Skip to content

Commit abbf03e

Browse files
marko-bekhtamarko-bekhta
committed
HV-2032 Test strict JAXP configuration in a nightly build
1 parent 84af315 commit abbf03e

File tree

2 files changed

+58
-20
lines changed

2 files changed

+58
-20
lines changed

jenkins/nightly/Jenkinsfile

Lines changed: 55 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,11 @@
88
@Library('[email protected]') _
99

1010
def withMavenWorkspace(Closure body) {
11-
withMaven(jdk: 'OpenJDK 17 Latest', maven: 'Apache Maven 3.9',
11+
withMavenWorkspace('OpenJDK 17 Latest', body)
12+
}
13+
14+
def withMavenWorkspace(jdk, Closure body) {
15+
withMaven(jdk: jdk, maven: 'Apache Maven 3.9',
1216
mavenLocalRepo: env.WORKSPACE_TMP + '/.m2repository',
1317
options: [
1418
// Artifacts are not needed and take up disk space
@@ -33,24 +37,57 @@ pipeline {
3337
overrideIndexTriggers(false)
3438
}
3539
stages {
36-
stage('Build reproducibility check') {
37-
agent {
38-
label 'Worker&&Containers'
39-
}
40-
steps {
41-
// The timeout cannot be in stage options, because that would
42-
// include the time needed to provision a node.
43-
timeout(time: 15, unit: 'MINUTES') {
44-
withMavenWorkspace {
45-
echo "Generate the artifacts."
46-
sh "mvn clean install -Preproducibility-check"
40+
stage ('Run checks') {
41+
parallel {
42+
stage('Build reproducibility check') {
43+
agent {
44+
label 'Worker&&Containers'
45+
}
46+
steps {
47+
// The timeout cannot be in stage options, because that would
48+
// include the time needed to provision a node.
49+
timeout(time: 15, unit: 'MINUTES') {
50+
withMavenWorkspace {
51+
echo "Generate the artifacts."
52+
sh "mvn clean install -Preproducibility-check"
53+
54+
echo "Running the reproducibility check."
55+
sh """mvn clean verify \
56+
artifact:compare -Dreference.repo=hibernate-maven-central \
57+
-Preproducibility-check \
58+
--fail-at-end
59+
"""
60+
}
61+
}
62+
}
63+
}
64+
stage('Build with strict JAXP security settings') {
65+
agent {
66+
label 'Worker&&Containers'
67+
}
68+
steps {
69+
script {
70+
jdkVersion = 'OpenJDK 23 Latest'
71+
}
72+
// The timeout cannot be in stage options, because that would
73+
// include the time needed to provision a node.
74+
timeout(time: 15, unit: 'MINUTES') {
75+
withMavenWorkspace(jdkVersion, {
76+
script {
77+
compilerToolPath = tool(name: jdkVersion, type: 'jdk')
78+
jaxpStrictProperties = pwd(tmp: true) + '/jaxp-strict.properties'
79+
}
80+
81+
echo "Copy strict JAXP configuration properties."
82+
sh "cp $compilerToolPath/conf/jaxp-strict.properties.template $jaxpStrictProperties"
4783

48-
echo "Running the reproducibility check."
49-
sh """mvn clean verify \
50-
artifact:compare -Dreference.repo=hibernate-maven-central \
51-
-Preproducibility-check \
52-
--fail-at-end
53-
"""
84+
echo "Run a build with strict JAXP configuration."
85+
sh """mvn clean install \
86+
-Dsurefire.jvm.args.jaxp.strict-args="-Djava.xml.config.file=$jaxpStrictProperties" \
87+
-Djava-version.test.release=23
88+
"""
89+
})
90+
}
5491
}
5592
}
5693
}

pom.xml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -361,6 +361,7 @@
361361
<surefire.jvm.args.illegal-access></surefire.jvm.args.illegal-access>
362362
<surefire.jvm.args.add-opens></surefire.jvm.args.add-opens>
363363
<surefire.jvm.args.java-version></surefire.jvm.args.java-version>
364+
<surefire.jvm.args.jaxp.strict-args></surefire.jvm.args.jaxp.strict-args>
364365
<!--
365366
The arguments below are Shrinkwrap settings taken from
366367
https://github.com/shrinkwrap/resolver/blob/788a3c1148af3a7ebdfdaf817393273f5f5ee17b/impl-maven/src/main/java/org/jboss/shrinkwrap/resolver/impl/maven/bootstrap/MavenSettingsBuilder.java#L80
@@ -369,8 +370,8 @@
369370
<surefire.jvm.args.shrinkwrap>
370371
-Dmaven.repo.local=${settings.localRepository}
371372
</surefire.jvm.args.shrinkwrap>
372-
<surefire.jvm.args>${surefire.jvm.args.additional} ${surefire.jvm.args.add-opens} ${surefire.jvm.args.illegal-access} ${surefire.jvm.args.shrinkwrap} ${surefire.jvm.args.java-version} ${surefire.jvm.args.commandline}</surefire.jvm.args>
373-
<failsafe.jvm.args>${surefire.jvm.args.additional} ${surefire.jvm.args.add-opens} ${surefire.jvm.args.illegal-access} ${surefire.jvm.args.shrinkwrap} ${surefire.jvm.args.java-version} ${surefire.jvm.args.commandline}</failsafe.jvm.args>
373+
<surefire.jvm.args>${surefire.jvm.args.additional} ${surefire.jvm.args.add-opens} ${surefire.jvm.args.illegal-access} ${surefire.jvm.args.shrinkwrap} ${surefire.jvm.args.java-version} ${surefire.jvm.args.commandline} ${surefire.jvm.args.jaxp.strict-args}</surefire.jvm.args>
374+
<failsafe.jvm.args>${surefire.jvm.args.additional} ${surefire.jvm.args.add-opens} ${surefire.jvm.args.illegal-access} ${surefire.jvm.args.shrinkwrap} ${surefire.jvm.args.java-version} ${surefire.jvm.args.commandline} ${surefire.jvm.args.jaxp.strict-args}</failsafe.jvm.args>
374375

375376
<!--
376377
Should be set from the command line.

0 commit comments

Comments
 (0)