github-advanced-security[bot] commented on code in PR #3170:
URL:
https://github.com/apache/incubator-kie-tools/pull/3170#discussion_r2122211836
##########
packages/drools-and-kogito/build.js:
##########
@@ -0,0 +1,214 @@
+#!/bin/bash -el \n node
+
+const execSync = require("child_process").execSync;
+const fs = require("fs");
+const path = require("path");
+const execOpts = { stdio: "inherit" };
+const { env } = require("./env");
+const buildEnv = env;
+
+///
+
+const DIST_REPO = path.resolve("./dist/1st-party-m2/repository");
+
+if (buildEnv.droolsAndKogito.skip) {
+ console.log(`[drools-and-kogito] Skip is on. Exiting.`);
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+if (!buildEnv.versions.kogito.endsWith("-local") &&
!buildEnv.droolsAndKogito.forceBuild) {
+ console.log(`[drools-and-kogito] Detected a non-local version for Drools and
Kogito.`);
+ console.log(
+ `[drools-and-kogito] Building will not occur, as this version is expected
to be either present on the local Maven repository (E.g., ~/.m2), or published
in some publicly available Maven repository so that it can be downloaded.`
+ );
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+const buildInfo = getBuildInfo();
+
+console.log();
+
+const buildInfoMatches =
+ buildInfo?.kogitoVersion === buildEnv.versions.kogito &&
+ buildInfo?.droolsRepoGitRef === buildEnv.droolsAndKogito.repos.drools.gitRef
&&
+ buildInfo?.optaplannerRepoGitRef ===
buildEnv.droolsAndKogito.repos.optaplanner.gitRef &&
+ buildInfo?.kogitoRuntimesRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoRuntimes.gitRef &&
+ buildInfo?.kogitoAppsRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoApps.gitRef;
+
+const localM2DirExists = fs.existsSync("./dist/1st-party-m2/repository");
+const forceBuild = buildEnv.droolsAndKogito.forceBuild;
+
+console.log(`[drools-and-kogito] Local m2 exists: ${localM2DirExists}`);
+console.log(`[drools-and-kogito] Build info matches: ${buildInfoMatches}`);
+console.log(`[drools-and-kogito] Force build: ${forceBuild}`);
+
+if (localM2DirExists && buildInfoMatches && !forceBuild) {
+ console.log(`[drools-and-kogito] Nothing to do. Exiting.`);
+ process.exit(0);
+} else {
+ console.log(`[drools-and-kogito] Cleaning up 'dist' and 'dist-tmp'
directories...`);
+ fs.rmSync("./dist", { recursive: true });
+}
+
+fs.mkdirSync("./dist", { recursive: true });
+
+if (fs.existsSync("./dist-tmp")) {
+ fs.rmSync("./dist-tmp", { recursive: true });
+}
+fs.mkdirSync("./dist-tmp", { recursive: true });
+
+// cloning
+
+console.log(`[drools-and-kogito] Cloning Drools...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.drools.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/drools`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.drools.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/drools",
+});
+
+console.log(`[drools-and-kogito] Cloning OptaPlanner...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.optaplanner.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/optaplanner`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.optaplanner.gitRef)`,
{
+ ...execOpts,
+ cwd: "./dist-tmp/optaplanner",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Runtimes...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoRuntimes.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-runtimes`,
+ execOpts
+);
+execSync(`git checkout $(build-env
droolsAndKogito.repos.kogitoRuntimes.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-runtimes",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Apps...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoApps.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-apps`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.kogitoApps.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-apps",
+});
+
+// update versions
+const streamsMavenVersion =
+ buildEnv.root.streamName === "main"
+ ? `999-SNAPSHOT` //
+ : buildEnv.root.streamName.replace(".x", ".999-SNAPSHOT"); // 10.1.x
becomes 10.1.999-SNAPSHOT
+
+console.log(`[drools-and-kogito] Updating versions to
${streamsMavenVersion}...`);
+execSync(
+ `find . -name "pom.xml" -exec sed -i.bak
's/${streamsMavenVersion}/${buildEnv.versions.kogito}/g' {} \\; -exec rm {}.bak
\\;`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp",
+ }
+);
+
+// patching
+console.log(`[drools-and-kogito] Patching pom.xml files to remove Tests and
Integration Tests modules...`);
+removeMavenModule(`drools\\-test\\-coverage`);
+removeMavenModule(`.*\\-integration\\-tests`);
+removeMavenModule(`integration\\-tests`);
+removeMavenModule(`.*\\-integration\\-test`);
+removeMavenModule(`.*\\-integration\\-test\\-.*`);
+removeMavenModule(`.*\\-integrationtests`);
+removeMavenModule(`.*integration\\-tests\\-.*`);
+removeMavenModule(`.*\\-integrationtest`);
+removeMavenModule(`.*\\-it`);
+removeMavenModule(`kie\\-archetypes`);
+removeMavenModule(`apps\\-integration\\-tests`);
+
+// building
+
+console.log(`[drools-and-kogito] Building Drools...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
Review Comment:
## Shell command built from environment values
This shell command depends on an uncontrolled [absolute path](1).
[Show more
details](https://github.com/apache/incubator-kie-tools/security/code-scanning/1022)
##########
packages/drools-and-kogito/build.js:
##########
@@ -0,0 +1,214 @@
+#!/bin/bash -el \n node
+
+const execSync = require("child_process").execSync;
+const fs = require("fs");
+const path = require("path");
+const execOpts = { stdio: "inherit" };
+const { env } = require("./env");
+const buildEnv = env;
+
+///
+
+const DIST_REPO = path.resolve("./dist/1st-party-m2/repository");
+
+if (buildEnv.droolsAndKogito.skip) {
+ console.log(`[drools-and-kogito] Skip is on. Exiting.`);
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+if (!buildEnv.versions.kogito.endsWith("-local") &&
!buildEnv.droolsAndKogito.forceBuild) {
+ console.log(`[drools-and-kogito] Detected a non-local version for Drools and
Kogito.`);
+ console.log(
+ `[drools-and-kogito] Building will not occur, as this version is expected
to be either present on the local Maven repository (E.g., ~/.m2), or published
in some publicly available Maven repository so that it can be downloaded.`
+ );
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+const buildInfo = getBuildInfo();
+
+console.log();
+
+const buildInfoMatches =
+ buildInfo?.kogitoVersion === buildEnv.versions.kogito &&
+ buildInfo?.droolsRepoGitRef === buildEnv.droolsAndKogito.repos.drools.gitRef
&&
+ buildInfo?.optaplannerRepoGitRef ===
buildEnv.droolsAndKogito.repos.optaplanner.gitRef &&
+ buildInfo?.kogitoRuntimesRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoRuntimes.gitRef &&
+ buildInfo?.kogitoAppsRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoApps.gitRef;
+
+const localM2DirExists = fs.existsSync("./dist/1st-party-m2/repository");
+const forceBuild = buildEnv.droolsAndKogito.forceBuild;
+
+console.log(`[drools-and-kogito] Local m2 exists: ${localM2DirExists}`);
+console.log(`[drools-and-kogito] Build info matches: ${buildInfoMatches}`);
+console.log(`[drools-and-kogito] Force build: ${forceBuild}`);
+
+if (localM2DirExists && buildInfoMatches && !forceBuild) {
+ console.log(`[drools-and-kogito] Nothing to do. Exiting.`);
+ process.exit(0);
+} else {
+ console.log(`[drools-and-kogito] Cleaning up 'dist' and 'dist-tmp'
directories...`);
+ fs.rmSync("./dist", { recursive: true });
+}
+
+fs.mkdirSync("./dist", { recursive: true });
+
+if (fs.existsSync("./dist-tmp")) {
+ fs.rmSync("./dist-tmp", { recursive: true });
+}
+fs.mkdirSync("./dist-tmp", { recursive: true });
+
+// cloning
+
+console.log(`[drools-and-kogito] Cloning Drools...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.drools.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/drools`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.drools.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/drools",
+});
+
+console.log(`[drools-and-kogito] Cloning OptaPlanner...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.optaplanner.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/optaplanner`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.optaplanner.gitRef)`,
{
+ ...execOpts,
+ cwd: "./dist-tmp/optaplanner",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Runtimes...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoRuntimes.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-runtimes`,
+ execOpts
+);
+execSync(`git checkout $(build-env
droolsAndKogito.repos.kogitoRuntimes.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-runtimes",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Apps...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoApps.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-apps`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.kogitoApps.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-apps",
+});
+
+// update versions
+const streamsMavenVersion =
+ buildEnv.root.streamName === "main"
+ ? `999-SNAPSHOT` //
+ : buildEnv.root.streamName.replace(".x", ".999-SNAPSHOT"); // 10.1.x
becomes 10.1.999-SNAPSHOT
+
+console.log(`[drools-and-kogito] Updating versions to
${streamsMavenVersion}...`);
+execSync(
+ `find . -name "pom.xml" -exec sed -i.bak
's/${streamsMavenVersion}/${buildEnv.versions.kogito}/g' {} \\; -exec rm {}.bak
\\;`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp",
+ }
+);
+
+// patching
+console.log(`[drools-and-kogito] Patching pom.xml files to remove Tests and
Integration Tests modules...`);
+removeMavenModule(`drools\\-test\\-coverage`);
+removeMavenModule(`.*\\-integration\\-tests`);
+removeMavenModule(`integration\\-tests`);
+removeMavenModule(`.*\\-integration\\-test`);
+removeMavenModule(`.*\\-integration\\-test\\-.*`);
+removeMavenModule(`.*\\-integrationtests`);
+removeMavenModule(`.*integration\\-tests\\-.*`);
+removeMavenModule(`.*\\-integrationtest`);
+removeMavenModule(`.*\\-it`);
+removeMavenModule(`kie\\-archetypes`);
+removeMavenModule(`apps\\-integration\\-tests`);
+
+// building
+
+console.log(`[drools-and-kogito] Building Drools...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp/drools",
+ }
+);
+
+console.log(`[drools-and-kogito] Building OptaPlanner...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-Dmaven.repo.local.tail=${path.resolve("./dist/1st-party-m2/repository")}
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp/optaplanner",
+ }
+);
+
+console.log(`[drools-and-kogito] Building Kogito Runtimes...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-Dmaven.repo.local.tail=${path.resolve("./dist/1st-party-m2/repository")}
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
Review Comment:
## Shell command built from environment values
This shell command depends on an uncontrolled [absolute path](1).
This shell command depends on an uncontrolled [absolute path](2).
[Show more
details](https://github.com/apache/incubator-kie-tools/security/code-scanning/1024)
##########
packages/drools-and-kogito/build.js:
##########
@@ -0,0 +1,214 @@
+#!/bin/bash -el \n node
+
+const execSync = require("child_process").execSync;
+const fs = require("fs");
+const path = require("path");
+const execOpts = { stdio: "inherit" };
+const { env } = require("./env");
+const buildEnv = env;
+
+///
+
+const DIST_REPO = path.resolve("./dist/1st-party-m2/repository");
+
+if (buildEnv.droolsAndKogito.skip) {
+ console.log(`[drools-and-kogito] Skip is on. Exiting.`);
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+if (!buildEnv.versions.kogito.endsWith("-local") &&
!buildEnv.droolsAndKogito.forceBuild) {
+ console.log(`[drools-and-kogito] Detected a non-local version for Drools and
Kogito.`);
+ console.log(
+ `[drools-and-kogito] Building will not occur, as this version is expected
to be either present on the local Maven repository (E.g., ~/.m2), or published
in some publicly available Maven repository so that it can be downloaded.`
+ );
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+const buildInfo = getBuildInfo();
+
+console.log();
+
+const buildInfoMatches =
+ buildInfo?.kogitoVersion === buildEnv.versions.kogito &&
+ buildInfo?.droolsRepoGitRef === buildEnv.droolsAndKogito.repos.drools.gitRef
&&
+ buildInfo?.optaplannerRepoGitRef ===
buildEnv.droolsAndKogito.repos.optaplanner.gitRef &&
+ buildInfo?.kogitoRuntimesRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoRuntimes.gitRef &&
+ buildInfo?.kogitoAppsRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoApps.gitRef;
+
+const localM2DirExists = fs.existsSync("./dist/1st-party-m2/repository");
+const forceBuild = buildEnv.droolsAndKogito.forceBuild;
+
+console.log(`[drools-and-kogito] Local m2 exists: ${localM2DirExists}`);
+console.log(`[drools-and-kogito] Build info matches: ${buildInfoMatches}`);
+console.log(`[drools-and-kogito] Force build: ${forceBuild}`);
+
+if (localM2DirExists && buildInfoMatches && !forceBuild) {
+ console.log(`[drools-and-kogito] Nothing to do. Exiting.`);
+ process.exit(0);
+} else {
+ console.log(`[drools-and-kogito] Cleaning up 'dist' and 'dist-tmp'
directories...`);
+ fs.rmSync("./dist", { recursive: true });
+}
+
+fs.mkdirSync("./dist", { recursive: true });
+
+if (fs.existsSync("./dist-tmp")) {
+ fs.rmSync("./dist-tmp", { recursive: true });
+}
+fs.mkdirSync("./dist-tmp", { recursive: true });
+
+// cloning
+
+console.log(`[drools-and-kogito] Cloning Drools...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.drools.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/drools`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.drools.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/drools",
+});
+
+console.log(`[drools-and-kogito] Cloning OptaPlanner...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.optaplanner.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/optaplanner`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.optaplanner.gitRef)`,
{
+ ...execOpts,
+ cwd: "./dist-tmp/optaplanner",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Runtimes...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoRuntimes.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-runtimes`,
+ execOpts
+);
+execSync(`git checkout $(build-env
droolsAndKogito.repos.kogitoRuntimes.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-runtimes",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Apps...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoApps.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-apps`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.kogitoApps.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-apps",
+});
+
+// update versions
+const streamsMavenVersion =
+ buildEnv.root.streamName === "main"
+ ? `999-SNAPSHOT` //
+ : buildEnv.root.streamName.replace(".x", ".999-SNAPSHOT"); // 10.1.x
becomes 10.1.999-SNAPSHOT
+
+console.log(`[drools-and-kogito] Updating versions to
${streamsMavenVersion}...`);
+execSync(
+ `find . -name "pom.xml" -exec sed -i.bak
's/${streamsMavenVersion}/${buildEnv.versions.kogito}/g' {} \\; -exec rm {}.bak
\\;`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp",
+ }
+);
+
+// patching
+console.log(`[drools-and-kogito] Patching pom.xml files to remove Tests and
Integration Tests modules...`);
+removeMavenModule(`drools\\-test\\-coverage`);
+removeMavenModule(`.*\\-integration\\-tests`);
+removeMavenModule(`integration\\-tests`);
+removeMavenModule(`.*\\-integration\\-test`);
+removeMavenModule(`.*\\-integration\\-test\\-.*`);
+removeMavenModule(`.*\\-integrationtests`);
+removeMavenModule(`.*integration\\-tests\\-.*`);
+removeMavenModule(`.*\\-integrationtest`);
+removeMavenModule(`.*\\-it`);
+removeMavenModule(`kie\\-archetypes`);
+removeMavenModule(`apps\\-integration\\-tests`);
+
+// building
+
+console.log(`[drools-and-kogito] Building Drools...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp/drools",
+ }
+);
+
+console.log(`[drools-and-kogito] Building OptaPlanner...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-Dmaven.repo.local.tail=${path.resolve("./dist/1st-party-m2/repository")}
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp/optaplanner",
+ }
+);
+
+console.log(`[drools-and-kogito] Building Kogito Runtimes...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-Dmaven.repo.local.tail=${path.resolve("./dist/1st-party-m2/repository")}
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-runtimes",
+ }
+);
+
+console.log(`[drools-and-kogito] Building Kogito Apps...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-Dmaven.repo.local.tail=${path.resolve("./dist/1st-party-m2/repository")}
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}
-Dquarkus.container-image.build=false`,
Review Comment:
## Shell command built from environment values
This shell command depends on an uncontrolled [absolute path](1).
This shell command depends on an uncontrolled [absolute path](2).
[Show more
details](https://github.com/apache/incubator-kie-tools/security/code-scanning/1025)
##########
packages/drools-and-kogito/build.js:
##########
@@ -0,0 +1,214 @@
+#!/bin/bash -el \n node
+
+const execSync = require("child_process").execSync;
+const fs = require("fs");
+const path = require("path");
+const execOpts = { stdio: "inherit" };
+const { env } = require("./env");
+const buildEnv = env;
+
+///
+
+const DIST_REPO = path.resolve("./dist/1st-party-m2/repository");
+
+if (buildEnv.droolsAndKogito.skip) {
+ console.log(`[drools-and-kogito] Skip is on. Exiting.`);
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+if (!buildEnv.versions.kogito.endsWith("-local") &&
!buildEnv.droolsAndKogito.forceBuild) {
+ console.log(`[drools-and-kogito] Detected a non-local version for Drools and
Kogito.`);
+ console.log(
+ `[drools-and-kogito] Building will not occur, as this version is expected
to be either present on the local Maven repository (E.g., ~/.m2), or published
in some publicly available Maven repository so that it can be downloaded.`
+ );
+ console.log(`[drools-and-kogito] Done.`);
+ process.exit(0);
+}
+
+const buildInfo = getBuildInfo();
+
+console.log();
+
+const buildInfoMatches =
+ buildInfo?.kogitoVersion === buildEnv.versions.kogito &&
+ buildInfo?.droolsRepoGitRef === buildEnv.droolsAndKogito.repos.drools.gitRef
&&
+ buildInfo?.optaplannerRepoGitRef ===
buildEnv.droolsAndKogito.repos.optaplanner.gitRef &&
+ buildInfo?.kogitoRuntimesRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoRuntimes.gitRef &&
+ buildInfo?.kogitoAppsRepoGitRef ===
buildEnv.droolsAndKogito.repos.kogitoApps.gitRef;
+
+const localM2DirExists = fs.existsSync("./dist/1st-party-m2/repository");
+const forceBuild = buildEnv.droolsAndKogito.forceBuild;
+
+console.log(`[drools-and-kogito] Local m2 exists: ${localM2DirExists}`);
+console.log(`[drools-and-kogito] Build info matches: ${buildInfoMatches}`);
+console.log(`[drools-and-kogito] Force build: ${forceBuild}`);
+
+if (localM2DirExists && buildInfoMatches && !forceBuild) {
+ console.log(`[drools-and-kogito] Nothing to do. Exiting.`);
+ process.exit(0);
+} else {
+ console.log(`[drools-and-kogito] Cleaning up 'dist' and 'dist-tmp'
directories...`);
+ fs.rmSync("./dist", { recursive: true });
+}
+
+fs.mkdirSync("./dist", { recursive: true });
+
+if (fs.existsSync("./dist-tmp")) {
+ fs.rmSync("./dist-tmp", { recursive: true });
+}
+fs.mkdirSync("./dist-tmp", { recursive: true });
+
+// cloning
+
+console.log(`[drools-and-kogito] Cloning Drools...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.drools.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/drools`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.drools.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/drools",
+});
+
+console.log(`[drools-and-kogito] Cloning OptaPlanner...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.optaplanner.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/optaplanner`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.optaplanner.gitRef)`,
{
+ ...execOpts,
+ cwd: "./dist-tmp/optaplanner",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Runtimes...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoRuntimes.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-runtimes`,
+ execOpts
+);
+execSync(`git checkout $(build-env
droolsAndKogito.repos.kogitoRuntimes.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-runtimes",
+});
+
+console.log(`[drools-and-kogito] Cloning Kogito Apps...`);
+execSync(
+ `git clone $(build-env droolsAndKogito.repos.kogitoApps.url) --branch
$(build-env root.streamName) --depth 50 ./dist-tmp/kogito-apps`,
+ execOpts
+);
+execSync(`git checkout $(build-env droolsAndKogito.repos.kogitoApps.gitRef)`, {
+ ...execOpts,
+ cwd: "./dist-tmp/kogito-apps",
+});
+
+// update versions
+const streamsMavenVersion =
+ buildEnv.root.streamName === "main"
+ ? `999-SNAPSHOT` //
+ : buildEnv.root.streamName.replace(".x", ".999-SNAPSHOT"); // 10.1.x
becomes 10.1.999-SNAPSHOT
+
+console.log(`[drools-and-kogito] Updating versions to
${streamsMavenVersion}...`);
+execSync(
+ `find . -name "pom.xml" -exec sed -i.bak
's/${streamsMavenVersion}/${buildEnv.versions.kogito}/g' {} \\; -exec rm {}.bak
\\;`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp",
+ }
+);
+
+// patching
+console.log(`[drools-and-kogito] Patching pom.xml files to remove Tests and
Integration Tests modules...`);
+removeMavenModule(`drools\\-test\\-coverage`);
+removeMavenModule(`.*\\-integration\\-tests`);
+removeMavenModule(`integration\\-tests`);
+removeMavenModule(`.*\\-integration\\-test`);
+removeMavenModule(`.*\\-integration\\-test\\-.*`);
+removeMavenModule(`.*\\-integrationtests`);
+removeMavenModule(`.*integration\\-tests\\-.*`);
+removeMavenModule(`.*\\-integrationtest`);
+removeMavenModule(`.*\\-it`);
+removeMavenModule(`kie\\-archetypes`);
+removeMavenModule(`apps\\-integration\\-tests`);
+
+// building
+
+console.log(`[drools-and-kogito] Building Drools...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
+ {
+ ...execOpts,
+ cwd: "./dist-tmp/drools",
+ }
+);
+
+console.log(`[drools-and-kogito] Building OptaPlanner...`);
+execSync(
+ `mvn deploy -DskipTests -DskipITs -T 0.5C -Dformatter.skip
-Denforcer.skip=true -Dcheckstyle.skip=true -Dmaven.install.skip=true
-Dmaven.repo.local.tail=${path.resolve("./dist/1st-party-m2/repository")}
-DaltDeploymentRepository=snapshot-repo::default::file:${DIST_REPO}`,
Review Comment:
## Shell command built from environment values
This shell command depends on an uncontrolled [absolute path](1).
This shell command depends on an uncontrolled [absolute path](2).
[Show more
details](https://github.com/apache/incubator-kie-tools/security/code-scanning/1023)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
