Build Logs

1##################################

2Clonning https://github.com/guardian/pan-domain-authentication.git into /build/repo using revision v16.0.0-PREVIEW.introduce-play-free-response-strategy.2026-01-08T1351.9e3bb0f2

3##################################

4Note: switching to 'addd30c6dd05bae0d036a46d01c9a97c25929287'.

6You are in 'detached HEAD' state. You can look around, make experimental

7changes and commit them, and you can discard any commits you make in this

8state without impacting any branches by switching back to a branch.

10If you want to create a new branch to retain commits you create, you may

11do so (now or later) by using -c with the switch command. Example:

13 git switch -c <new-branch-name>

15Or undo this operation with:

17 git switch -

19Turn off this advice by setting config variable advice.detachedHead to false

21----

22Preparing build for 3.8.0

23Scala binary version found: 3.8

24Implicitly using source version 3.8

25Scala binary version found: 3.8

26Implicitly using source version 3.8

27Would try to apply common scalacOption (best-effort, sbt/mill only):

28Append: ,REQUIRE:-source:3.8

29Remove: ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

30----

31Starting build for 3.8.0

32Execute tests: true

33sbt project found:

34No prepare script found for project guardian/pan-domain-authentication

35##################################

36Scala version: 3.8.0

37Targets: com.gu%pan-domain-auth-core com.gu%pan-domain-auth-play_2-9 com.gu%pan-domain-auth-play_3-0 com.gu%pan-domain-auth-verification

38Project projectConfig: {"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}

39##################################

40Using extra scalacOptions: ,REQUIRE:-source:3.8

41Filtering out scalacOptions: ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

42[sbt_options] declare -a sbt_options=()

43[process_args] java_version = '17'

44[copyRt] java9_rt = '/root/.sbt/1.0/java9-rt-ext-eclipse_adoptium_17_0_8/rt.jar'

45# Executing command line:

46java

47-Dfile.encoding=UTF-8

48-Dcommunitybuild.scala=3.8.0

49-Dcommunitybuild.project.dependencies.add=

50-Xmx7G

51-Xms4G

52-Xss8M

53-Dsbt.script=/root/.sdkman/candidates/sbt/current/bin/sbt

54-Dscala.ext.dirs=/root/.sbt/1.0/java9-rt-ext-eclipse_adoptium_17_0_8

55-jar

56/root/.sdkman/candidates/sbt/1.11.5/bin/sbt-launch.jar

57"setCrossScalaVersions 3.8.0"

58"++3.8.0 -v"

59"mapScalacOptions ",REQUIRE:-source:3.8,-Wconf:msg=can be rewritten automatically under:s" ",-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e""

60"set every credentials := Nil"

61"excludeLibraryDependency com.github.ghik:zerowaste_{scalaVersion} com.olegpy:better-monadic-for_3 org.polyvariant:better-tostring_{scalaVersion} org.wartremover:wartremover_{scalaVersion}"

62"removeScalacOptionsStartingWith -P:wartremover"

64moduleMappings

65"runBuild 3.8.0 """{"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}""" com.gu%pan-domain-auth-core com.gu%pan-domain-auth-play_2-9 com.gu%pan-domain-auth-play_3-0 com.gu%pan-domain-auth-verification"

67[info] [launcher] getting org.scala-sbt sbt 1.11.7 (this may take some time)...

68[info] welcome to sbt 1.11.7 (Eclipse Adoptium Java 17.0.8)

69[info] loading settings for project repo-build from akka.sbt, plugins.sbt, settings.sbt...

70[info] loading project definition from /build/repo/project

71[info] compiling 3 Scala sources to /build/repo/project/target/scala-2.12/sbt-1.0/classes ...

72[info] Non-compiled module 'compiler-bridge_2.12' for Scala 2.12.20. Compiling...

73[info] Compilation completed in 8.697s.

74[info] done compiling

75[info] loading settings for project pan-domain-auth-root from build.sbt, version.sbt...

76[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

77Execute setCrossScalaVersions: 3.8.0

78OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in panda-hmac-play_2-9/crossScalaVersions

79OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in pan-domain-auth-play_2-9/crossScalaVersions

80OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in pan-domain-auth-example/crossScalaVersions

81OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in panda-hmac-core/crossScalaVersions

82OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in panda-hmac-play_3-0/crossScalaVersions

83OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in pan-domain-auth-play_3-0/crossScalaVersions

84OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in pan-domain-auth-verification/crossScalaVersions

85OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in pan-domain-auth-core/crossScalaVersions

86OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in key-rotation/crossScalaVersions

87OpenCB::Changing crossVersion 3.3.7 -> 3.8.0 in pan-domain-auth-root/crossScalaVersions

88[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

89[info] Setting Scala version to 3.8.0 on 10 projects.

90[info] Switching Scala version on:

91[info] panda-hmac-play_2-9 (3.8.0, 2.13.18)

92[info] pan-domain-auth-example (3.8.0, 2.13.18)

93[info] panda-hmac-core (3.8.0, 2.13.18)

94[info] pan-domain-auth-verification (3.8.0, 2.13.18)

95[info] pan-domain-auth-play_2-9 (3.8.0, 2.13.18)

96[info] * pan-domain-auth-root (3.8.0)

97[info] panda-hmac-play_3-0 (3.8.0, 2.13.18)

98[info] key-rotation (3.8.0)

99[info] pan-domain-auth-core (3.8.0, 2.13.18)

100[info] pan-domain-auth-play_3-0 (3.8.0, 2.13.18)

101[info] Excluding projects:

102[info] Reapplying settings...

103[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

104Execute mapScalacOptions: ,REQUIRE:-source:3.8,-Wconf:msg=can be rewritten automatically under:s ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

105[info] Reapplying settings...

106[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

107[info] Defining Global / credentials, credentials and 8 others.

108[info] The new values will be used by allCredentials, credentials and 47 others.

109[info] Run `last` for details.

110[info] Reapplying settings...

111[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

112Execute excludeLibraryDependency: com.github.ghik:zerowaste_{scalaVersion} com.olegpy:better-monadic-for_3 org.polyvariant:better-tostring_{scalaVersion} org.wartremover:wartremover_{scalaVersion}

113[info] Reapplying settings...

114OpenCB::Failed to reapply settings in excludeLibraryDependency: Reference to undefined setting:

116 Global / allExcludeDependencies from Global / allExcludeDependencies (CommunityBuildPlugin.scala:331)

117 Did you mean pan-domain-auth-play_3-0 / allExcludeDependencies ?

118 , retry without global scopes

119[info] Reapplying settings...

120[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

121Execute removeScalacOptionsStartingWith: -P:wartremover

122[info] Reapplying settings...

123[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

124[success] Total time: 0 s, completed Jan 13, 2026, 3:49:58 PM

125Build config: {"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}

126Parsed config: Success(ProjectBuildConfig(ProjectsConfig(List(),Map()),Full,List()))

127Starting build...

128Projects: Set(pan-domain-auth-core, pan-domain-auth-play_2-9, pan-domain-auth-play_3-0, pan-domain-auth-verification)

129Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-core) (pan-domain-auth-core)... [0/4]

130OpenCB::Filter out '-feature', matches setting pattern '^-?-feature'

131OpenCB::Filter out '-deprecation', matches setting pattern '^-?-deprecation'

132Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

133[info] compiling 17 Scala sources to /build/repo/pan-domain-auth-verification/target/scala-3.8.0/classes ...

136[info] done compiling

137[info] compiling 28 Scala sources to /build/repo/pan-domain-auth-core/target/scala-3.8.0/classes ...

165[info] done compiling

166[info] compiling 2 Scala sources to /build/repo/pan-domain-auth-core/target/scala-3.8.0/test-classes ...

167[info] done compiling

168[info] PageRequestTest:

169[info] Query string parsing provides *url-decoded* values for query string params

170[info] - from a small example

171[info] - from a real OAuth callback request

172[info] PageEndpointAuthStatusHandlerTest:

173[info] authorisation

174[info] - persist new auth cookie containing additional authorised system if it's not in the cookie already

175[info] - redirect for OAuth if the user is not authenticated

176Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-play_2-9) (pan-domain-auth-play_2-9)... [1/4]

177Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

178[info] compiling 3 Scala sources to /build/repo/pan-domain-auth-play_2-9/target/scala-3.8.0/classes ...

179[info] done compiling

180[info] compiling 1 Scala source to /build/repo/pan-domain-auth-play_2-9/target/scala-3.8.0/test-classes ...

181[info] done compiling

182[info] DiscoveryDocumentTest:

183[info] Parser for Discovery Document

184[info] - should get the 3 fields we care about

185[info] General DiscoveryDocument.Cache

186[info] - should work well

187Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-play_3-0) (pan-domain-auth-play_3-0)... [2/4]

188Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

189[info] compiling 3 Scala sources to /build/repo/pan-domain-auth-play_3-0/target/scala-3.8.0/classes ...

190[info] done compiling

191[info] compiling 1 Scala source to /build/repo/pan-domain-auth-play_3-0/target/scala-3.8.0/test-classes ...

192[info] done compiling

193[info] DiscoveryDocumentTest:

194[info] Parser for Discovery Document

195[info] - should get the 3 fields we care about

196[info] General DiscoveryDocument.Cache

197[info] - should work well

198Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-verification) (pan-domain-auth-verification)... [3/4]

199Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

200[info] compiling 8 Scala sources to /build/repo/pan-domain-auth-verification/target/scala-3.8.0/test-classes ...

201[info] done compiling

202[info] KeyHashIdTest:

203[info] key hash ids

204[info] - should be stable so that we can use them as a simple text identifier for public keys

205[info] CryptoTest:

206[info] - a valid signature can be successfully verified

207[info] - an invalid signature will not be verified

208[info] - a valid signature created with the wrong key will not be verified

209SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".

210SLF4J: Defaulting to no-operation (NOP) logger implementation

211SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

212alsoAcceptedKeys: ['povb6'] (added ['povb6'], removed [])

213Active key changed from 'tudwv' to 'povb6'. alsoAcceptedKeys: ['tudwv'] (added ['tudwv'], removed ['povb6'])

214alsoAcceptedKeys: [] (added [], removed ['tudwv'])

215Active key changed from 'tudwv' to 'povb6' (FAILED transition criteria: TolerateOldKey). alsoAcceptedKeys: [] (added [], removed ['povb6'])

216Active key changed from 'tudwv' to 'povb6' (FAILED transition criteria: PreAcceptNewKey). alsoAcceptedKeys: ['tudwv'] (added ['tudwv'], removed [])

217[info] CookieUtilsTest:

218[info] generateCookieData

219[info] - generates a base64-encoded 'data.signature' cookie value

220[info] parseCookieData

221[info] - can extract an authenticatedUser from real cookie data

222[info] - fails to extract invalid data with a SignatureNotValid

225[info] - serialize/deserialize preserves data

226[info] CryptoConfTest:

227[info] loading crypto configuration

228[info] - follow a safe set of transition steps

229[info] - have transitions that are reported as safe

230[info] - report a bad transition if the old active key is not still tolerated

231[info] - report a bad transition if the new active key wasn't already accepted by the old config

232[info] CryptoConf.SettingsReader

233[info] - returns an error if the key looks invalid

234[info] - returns the key if it is valid

235[info] CryptoConf.SettingsReader activePublicKey

236[info] - will get a public key from a valid settings map

237[info] - will reject a key that is not correctly formatted

238[info] - will fail if the key is not present in the settings

239[info] CookiePayloadTest:

240[info] CookiePayload

241[info] - round-trip from payload text to CookiePayload if matching public-private keys are used

242[info] - not return payload text if a rogue key was used

243[info] - reject cookie text that does not contain a .

244[info] - reject cookie text that does not contain valid BASE64 text

245[info] - round-trip from correctly-formatted cookie-text to CookiePayload instance and back again

246[info] PublicSettingsTest:

247[info] extractSettings

248[info] - extracts properties from a valid body

249[info] PanDomainTest:

250[info] authStatus

251[info] - returns `Authenticated` for valid cookie data that passes the validation check

252[info] - gives back the provided auth user if successful

253[info] - returns `InvalidCookie` if the cookie is not valid

254[info] - returns `InvalidCookie` if the cookie fails its signature check

255[info] - returns `Expired` if the cookie has expired and is outside the default grace period

256[info] - returns `Expired` if the cookie has expired and is outside a custom grace period

257[info] - returns `GracePeriod` if the cookie has expired but is within the default grace period

258[info] - returns `GracePeriod` if the cookie has expired but is within a custom grace period

259[info] - returns `Expired` if cookie has not expired, but forceExpiry is set

260[info] - returns `Expired` if cookie is in the grace period, but forceExpiry is set

261[info] - returns `NotAuthorized` if the cookie does not pass the verification check

262[info] correctly handles the verification check

263[info] without cache validation,

264[info] - returns `NotAuthorized` if the user fails the validation check

265[info] - returns `Authenticated` if the user passes the validation check

266[info] when validation is cached

267[info] - returns `NotAuthorized` if the user is not authorized in this system

268[info] - returns Authenticated if the user was authenticated in this system, even if they would fail the validation check

269[info] - does not call the validateUser function if caching is enabled

270[info] guardianValidation

271[info] - returns true for a multi-factor user with a Guardian email address

272[info] - returns false for a multi-factor user without a guardian email address

273[info] - returns false for a guardian email address that is not authenticated with multi-factor-auth

274[info] - returns false for something that looks a bit like a guardian domain

276************************

277Build summary:

278[{

279 "module": "pan-domain-auth-core",

280 "compile": {"status": "ok", "tookMs": 13586, "warnings": 3, "errors": 0, "sourceVersion": "3.8"},

281 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

282 "test-compile": {"status": "ok", "tookMs": 1410, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

283 "test": {"status": "ok", "tookMs": 634, "passed": 4, "failed": 0, "ignored": 0, "skipped": 0, "total": 4, "byFramework": [{"framework": "unknown", "stats": {"passed": 4, "failed": 0, "ignored": 0, "skipped": 0, "total": 4}}]},

284 "publish": {"status": "skipped", "tookMs": 0},

285 "metadata": {

286 "crossScalaVersions": ["3.3.7", "2.13.18"]

287}

288},{

289 "module": "pan-domain-auth-play_2-9",

290 "compile": {"status": "ok", "tookMs": 1502, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

291 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

292 "test-compile": {"status": "ok", "tookMs": 1261, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

293 "test": {"status": "ok", "tookMs": 610, "passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2, "byFramework": [{"framework": "unknown", "stats": {"passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2}}]},

294 "publish": {"status": "skipped", "tookMs": 0},

295 "metadata": {

296 "crossScalaVersions": ["3.3.7", "2.13.18"]

297}

298},{

299 "module": "pan-domain-auth-play_3-0",

300 "compile": {"status": "ok", "tookMs": 1300, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

301 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

302 "test-compile": {"status": "ok", "tookMs": 911, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

303 "test": {"status": "ok", "tookMs": 558, "passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2, "byFramework": [{"framework": "unknown", "stats": {"passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2}}]},

304 "publish": {"status": "skipped", "tookMs": 0},

305 "metadata": {

306 "crossScalaVersions": ["3.3.7", "2.13.18"]

307}

308},{

309 "module": "pan-domain-auth-verification",

310 "compile": {"status": "ok", "tookMs": 46, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

311 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

312 "test-compile": {"status": "ok", "tookMs": 3067, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

313 "test": {"status": "ok", "tookMs": 931, "passed": 45, "failed": 0, "ignored": 0, "skipped": 0, "total": 45, "byFramework": [{"framework": "unknown", "stats": {"passed": 45, "failed": 0, "ignored": 0, "skipped": 0, "total": 45}}]},

314 "publish": {"status": "skipped", "tookMs": 0},

315 "metadata": {

316 "crossScalaVersions": ["3.3.7", "2.13.18"]

317}

318}]

319************************

320[success] Total time: 35 s, completed Jan 13, 2026, 3:50:33 PM

321[0JChecking patch project/plugins.sbt...

322Checking patch build.sbt...

323Applied patch project/plugins.sbt cleanly.

324Applied patch build.sbt cleanly.