Skip to content

fix(cmd-api-server): address CVE-2022-25881 #1835

fix(cmd-api-server): address CVE-2022-25881

fix(cmd-api-server): address CVE-2022-25881 #1835

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: CC-BY-4.0
name: Pre-release Test Weaver Module versions
on:
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
check_release:
outputs:
status: ${{ steps.early.outputs.status }}
runs-on: ubuntu-22.04
steps:
- uses: actions/[email protected]
- name: Ignore if not a release PR
id: early
env:
TITLE: ${{ github.event.pull_request.title }}
run : |
status="skip"
if echo ${TITLE} | grep -q "chore(release)"; then
status="continue"
fi
echo "status=$status" >> $GITHUB_OUTPUT
test_weaver_pre-release:
needs: check_release
if: needs.check_release.outputs.status == 'continue'
runs-on: ubuntu-22.04
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/[email protected]
- name: Get release verison from PR title
env:
TITLE: ${{ github.event.pull_request.title }}
run: |
# Assuming release PR follows pattern: chore(release): publish vA.B.C
# Split PR title by space, and take 3rd word
VERSION=$(echo "${TITLE}" | cut -d ' ' -f 3)
# Strip "v" from version
VERSION=$(echo $VERSION | sed -e 's/^v//')
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo $VERSION
# Gradle
- name: check weaver/common/protos-java-kt/gradle.properties
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1
working-directory: weaver/common/protos-java-kt
- name: check weaver/core/network/corda-interop-app/gradle.properties
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1
working-directory: weaver/core/network/corda-interop-app
- name: check weaver/sdks/corda/gradle.properties
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1
working-directory: weaver/sdks/corda
- name: check weaver/core/drivers/corda-driver/gradle.properties
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1
working-directory: weaver/core/drivers/corda-driver
# NodeJS
- name: check weaver/common/protos-js/package.json
run: cat package.json | grep "version" | grep $VERSION || exit 1
working-directory: weaver/common/protos-js
- name: check weaver/sdks/fabric/interoperation-node-sdk/package.json
run: cat package.json | grep "version" | grep $VERSION || exit 1
working-directory: weaver/sdks/fabric/interoperation-node-sdk
- name: check weaver/sdks/besu/node/package.json
run: cat package.json | grep "version" | grep $VERSION || exit 1
working-directory: weaver/sdks/besu/node
- name: check weaver/core/drivers/fabric-driver/package.json
run: cat package.json | grep "version" | grep $VERSION || exit 1
working-directory: weaver/core/drivers/fabric-driver
- name: check weaver/core/identity-management/iin-agent/package.json
run: cat package.json | grep "version" | grep $VERSION || exit 1
working-directory: weaver/core/identity-management/iin-agent
# Rust
- name: check weaver/common/protos-rs/pkg/Cargo.toml
run: cat Cargo.toml | grep "^version" | grep $VERSION || exit 1
working-directory: weaver/common/protos-rs/pkg
- name: check weaver/core/relay/Cargo.toml
run: cat Cargo.toml | grep "^version" | grep $VERSION || exit 1
working-directory: weaver/core/relay
# Docker
- name: check weaver/core/drivers/corda-driver/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/drivers/corda-driver
- name: check weaver/core/drivers/fabric-driver/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/drivers/fabric-driver
- name: check weaver/core/identity-management/iin-agent/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/identity-management/iin-agent
- name: check weaver/core/relay/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/relay
# GO
- name: check weaver/common/protos-go/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/common/protos-go
- name: check weaver/core/network/fabric-interop-cc/libs/utils/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/network/fabric-interop-cc/libs/utils
- name: check weaver/core/network/fabric-interop-cc/libs/assetexchange/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/network/fabric-interop-cc/libs/assetexchange
- name: check weaver/core/network/fabric-interop-cc/interfaces/asset-mgmt/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/network/fabric-interop-cc/interfaces/asset-mgmt
- name: check weaver/core/network/fabric-interop-cc/contracts/interop/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/core/network/fabric-interop-cc/contracts/interop
- name: check weaver/sdks/fabric/go-sdk/VERSION
run: cat VERSION | grep $VERSION || exit 1
working-directory: weaver/sdks/fabric/go-sdk
test_weaver_go_pre-release:
needs: check_release
if: needs.check_release.outputs.status == 'continue'
runs-on: ubuntu-22.04
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/[email protected]
- name: Get release verison from PR title
env:
TITLE: ${{ github.event.pull_request.title }}
run: |
# Assuming release PR follows pattern: chore(release): publish vA.B.C
# Split PR title by space, and take 3rd word
VERSION=$(echo "${TITLE}" | cut -d ' ' -f 3)
# Strip "v" from version
VERSION=$(echo $VERSION | sed -e 's/^v//')
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo $VERSION
- name: Update GO Checksum
run: ./go-gen-checksum.sh $VERSION
working-directory: tools
- name: Check if changes are committed
run: (git status | grep "nothing to commit, working tree clean") || (echo "go-gen-checksum not called before release commit" && exit 1)