From 0c7c298b2a6c1226b74f6f83b9cb334b7af6a8c0 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 30 Mar 2026 18:35:04 -0500 Subject: [PATCH 1/7] Extend start-proxy.yml to test multiple registry support --- pr-checks/checks/start-proxy.yml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/pr-checks/checks/start-proxy.yml b/pr-checks/checks/start-proxy.yml index acd6417fbb..7c3c5b62e6 100644 --- a/pr-checks/checks/start-proxy.yml +++ b/pr-checks/checks/start-proxy.yml @@ -16,7 +16,17 @@ steps: id: proxy uses: ./../action/start-proxy with: - registry_secrets: '[{ "type": "nuget_feed", "url": "https://api.nuget.org/v3/index.json" }]' + registry_secrets: | + [ + { + "type": "maven-repository", + "url": "https://acme.jfrog.io/artifactory/my-maven-registry" + }, + { + "type": "maven-repository", + "url": "https://repo1.maven.org/maven2" + } + ] - name: Print proxy outputs run: | @@ -27,3 +37,15 @@ steps: - name: Fail if proxy outputs are not set if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port) || (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls) run: exit 1 + + - name: Validate proxy_urls contains expected registries + env: + PROXY_URLS: ${{ steps.proxy.outputs.proxy_urls }} + run: | + jq --null-input --exit-status ' + env.PROXY_URLS + | fromjson + | length == 2 and + any(.[]; .type=="maven-repository" and .url=="https://acme.jfrog.io/artifactory/my-maven-registry") and + any(.[]; .type=="maven-repository" and .url=="https://repo1.maven.org/maven2") + ' From 9fd9b64766ed7f9f13806972ca04c0aa26486e7b Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 30 Mar 2026 22:47:06 -0500 Subject: [PATCH 2/7] Replace `jq` with Actions expression for proxy_urls validation For the sake of consistency with the other pre-existing validation code. --- pr-checks/checks/start-proxy.yml | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/pr-checks/checks/start-proxy.yml b/pr-checks/checks/start-proxy.yml index 7c3c5b62e6..ef0ccea7bd 100644 --- a/pr-checks/checks/start-proxy.yml +++ b/pr-checks/checks/start-proxy.yml @@ -39,13 +39,8 @@ steps: run: exit 1 - name: Validate proxy_urls contains expected registries - env: - PROXY_URLS: ${{ steps.proxy.outputs.proxy_urls }} - run: | - jq --null-input --exit-status ' - env.PROXY_URLS - | fromjson - | length == 2 and - any(.[]; .type=="maven-repository" and .url=="https://acme.jfrog.io/artifactory/my-maven-registry") and - any(.[]; .type=="maven-repository" and .url=="https://repo1.maven.org/maven2") - ' + if: | + join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven-repository,maven-repository' + || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://acme.jfrog.io/artifactory/my-maven-registry') + || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') + run: exit 1 From 99b8dd4d5763d887fdf4f3550306d03a1de0868d Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 31 Mar 2026 09:32:42 -0500 Subject: [PATCH 3/7] Run `pr-checks/sync.sh` to generate __start-proxy.yml. --- .github/workflows/__start-proxy.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index e1a0f833e0..d954225f66 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -71,7 +71,17 @@ jobs: id: proxy uses: ./../action/start-proxy with: - registry_secrets: '[{ "type": "nuget_feed", "url": "https://api.nuget.org/v3/index.json" }]' + registry_secrets: | + [ + { + "type": "maven-repository", + "url": "https://acme.jfrog.io/artifactory/my-maven-registry" + }, + { + "type": "maven-repository", + "url": "https://repo1.maven.org/maven2" + } + ] - name: Print proxy outputs run: | @@ -82,5 +92,12 @@ jobs: - name: Fail if proxy outputs are not set if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port) || (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls) run: exit 1 + + - name: Validate proxy_urls contains expected registries + if: | + join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven-repository,maven-repository' + || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://acme.jfrog.io/artifactory/my-maven-registry') + || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') + run: exit 1 env: CODEQL_ACTION_TEST_MODE: true From 8b5e60477ca43ab05e54c7f7290e85a1c442593f Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 31 Mar 2026 11:36:17 -0500 Subject: [PATCH 4/7] Use `maven_repository`, not `maven-repository` The registry/language mapping table does not map the one with hyphens. --- .github/workflows/__start-proxy.yml | 6 +++--- pr-checks/checks/start-proxy.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index d954225f66..18741fb901 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -74,11 +74,11 @@ jobs: registry_secrets: | [ { - "type": "maven-repository", + "type": "maven_repository", "url": "https://acme.jfrog.io/artifactory/my-maven-registry" }, { - "type": "maven-repository", + "type": "maven_repository", "url": "https://repo1.maven.org/maven2" } ] @@ -95,7 +95,7 @@ jobs: - name: Validate proxy_urls contains expected registries if: | - join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven-repository,maven-repository' + join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://acme.jfrog.io/artifactory/my-maven-registry') || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') run: exit 1 diff --git a/pr-checks/checks/start-proxy.yml b/pr-checks/checks/start-proxy.yml index ef0ccea7bd..042139790c 100644 --- a/pr-checks/checks/start-proxy.yml +++ b/pr-checks/checks/start-proxy.yml @@ -19,11 +19,11 @@ steps: registry_secrets: | [ { - "type": "maven-repository", + "type": "maven_repository", "url": "https://acme.jfrog.io/artifactory/my-maven-registry" }, { - "type": "maven-repository", + "type": "maven_repository", "url": "https://repo1.maven.org/maven2" } ] @@ -40,7 +40,7 @@ steps: - name: Validate proxy_urls contains expected registries if: | - join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven-repository,maven-repository' + join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://acme.jfrog.io/artifactory/my-maven-registry') || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') run: exit 1 From faf45e07f9093dceca6e067637ae242932187e38 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 31 Mar 2026 12:44:43 -0500 Subject: [PATCH 5/7] Use different maven URL for start-proxy.yml test --- .github/workflows/__start-proxy.yml | 4 ++-- pr-checks/checks/start-proxy.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 18741fb901..390002a6df 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -75,7 +75,7 @@ jobs: [ { "type": "maven_repository", - "url": "https://acme.jfrog.io/artifactory/my-maven-registry" + "url": "https://repo.maven.apache.org/maven2/" }, { "type": "maven_repository", @@ -96,7 +96,7 @@ jobs: - name: Validate proxy_urls contains expected registries if: | join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' - || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://acme.jfrog.io/artifactory/my-maven-registry') + || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo.maven.apache.org/maven2/') || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') run: exit 1 env: diff --git a/pr-checks/checks/start-proxy.yml b/pr-checks/checks/start-proxy.yml index 042139790c..fddbb67835 100644 --- a/pr-checks/checks/start-proxy.yml +++ b/pr-checks/checks/start-proxy.yml @@ -20,7 +20,7 @@ steps: [ { "type": "maven_repository", - "url": "https://acme.jfrog.io/artifactory/my-maven-registry" + "url": "https://repo.maven.apache.org/maven2/" }, { "type": "maven_repository", @@ -41,6 +41,6 @@ steps: - name: Validate proxy_urls contains expected registries if: | join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' - || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://acme.jfrog.io/artifactory/my-maven-registry') + || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo.maven.apache.org/maven2/') || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') run: exit 1 From 7b0c5b166931b1f8fc8caaa0b47ee16388c16e23 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 31 Mar 2026 12:49:07 -0500 Subject: [PATCH 6/7] Keep validation steps named consistently --- .github/workflows/__start-proxy.yml | 2 +- pr-checks/checks/start-proxy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 390002a6df..19ba338edb 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -93,7 +93,7 @@ jobs: if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port) || (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls) run: exit 1 - - name: Validate proxy_urls contains expected registries + - name: Fail if proxy_urls does not contain all registries if: | join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo.maven.apache.org/maven2/') diff --git a/pr-checks/checks/start-proxy.yml b/pr-checks/checks/start-proxy.yml index fddbb67835..d50ef6b9cf 100644 --- a/pr-checks/checks/start-proxy.yml +++ b/pr-checks/checks/start-proxy.yml @@ -38,7 +38,7 @@ steps: if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port) || (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls) run: exit 1 - - name: Validate proxy_urls contains expected registries + - name: Fail if proxy_urls does not contain all registries if: | join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo.maven.apache.org/maven2/') From e2203c62cf635d17ee226cf2ad2aacc56b5c25fc Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 31 Mar 2026 13:19:33 -0500 Subject: [PATCH 7/7] Delete `fromJSON()` calls in test validation step --- .github/workflows/__start-proxy.yml | 4 ++-- pr-checks/checks/start-proxy.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 19ba338edb..70ec13c96b 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -96,8 +96,8 @@ jobs: - name: Fail if proxy_urls does not contain all registries if: | join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' - || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo.maven.apache.org/maven2/') - || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') + || !contains(steps.proxy.outputs.proxy_urls, 'https://repo.maven.apache.org/maven2/') + || !contains(steps.proxy.outputs.proxy_urls, 'https://repo1.maven.org/maven2') run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/start-proxy.yml b/pr-checks/checks/start-proxy.yml index d50ef6b9cf..a4bf794873 100644 --- a/pr-checks/checks/start-proxy.yml +++ b/pr-checks/checks/start-proxy.yml @@ -41,6 +41,6 @@ steps: - name: Fail if proxy_urls does not contain all registries if: | join(fromJSON(steps.proxy.outputs.proxy_urls)[*].type, ',') != 'maven_repository,maven_repository' - || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo.maven.apache.org/maven2/') - || !contains(fromJSON(steps.proxy.outputs.proxy_urls)[*].url, 'https://repo1.maven.org/maven2') + || !contains(steps.proxy.outputs.proxy_urls, 'https://repo.maven.apache.org/maven2/') + || !contains(steps.proxy.outputs.proxy_urls, 'https://repo1.maven.org/maven2') run: exit 1