bug/486_ossindex-fails-in-ci-build #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

redcatbear wants to merge 6 commits into main from bug/486_ossindex-fails-in-ci-build

.github/workflows/build.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -46,8 +46,30 @@ jobs: @@
               java-version: ${{ matrix.java }}
               cache: "maven"
               server-id: ossindex
-              server-username: OSSINDEX_USERNAME
-              server-password: OSSINDEX_TOKEN
+              server-username: ${{ secrets.OSSINDEX_USERNAME }}
+              server-password: ${{ secrets.OSSINDEX_TOKEN }}
+          # TODO: Remove this once OSSIndex CI issue is resolved
+          - name: Debug Maven settings.xml (redacted)
+            shell: bash
+            run: |
+              set -euo pipefail
+              SETTINGS="${HOME}/.m2/settings.xml"
+              if [[ ! -f "$SETTINGS" ]]; then
+                echo "No Maven settings.xml found at: $SETTINGS"
+                exit 0
+              fi
+              echo "Maven settings.xml at: $SETTINGS"
+              # Redact common sensitive tags + any <passphrase> if present
+              sed -E \
+              -e 's#(<username>)(</username>)#\1***EMPTY***\2#g; s#(<username>)[^<]+(</username>)#\1***REDACTED***\2#g' \
+              -e 's#(<password>)(</password>)#\1***EMPTY***\2#g; s#(<password>)[^<]+(</password>)#\1***REDACTED***\2#g' \
+              -e 's#(<passphrase>)(</passphrase>)#\1***EMPTY***\2#g; s#(<passphrase>)[^<]+(</passphrase>)#\1***REDACTED***\2#g' \
+              -e 's#(<token>)(</token>)#\1***EMPTY***\2#g; s#(<token>)[^<]+(</token>)#\1***REDACTED***\2#g' \
+              -e 's#(<privateKey>)(</privateKey>)#\1***EMPTY***\2#g; s#(<privateKey>)[^<]+(</privateKey>)#\1***REDACTED***\2#g' \
+              -e 's#(<secret>)(</secret>)#\1***EMPTY***\2#g; s#(<secret>)[^<]+(</secret>)#\1***REDACTED***\2#g' \
+              "$SETTINGS"
           - name: Cache SonarQube packages
             if: ${{ env.DEFAULT_OS == matrix.os && env.DEFAULT_JAVA == matrix.java }}
@@ Expand All / @@ -59,11 +81,13 @@ jobs: @@
           - name: Build with Java ${{ matrix.java }}
             run: |
+              # TODO: Remove this once OSSIndex CI issue is resolved.
+              echo "Checking whether the correct Maven settings.xml is used by examination of effective settings:"
+              mvn -q --batch-mode help:effective-settings -Doutput=effective-settings.xml
+              grep -n "<id>ossindex</id>" -n effective-settings.xml || true
               mvn --batch-mode -T 1C clean org.jacoco:jacoco-maven-plugin:prepare-agent install \
                   -Djava.version=${{ matrix.java }}
-            env:
-              OSSINDEX_USERNAME: ${{ secrets.OSSINDEX_USERNAME }}
-              OSSINDEX_TOKEN: ${{ secrets.OSSINDEX_TOKEN }}
           - name: Sonar analysis
             if: ${{ env.DEFAULT_OS == matrix.os && env.DEFAULT_JAVA == matrix.java && env.SONAR_TOKEN != null }}
@@ Expand Down @@

doc/changes/changes.md

-Original file line number
+Diff line change
@@ -1,5 +1,6 @@
     # Changes
+    * [4.2.3](changes_4.2.3.md)
     * [4.2.2](changes_4.2.2.md)
     * [4.2.1](changes_4.2.1.md)
     * [4.2.0](changes_4.2.0.md)
@@ Expand Down @@

doc/changes/changes_4.2.3.md

-Original file line number
+Diff line change
@@ -0,0 +1,11 @@
+    # OpenFastTrace 4.2.3, released 2025-02-??
+    Code name: OSSIndex in CI
+    ## Summary
+    In this release we fixed the OSSIndex vulnerability scanner authentication in our CI.
+    ## Bugfixes
+    * #486: Fixed OSSIndex authentication in CI

parent/pom.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -10,7 +10,7 @@ @@
         <description>Free requirement tracking suite</description>
         <url>https://github.com/itsallcode/openfasttrace</url>
         <properties>
-            <revision>4.2.2</revision>
+            <revision>4.2.3</revision>
             <java.version>17</java.version>
             <junit.version>6.1.0-M1</junit.version>
             <junit.version>6.0.2</junit.version>
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bug/486_ossindex-fails-in-ci-build #487

Uh oh!

Diff view

Diff view

There are no files selected for viewing

kaklakariada Feb 5, 2026

Uh oh!

Uh oh!

bug/486_ossindex-fails-in-ci-build #487

Are you sure you want to change the base?

Uh oh!

bug/486_ossindex-fails-in-ci-build #487

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

kaklakariada Feb 5, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!