diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 782c510..0fe4380 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macOS-latest] + os: [ubuntu-20.04, windows-latest, macOS-latest] steps: - name: Checkout @@ -51,7 +51,7 @@ jobs: test-linux: name: Test on Linux against Coherence ${{ matrix.coherence_version }} needs: build - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 strategy: fail-fast: false matrix: @@ -104,3 +104,11 @@ jobs: # Run Tests - name: Run Tests run: dotnet test --configuration Release --no-restore + + # Capture server log for diagnosing failures + - name: Capture test logs + uses: actions/upload-artifact@v2 + if: failure() + with: + name: build-output + path: build\**\*.log diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dd18b14..28c9dec 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,56 +1,68 @@ -# Contributing to Coherence +# Contributing to this repository -Oracle welcomes contributions to this repository from anyone. +We welcome your contributions! There are multiple ways to contribute. -If you want to submit a pull request to fix a bug or enhance an existing -feature, please first open an issue and link to that issue when you -submit your pull request. +## Opening issues -If you have any questions about a possible submission, feel free to open -an issue too. +For bugs or enhancement requests, please file a GitHub issue unless it's +security related. When filing a bug remember that the better written the bug is, +the more likely it is to be fixed. If you think you've found a security +vulnerability, do not raise a GitHub issue and follow the instructions in our +[security policy](./SECURITY.md). -## Contributing to the Oracle Coherence Community Edition repository +## Contributing code -Pull requests can be made under -[The Oracle Contributor Agreement](https://www.oracle.com/technetwork/community/oca-486395.html) (OCA). +We welcome your code contributions. Before submitting code via a pull request, +you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and +your commits need to include the following line using the name and e-mail +address you used to sign the OCA: -For pull requests to be accepted, the bottom of your commit message must have -the following line using your name and e-mail address as it appears in the -OCA Signatories list. - -``` +```text Signed-off-by: Your Name ``` -This can be automatically added to pull requests by committing with: +This can be automatically added to pull requests by committing with `--sign-off` +or `-s`, e.g. -``` - git commit --signoff +```text +git commit --signoff ``` -Only pull requests from committers that can be verified as having -signed the OCA can be accepted. +Only pull requests from committers that can be verified as having signed the OCA +can be accepted. -### Pull request process +## Pull request process -1. Fork this repository +1. Ensure there is an issue created to track and discuss the fix or enhancement + you intend to submit. +1. Fork this repository. 1. Create a branch in your fork to implement the changes. We recommend using -the issue number as part of your branch name, e.g. `1234-fixes` -1. Ensure that all changes comply to project coding conventions as documented [here](DEV-GUIDELINES.md) + the issue number as part of your branch name, e.g. `1234-fixes`. +1. Ensure that any documentation is updated with the changes that are required + by your change. +1. Ensure that any samples are updated if the base image has been changed. +1. Ensure that all changes comply to project coding conventions as documented + [here](DEV-GUIDELINES.md) 1. Ensure that there is at least one test that would fail without the fix and -passes post fix -1. A full build including test execution is required for the PR + passes post fix. 1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly -what your changes are meant to do and provide simple steps on how to validate -your changes, ideally referencing the test. Ensure that you reference the issue -you created as well. We will assign the pull request to 2-3 people for review -before it is submitted internally and the PR is closed. + what your changes are meant to do and provide simple steps on how to validate + your changes. Ensure that you reference the issue you created as well. +1. We will assign the pull request to 2-3 people for review before it is submitted + internally and the PR is closed. + +## Code of conduct + +Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd +like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC]. +[OCA]: https://oca.opensource.oracle.com +[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/ diff --git a/README.md b/README.md index f04d782..fe9a396 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ @@ -53,7 +53,7 @@ distributed applications. # How to Get Coherence Community Edition -For more details on how to obtain and use Coherence, please see the Coherence CE [README](https://github.com/oracle/coherence/README.md). +For more details on how to obtain and use Coherence, please see the Coherence CE [README](https://github.com/oracle/coherence/tree/master/README.md). # Introduction to Coherence for .NET @@ -164,7 +164,7 @@ dotnet new console -name "HelloCoherence" 1. Add the following references to the HelloCoherence.csproj (provide the Coherence.Core.dll location in the ``): ``` - + Coherence.Core.dll @@ -441,3 +441,6 @@ For further details on developing Coherence for .NET applications, see the docum Interested in contributing? Please see our contribution [guidelines](CONTRIBUTING.md) for details. +# Security + +Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process diff --git a/SECURITY.md b/SECURITY.md index bf7fe05..141ed1c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,17 +1,46 @@ -# Reporting Security Vulnerabilities + -Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email. +----- +# Reporting security vulnerabilities -We ask that you do not use other channels or contact project contributors directly. +Oracle values the independent security research community and believes that +responsible disclosure of security vulnerabilities helps us ensure the security +and privacy of all our users. -Non-vulnerability related security issues such as great new ideas for security features are welcome on GitHub Issues. +Please do NOT raise a GitHub Issue to report a security vulnerability. If you +believe you have found a security vulnerability, please submit a report to +[secalert_us@oracle.com][1] preferably with a proof of concept. Please review +some additional information on [how to report security vulnerabilities to Oracle][2]. +We encourage people who contact Oracle Security to use email encryption using +[our encryption key][3]. -## Security Updates, Alerts and Bulletins +We ask that you do not use other channels or contact the project maintainers +directly. -Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update](https://www.oracle.com/security-alerts/) program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past advisories, is available on our [Security Alerts](https://www.oracle.com/security-alerts/) page. +Non-vulnerability related security issues including ideas for new or improved +security features are welcome on GitHub Issues. -## Security-Related Information +## Security updates, alerts and bulletins -We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use. +Security updates will be released on a regular cadence. Many of our projects +will typically release security fixes in conjunction with the +[Oracle Critical Patch Update][3] program. Additional +information, including past advisories, is available on our [security alerts][4] +page. + +## Security-related information + +We will provide security related information such as a threat model, considerations +for secure use, or any known security issues in our documentation. Please note +that labs and sample code are intended to demonstrate a concept and may not be +sufficiently hardened for production use. + +[1]: mailto:secalert_us@oracle.com +[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html +[3]: https://www.oracle.com/security-alerts/encryptionkey.html +[4]: https://www.oracle.com/security-alerts/ diff --git a/build_spec.yaml b/build_spec.yaml new file mode 100644 index 0000000..724bf67 --- /dev/null +++ b/build_spec.yaml @@ -0,0 +1,16 @@ +# Copyright (c) 2022, 2023, Oracle and/or its affiliates. + + version: 0.1 + component: build + timeoutInSeconds: 1000 + shell: bash + + steps: + - type: Command + name: "compress the repo" + command: | + tar -cvzf ${OCI_WORKSPACE_DIR}/repo.tgz ./ + outputArtifacts: + - name: artifact + type: BINARY + location: ${OCI_WORKSPACE_DIR}/repo.tgz diff --git a/src/Coherence.Core/Coherence.Core.csproj b/src/Coherence.Core/Coherence.Core.csproj index f07648b..45d58ea 100644 --- a/src/Coherence.Core/Coherence.Core.csproj +++ b/src/Coherence.Core/Coherence.Core.csproj @@ -20,7 +20,7 @@ - 14.1.1.10 + 14.1.1.13 $(VersionPrefix)-$(VersionSuffix) $(VersionPrefix) $(VersionPrefix) diff --git a/src/Coherence.Core/IO/Resources/ResourceLoader.cs b/src/Coherence.Core/IO/Resources/ResourceLoader.cs index b7b959f..efb7731 100644 --- a/src/Coherence.Core/IO/Resources/ResourceLoader.cs +++ b/src/Coherence.Core/IO/Resources/ResourceLoader.cs @@ -6,7 +6,6 @@ */ using System; using System.Reflection; -using System.Web; namespace Tangosol.IO.Resources { diff --git a/tests/Coherence.Core.Tests/Net/Cache/CacheTimeoutTest.cs b/tests/Coherence.Core.Tests/Net/Cache/CacheTimeoutTest.cs index 66c525c..4728798 100644 --- a/tests/Coherence.Core.Tests/Net/Cache/CacheTimeoutTest.cs +++ b/tests/Coherence.Core.Tests/Net/Cache/CacheTimeoutTest.cs @@ -41,7 +41,7 @@ public void TestShouldInterruptWithGetCache() { try { - using (ThreadTimeout t = ThreadTimeout.After(200)) + using (ThreadTimeout t = ThreadTimeout.After(100)) { INamedCache cache = GetCache("dist-timeout"); for (int i = 0; i < 1000; i++) @@ -53,16 +53,16 @@ public void TestShouldInterruptWithGetCache() Assert.Fail("CacheFactory.GetCache should be interrupted!"); } } - catch (Exception e) + catch (ThreadInterruptedException) { CacheFactory.Shutdown(); - Assert.IsTrue(e is ThreadInterruptedException); } Assert.AreEqual(ThreadTimeout.RemainingTimeoutMillis, Int32.MaxValue); try { + IConfigurableCacheFactory ccf = CacheFactory.ConfigurableCacheFactory; using (ThreadTimeout t = ThreadTimeout.After(40000)) { INamedCache cache = GetCache("dist-timeout"); diff --git a/tests/test-server/pom.xml b/tests/test-server/pom.xml index 3d4c513..3a643f3 100644 --- a/tests/test-server/pom.xml +++ b/tests/test-server/pom.xml @@ -51,6 +51,7 @@ -classpath + -Dcoherence.log=..\..\build\DefaultCacheServer.log com.tangosol.net.DefaultCacheServer