OF-2819: Update Netty from 4.1.100 to 4.1.108 #2868
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Openfire CI | |
| env: | |
| CI: true | |
| on: [push, pull_request] | |
| jobs: | |
| build: | |
| name: Build Openfire from source | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| java: [ 11, 17 ] | |
| distribution: [ zulu ] # We could add more here: temurin, adopt, liberica, microsoft, corretto | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK ${{ matrix.java }} ${{ matrix.distribution }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ matrix.java }} | |
| distribution: ${{ matrix.distribution }} | |
| cache: maven | |
| - name: Build with Maven # We install instead of package, because we want the result in the local mvn repo | |
| run: | | |
| if [[ ${{ github.ref_name }} == 'main' ]]; then | |
| ./mvnw -B install -Pcoverage --file pom.xml | |
| else | |
| ./mvnw -B install | |
| fi | |
| - name: Upload failed test reports | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: surefire-reports_java${{ matrix.java }} | |
| path: xmppserver/target/surefire-reports | |
| - name: Upload distribution | |
| if: ${{ matrix.distribution == 'zulu' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: distribution-java${{ matrix.java }} | |
| path: distribution/target/distribution-base | |
| - name: Upload test files | |
| if: ${{ matrix.distribution == 'zulu' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-files-java${{ matrix.java }} | |
| path: | | |
| runIntegrationTests | |
| runAioxmppIntegrationTests | |
| runConnectivityIntegrationTests | |
| test.gradle | |
| - name: Upload coverage report for 'xmppserver' module | |
| if: ${{ matrix.distribution == 'zulu' && matrix.java == 11 && github.ref_name == 'main'}} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Coverage Report for 'xmppserver' module | |
| path: xmppserver/target/site/jacoco/ | |
| - name: Temporarily stash openfire artifacts from the mvn repo for later jobs | |
| if: ${{ matrix.distribution == 'zulu' && matrix.java == 11 }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mvn-repo | |
| path: ~/.m2/repository/org/igniterealtime/openfire/ | |
| retention-days: 1 | |
| aioxmpp: | |
| name: Execute aioxmpp-based CI tests | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Set JAVA_HOME to use Java 11 | |
| run: echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV | |
| - name: Download distribution artifact from build job. | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distribution-java11 | |
| path: distribution/target/distribution-base | |
| - name: Download test files from build job. | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: test-files-java11 | |
| - name: Fix file permissions | |
| run: | | |
| chmod +x distribution/target/distribution-base/bin/openfire.sh | |
| chmod +x ./runAioxmppIntegrationTests | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| check-latest: true # attempt to prevent to use 3.11.3 by enticing the runner to update (to something later) | |
| - name: Run aioxmpp tests | |
| run: ./runAioxmppIntegrationTests -d -l -h example.org -i 127.0.0.1 || ./runAioxmppIntegrationTests -d -l -h example.org -i 127.0.0.1 || ./runAioxmppIntegrationTests -d -l -h example.org -i 127.0.0.1 # Try tests a few times, in case of flakiness | |
| - name: Expose test output | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: aioxmpp test output | |
| path: aioxmpp/output | |
| - name: Expose openfire output | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: openfire logs | |
| path: distribution/target/distribution-base/logs/* | |
| check_branch: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is_publishable_branch: ${{ steps.check-branch.outputs.is_publishable_branch }} | |
| steps: | |
| - name: check branch ${{ github.ref }} is either main or a version number | |
| id: check-branch | |
| run: | | |
| if [[ ${{ github.ref }} == 'refs/heads/main' || ${{ github.ref }} =~ refs\/heads\/[0-9]+\.[0-9]+ ]]; then | |
| echo "is_publishable_branch=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "is_publishable_branch=false" >> $GITHUB_OUTPUT | |
| fi | |
| connectivity: | |
| name: Execute Connectivity CI tests | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Set JAVA_HOME to use Java 11 | |
| run: echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV | |
| - name: Download distribution artifact from build job. | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distribution-java11 | |
| path: distribution/target/distribution-base | |
| - name: Download test files from build job. | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: test-files-java11 | |
| - name: Set up Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 11 | |
| distribution: zulu | |
| - name: Fix file permissions | |
| run: | | |
| chmod +x distribution/target/distribution-base/bin/openfire.sh | |
| chmod +x ./runConnectivityIntegrationTests | |
| - name: Run connectivity tests | |
| run: ./runConnectivityIntegrationTests -d -l -i 127.0.0.1 | |
| smack: | |
| name: Execute Smack-based CI tests | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Set JAVA_HOME to use Java 11 | |
| run: echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV | |
| - name: Download distribution artifact from build job. | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distribution-java11 | |
| path: distribution/target/distribution-base | |
| - name: Download test files from build job. | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: test-files-java11 | |
| - name: Set up Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 11 | |
| distribution: zulu | |
| - name: Fix file permissions | |
| run: | | |
| chmod +x distribution/target/distribution-base/bin/openfire.sh | |
| chmod +x ./runIntegrationTests | |
| - name: Run smack tests | |
| run: ./runIntegrationTests -d -l -i 127.0.0.1 | |
| should-do-database-upgrade-tests: | |
| name: Check if database upgrade tests should be run | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| check: ${{ steps.filter.outputs.database-relevant-files }} | |
| steps: | |
| - name: Checkout Openfire | |
| uses: actions/checkout@v4 | |
| - name: Check for differences | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| database-relevant-files: | |
| - 'distribution/src/database/**' | |
| - 'build/ci/**' | |
| - '.github/workflows/continuous-integration-workflow.yml' | |
| - 'xmppserver/pom.xml' | |
| sqlserver: | |
| name: Test SQL Server Upgrades | |
| needs: [build, should-do-database-upgrade-tests] | |
| runs-on: ubuntu-latest | |
| if: ${{ needs.should-do-database-upgrade-tests.outputs.check == 'true' }} | |
| steps: | |
| - name: Checkout Openfire | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 11 Zulu | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 11 | |
| distribution: zulu | |
| cache: maven | |
| - name: Restore mvn repo artifacts from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: mvn-repo | |
| path: ~/.m2/repository/org/igniterealtime/openfire/ | |
| - name: Set environment variables | |
| run: | | |
| echo "CONNECTION_STRING=jdbc:sqlserver://localhost:1433;databaseName=openfire;applicationName=Openfire" >> $GITHUB_ENV | |
| echo "CONNECTION_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver" >> $GITHUB_ENV | |
| echo "CONNECTION_USERNAME=sa" >> $GITHUB_ENV | |
| echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV | |
| OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) | |
| echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV | |
| echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV | |
| - name: Download old Openfire database script | |
| run: | | |
| mkdir olddb | |
| curl https://raw.githubusercontent.com/igniterealtime/Openfire/v3.9.3/src/database/openfire_sqlserver.sql > $GITHUB_WORKSPACE/olddb/openfire_sqlserver.sql | |
| - name: Start database server and install database | |
| run: docker-compose -f ./build/ci/compose/mssql.yml up --detach | |
| - name: Build & run update tester | |
| run: | | |
| pushd ./build/ci/updater | |
| ./mvnw package | |
| java -jar ./target/updaterunner-1.0.0-jar-with-dependencies.jar | |
| postgres: | |
| name: Test Postgres Upgrades | |
| needs: [build, should-do-database-upgrade-tests] | |
| runs-on: ubuntu-latest | |
| if: ${{ needs.should-do-database-upgrade-tests.outputs.check == 'true' }} | |
| steps: | |
| - name: Checkout Openfire | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 11 Zulu | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 11 | |
| distribution: zulu | |
| cache: maven | |
| - name: Restore mvn repo artifacts from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: mvn-repo | |
| path: ~/.m2/repository/org/igniterealtime/openfire/ | |
| - name: Set environment variables | |
| run: | | |
| echo "CONNECTION_STRING=jdbc:postgresql://localhost:5432/openfire" >> $GITHUB_ENV | |
| echo "CONNECTION_DRIVER=org.postgresql.Driver" >> $GITHUB_ENV | |
| echo "CONNECTION_USERNAME=openfire" >> $GITHUB_ENV | |
| echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV | |
| OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) | |
| echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV | |
| echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV | |
| - name: Download old Openfire database script | |
| run: | | |
| mkdir olddb | |
| curl https://raw.githubusercontent.com/igniterealtime/Openfire/v3.9.3/src/database/openfire_postgresql.sql > $GITHUB_WORKSPACE/olddb/openfire_postgresql.sql | |
| - name: Start database server and install database | |
| run: docker-compose -f ./build/ci/compose/postgresql.yml up --detach | |
| - name: Build & run update tester | |
| run: | | |
| pushd ./build/ci/updater | |
| ./mvnw package | |
| java -jar ./target/updaterunner-1.0.0-jar-with-dependencies.jar | |
| mysql: | |
| name: Test MySQL Upgrades | |
| needs: [build, should-do-database-upgrade-tests] | |
| runs-on: ubuntu-latest | |
| if: ${{ needs.should-do-database-upgrade-tests.outputs.check == 'true' }} | |
| steps: | |
| - name: Checkout Openfire | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 11 Zulu | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 11 | |
| distribution: zulu | |
| cache: maven | |
| - name: Restore mvn repo artifacts from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: mvn-repo | |
| path: ~/.m2/repository/org/igniterealtime/openfire/ | |
| - name: Set environment variables | |
| run: | | |
| echo "CONNECTION_STRING=jdbc:mysql://localhost:3306/openfire?rewriteBatchedStatements=true&characterEncoding=UTF-8&characterSetResults=UTF-8&serverTimezone=UTC" >> $GITHUB_ENV | |
| echo "CONNECTION_DRIVER=com.mysql.cj.jdbc.Driver" >> $GITHUB_ENV | |
| echo "CONNECTION_USERNAME=root" >> $GITHUB_ENV | |
| echo "CONNECTION_PASSWORD=SecurePa55w0rd" >> $GITHUB_ENV | |
| OPENFIREVSN=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) | |
| echo "OPENFIREVSN=$OPENFIREVSN" >> $GITHUB_ENV | |
| echo "JAVA_HOME=$(echo $JAVA_HOME_11_X64)" >> $GITHUB_ENV | |
| - name: Download old Openfire database script | |
| run: | | |
| mkdir olddb | |
| curl https://raw.githubusercontent.com/igniterealtime/Openfire/v3.9.3/src/database/openfire_mysql.sql > $GITHUB_WORKSPACE/olddb/openfire_mysql.sql | |
| - name: Start database server and install database | |
| run: docker-compose -f ./build/ci/compose/mysql.yml up --detach | |
| - name: Build & run update tester | |
| run: | | |
| pushd ./build/ci/updater | |
| ./mvnw package | |
| java -jar ./target/updaterunner-1.0.0-jar-with-dependencies.jar | |
| publish-maven: | |
| name: Publish to Maven | |
| runs-on: ubuntu-latest | |
| needs: [aioxmpp, connectivity, smack, check_branch] | |
| if: ${{github.repository == 'igniterealtime/Openfire' && github.event_name == 'push' && needs.check_branch.outputs.is_publishable_branch == 'true'}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Defend against another commit quickly following the first | |
| # We want the one that's been tested, rather than the head of main | |
| ref: ${{ github.event.push.after }} | |
| - name: Set up Java for publishing | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 11 | |
| distribution: zulu | |
| cache: maven | |
| server-id: igniterealtime | |
| server-username: IGNITE_REALTIME_MAVEN_USERNAME | |
| server-password: IGNITE_REALTIME_MAVEN_PASSWORD | |
| - name: Publish | |
| run: ./mvnw -B deploy -Pci -Dmaven.test.skip=true | |
| env: | |
| IGNITE_REALTIME_MAVEN_USERNAME: ${{ secrets.IGNITE_REALTIME_MAVEN_USERNAME }} | |
| IGNITE_REALTIME_MAVEN_PASSWORD: ${{ secrets.IGNITE_REALTIME_MAVEN_PASSWORD }} | |
| can-publish-docker: | |
| # Based on https://github.com/GabLeRoux/github-actions-examples/blob/e0468ce2731b08bd8b1f7cd09d0b94c541310693/.github/workflows/secret_based_conditions.yml | |
| name: Check if Docker Hub secrets exist | |
| runs-on: ubuntu-latest | |
| needs: [build, aioxmpp, connectivity, smack] | |
| outputs: | |
| is_DOCKERHUB_SECRET_set: ${{ steps.checksecret_job.outputs.is_DOCKERHUB_SECRET_set }} | |
| steps: | |
| - name: Check whether Docker Publish should be done | |
| id: checksecret_job | |
| env: | |
| DOCKERHUB_SECRET: ${{ secrets.DOCKERHUB_TOKEN }} | |
| run: | | |
| echo "is_DOCKERHUB_SECRET_set: ${{ env.DOCKERHUB_SECRET != '' }}" | |
| echo "is_DOCKERHUB_SECRET_set=${{ env.DOCKERHUB_SECRET != '' }}" >> $GITHUB_OUTPUT | |
| publish-docker: | |
| name: Publish to Docker Hub | |
| runs-on: ubuntu-latest | |
| needs: [can-publish-docker] | |
| if: | | |
| needs.can-publish-docker.outputs.is_DOCKERHUB_SECRET_set == 'true' && | |
| github.event_name == 'push' && | |
| (contains(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main') | |
| outputs: | |
| imagedigest: ${{ steps.docker_build.outputs.digest }} | |
| steps: | |
| - name: Set up variables if we're on main | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| run: echo "SOURCE_TAG=alpha" >> $GITHUB_ENV | |
| - name: Set up variables if we're on a tag | |
| if: ${{ contains(github.ref, 'refs/tags/') }} | |
| run: echo "SOURCE_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Defend against another commit quickly following the first | |
| # We want the one that's been tested, rather than the head of main | |
| ref: ${{ github.event.push.after }} | |
| - name: Download distribution artifact from build job. | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distribution-java11 | |
| path: distribution/target/distribution-base | |
| - name: Fix file permissions | |
| run: find . -type f -name '*.sh' -exec chmod +x {} \; | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers # TODO: Validate that caches are faster than no caches | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push to Docker Hub | |
| id: docker_build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}:${{ env.SOURCE_TAG }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new | |
| - name: Move cache | |
| # Temp fix | |
| # https://github.com/docker/build-push-action/issues/252 | |
| # https://github.com/moby/buildkit/issues/1896 | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| - name: Image digest | |
| run: | | |
| echo Images published: | |
| echo ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}:${{ steps.docker_build.outputs.digest }} | |
| echo ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}:${{ env.SOURCE_TAG }} | |
| test-published-docker: | |
| name: Test tagged images published to Docker Hub | |
| runs-on: ubuntu-latest | |
| needs: [publish-docker] | |
| if: contains(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Launch & Check Openfire | |
| run: | | |
| docker run --name openfire -d -p 9090:9090 ${{ secrets.DOCKERHUB_OPENFIREIMAGE }}@${{needs.publish-docker.outputs.imagedigest}} | |
| attempt_counter=0 | |
| max_attempts=30 | |
| until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:9090); do | |
| if [ ${attempt_counter} -eq ${max_attempts} ];then | |
| echo "Max attempts reached. Openfire failed to launch." | |
| exit 1 | |
| fi | |
| printf '.' | |
| attempt_counter=$(($attempt_counter+1)) | |
| sleep 1 | |
| done | |
| echo "Openfire Admin is reachable." | |
| docker logs openfire |