sofastack · huqiuxiang · Aug 22, 2024 · Aug 22, 2024 · Aug 23, 2024 · Aug 23, 2024
diff --git a/.github/workflows/cloud_code_scan.yml b/.github/workflows/cloud_code_scan.yml
@@ -1,6 +1,11 @@
 name: Alipay Cloud Devops Codescan
 on:
-  pull_request_target:
+  push:
+      branches: [ master ]
+  pull_request:
+     branches: [ master ]
+
+  #pull_request_target: 
 jobs:
   stc:   #安全扫描
     runs-on: ubuntu-latest

diff --git a/.github/workflows/fossa_scan.yml b/.github/workflows/fossa_scan.yml
@@ -0,0 +1,22 @@
+name: FOSSA Scan
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  fossa:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout Code
+      uses: actions/checkout@v3
+
+    - name: Run FOSSA Scan
+      uses: fossa-contrib/fossa-action@v1
+      with:
+        fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
+        # 可选：指定FOSSA命令行参数，例如目录、排除等
+        # args: '--exclude=**/node_modules,**/vendor'
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/sonarqube_scan.yml b/.github/workflows/sonarqube_scan.yml
@@ -0,0 +1,20 @@
+name: sonarqube scan
+on:
+  push:
+      branches: [ master ]
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up JDK 17
+      uses: actions/setup-java@v2
+      with:
+        java-version: '17'
+        distribution: 'adopt'
+
+    # 如果是Maven
+    - name: Build and analyze with Maven
+      run: mvn clean verify sonar:sonar -Dmaven.test.skip=true -Dsonar.projectKey=${{ github.event.repository.name }} -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} -Dsonar.login=${{ secrets.SONARQUBE_TOKEN }}
diff --git a/.github/workflows/soos_scan.yml b/.github/workflows/soos_scan.yml
@@ -0,0 +1,31 @@
+# This is a basic workflow to help you get started with Actions
+name: SOOS SCA SARIF Example CI
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the main branch
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+
+      # Runs a single command using the runners shell
+      - name: SOOS SCA Analysis
+        uses: soos-io/soos-sca-github-action@v2
+        with:
+          project_name: "<repository_owner>/<repository_name>" # Also you can use the var ${{ github.repository }}
+          output_format: "sarif"
+          client_id: ${{ secrets.SOOS_CLIENT_ID }}
+          api_key: ${{ secrets.SOOS_API_KEY }}
diff --git a/README.md b/README.md
@@ -54,4 +54,6 @@ Runtime requirement: JDK 8 or above.
 
 ## License
 
+##test
+
 SOFARPC is licensed under the [Apache License 2.0](https://github.com/sofastack/sofa-rpc/blob/master/LICENSE), and SOFARPC uses some third-party components, you can view their open source license here [NOTICE](https://www.sofastack.tech/sofa-rpc/docs/NOTICE?lang=en).
diff --git a/pom.xml b/pom.xml
@@ -16,6 +16,20 @@
         <url>http://www.antfin.com/</url>
     </organization>
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
     <modules>
         <!-- ALl-in-one -->
         <module>all</module>
@@ -51,6 +65,19 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+
+            <dependency>
+                <groupId>javax.xml.bind</groupId>
+                <artifactId>jaxb-api</artifactId>
+                <version>2.3.1</version>
+            </dependency>
+
+            <dependency>
+                <groupId>jakarta.annotation</groupId>
+                <artifactId>jakarta.annotation-api</artifactId>
+                <version>2.0.0</version>
+                <scope>provided</scope>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

diff --git a/registry/registry-local/pom.xml b/registry/registry-local/pom.xml
@@ -13,6 +13,10 @@
     <artifactId>sofa-rpc-registry-local</artifactId>
 
     <dependencies>
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.alipay.sofa</groupId>
             <artifactId>sofa-rpc-log</artifactId>

diff --git a/remoting/remoting-triple/pom.xml b/remoting/remoting-triple/pom.xml
@@ -16,6 +16,11 @@
             <groupId>com.alipay.sofa</groupId>
             <artifactId>sofa-rpc-log</artifactId>
         </dependency>
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>javax.annotation-api</artifactId>
+            <version>1.3.2</version>
+        </dependency>
         <dependency>
             <groupId>com.alipay.sofa</groupId>
             <artifactId>sofa-rpc-api</artifactId>

diff --git a/test_hqx b/test_hqx
@@ -0,0 +1 @@
+test
Original file line number	Diff line number	Diff line change
Expand Up		@@ -54,4 +54,6 @@ Runtime requirement: JDK 8 or above.

		## License

		##test

		SOFARPC is licensed under the [Apache License 2.0](https://github.com/sofastack/sofa-rpc/blob/master/LICENSE), and SOFARPC uses some third-party components, you can view their open source license here [NOTICE](https://www.sofastack.tech/sofa-rpc/docs/NOTICE?lang=en).