:
	repository: spring-projects/spring-petclinic
	path: project-root
	ref: 30aab0ae764ad845b5eedd76028756835fec771f
	fetch-depth: 0

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Run opentaint separate compile and scan
	working-directory: cli
	run: \|
	./opentaint compile --quiet ${{ steps.github-token.outputs.arg }} --output portable-project ../project-root --verbosity debug
	./opentaint scan --quiet ${{ steps.github-token.outputs.arg }} --output report.sarif portable-project --verbosity debug

	- name: Run opentaint scan
	working-directory: cli
	run: \|
	./opentaint scan --quiet ${{ steps.github-token.outputs.arg }} --output report.sarif ../project-root

	run-on-petclinic-windows:
	runs-on: windows-latest

	steps:
	- uses: actions/checkout@v4

	- name: Setup opentaint
	uses: ./.github/actions/cli/setup-opentaint

	- name: Set GitHub token arg
	id: github-token
	shell: pwsh
	run: \|
	$TOKEN_ARG = ""
	if ("${{ secrets.SEQRA_GITHUB_TOKEN }}") {
	$TOKEN_ARG = "--github-token ${{ secrets.SEQRA_GITHUB_TOKEN }}"
	}
	$TOKEN_ARG = "$TOKEN_ARG --owner ${{ github.repository_owner }} --repo ${{ github.event.repository.name }}"
	echo "arg=$TOKEN_ARG" >> $env:GITHUB_OUTPUT

	- uses: actions/checkout@v4
	with:
	repository: spring-projects/spring-petclinic
	path: project-root
	ref: 30aab0ae764ad845b5eedd76028756835fec771f
	fetch-depth: 0

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Run opentaint separate compile and scan
	working-directory: cli
	run: \|
	./opentaint compile --quiet ${{ steps.github-token.outputs.arg }} --output portable-project ../project-root --verbosity debug
	./opentaint scan --quiet ${{ steps.github-token.outputs.arg }} --output report.sarif portable-project --verbosity debug

	- name: Run opentaint scan
	working-directory: cli
	run: \|
	./opentaint scan --quiet ${{ steps.github-token.outputs.arg }} --output report.sarif ../project-root

	scan-stirling-pdf:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Setup opentaint
	uses: ./.github/actions/cli/setup-opentaint
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Set GitHub token arg
	id: github-token
	uses: ./.github/actions/cli/github-token-arg
	with:
	github-token: ${{ secrets.SEQRA_GITHUB_TOKEN }}
	owner: ${{ github.repository_owner }}
	repo: ${{ github.event.repository.name }}

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Download Stirling-PDF JAR
	working-directory: cli
	run: \|
	mkdir -p stirling-pdf
	curl -L -o stirling-pdf/Stirling-PDF.jar "https://github.com/Stirling-Tools/Stirling-PDF/releases/download/${STIRLING_PDF_VERSION}/Stirling-PDF.jar"

	- name: Create project model
	working-directory: cli
	run: \|
	mkdir -p stirling-pdf/src
	./opentaint project ${{ steps.github-token.outputs.arg }} --output stirling-pdf-model --source-root stirling-pdf/src --classpath stirling-pdf/Stirling-PDF.jar --package stirling.software

	- name: Run opentaint scan
	working-directory: cli
	run: \|
	./opentaint scan ${{ steps.github-token.outputs.arg }} --output stirling-pdf-report.sarif stirling-pdf-model

	test-install-sh-linux:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}
	cache-dependency-path: cli/go.sum
	- name: Build test archive
	working-directory: cli
	run: \|
	go build -o opentaint .
	tar -czf opentaint-full_linux_amd64.tar.gz opentaint
	sha256sum opentaint-full_linux_amd64.tar.gz > checksums.txt
	- name: Start file server
	working-directory: cli
	run: python3 -m http.server 8080 &
	- name: Run install.sh
	id: install-linux
	env:
	OPENTAINT_DOWNLOAD_BASE_URL: http://localhost:8080
	run: \|
	echo "OPENTAINT_BINARY_PATH=$(bash scripts/install/install.sh \| grep ^OPENTAINT_BINARY_PATH= \| cut -d= -f2)" >> $GITHUB_OUTPUT
	- name: Verify installation
	run: \|
	BINARY_PATH="${{ steps.install-linux.outputs.OPENTAINT_BINARY_PATH }}"
	if [ -z "$BINARY_PATH" ]; then BINARY_PATH="$HOME/.opentaint/install/opentaint"; fi
	"$BINARY_PATH" --version

	test-install-sh-macos:
	runs-on: macos-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}
	cache-dependency-path: cli/go.sum
	- name: Build test archive
	working-directory: cli
	run: \|
	go build -o opentaint .
	tar -czf opentaint-full_darwin_arm64.tar.gz opentaint
	shasum -a 256 opentaint-full_darwin_arm64.tar.gz > checksums.txt
	- name: Start file server
	working-directory: cli
	run: python3 -m http.server 8080 &
	- name: Run install.sh
	id: install-macos
	env:
	OPENTAINT_DOWNLOAD_BASE_URL: http://localhost:8080
	run: \|
	echo "OPENTAINT_BINARY_PATH=$(bash scripts/install/install.sh \| grep ^OPENTAINT_BINARY_PATH= \| cut -d= -f2)" >> $GITHUB_OUTPUT
	- name: Verify installation
	run: \|
	BINARY_PATH="${{ steps.install-macos.outputs.OPENTAINT_BINARY_PATH }}"
	if [ -z "$BINARY_PATH" ]; then BINARY_PATH="$HOME/.opentaint/install/opentaint"; fi
	"$BINARY_PATH" --version

	test-install-ps1:
	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}
	cache-dependency-path: cli/go.sum
	- name: Build test archive
	shell: pwsh
	working-directory: cli
	run: \|
	go build -o opentaint.exe .
	Compress-Archive -Path opentaint.exe -DestinationPath opentaint-full_windows_amd64.zip
	$hash = (Get-FileHash -Path opentaint-full_windows_amd64.zip -Algorithm SHA256).Hash.ToLower()
	"$hash opentaint-full_windows_amd64.zip" \| Out-File -FilePath checksums.txt -Encoding utf8NoBOM
	- name: Run install.ps1
	id: install-windows
	shell: pwsh
	env:
	OPENTAINT_DOWNLOAD_BASE_URL: http://127.0.0.1:8080
	run: \|
	Start-Process -NoNewWindow python -ArgumentList "-m", "http.server", "8080" -WorkingDirectory cli
	Start-Sleep -Seconds 2
	$output = pwsh -File scripts/install/install.ps1 2>&1 \| Out-String
	$output -match 'OPENTAINT_BINARY_PATH=(.+)'
	$binaryPath = $matches[1]
	Write-Host "::set-output name=OPENTAINT_BINARY_PATH::$binaryPath"
	- name: Verify installation
	shell: pwsh
	run: \|
	$binaryPath = "${{ steps.install-windows.outputs.OPENTAINT_BINARY_PATH }}"
	if ([string]::IsNullOrEmpty($binaryPath)) { $binaryPath = "$env:LOCALAPPDATA\opentaint\install\opentaint.exe" }
	& $binaryPath --version

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(cli): Update bundled dependency versions (#78) #6

Workflow file

fix(cli): Update bundled dependency versions (#78) #6

Uh oh!

Workflow file for this run