Build Logs

guardian/pan-domain-authentication • 3.8.0-RC2:2025-11-28

Errors

Warnings

Total Lines

275

1##################################

2Clonning https://github.com/guardian/pan-domain-authentication.git into /build/repo using revision v13.0.0

3##################################

4Note: switching to '0937e08b0904db18c32f492be3fc2fd900c62d26'.

6You are in 'detached HEAD' state. You can look around, make experimental

7changes and commit them, and you can discard any commits you make in this

8state without impacting any branches by switching back to a branch.

10If you want to create a new branch to retain commits you create, you may

11do so (now or later) by using -c with the switch command. Example:

13 git switch -c <new-branch-name>

15Or undo this operation with:

17 git switch -

19Turn off this advice by setting config variable advice.detachedHead to false

21----

22Preparing build for 3.8.0-RC2

23Scala binary version found: 3.8

24Implicitly using source version 3.8

25Scala binary version found: 3.8

26Implicitly using source version 3.8

27Would try to apply common scalacOption (best-effort, sbt/mill only):

28Append: ,REQUIRE:-source:3.8

29Remove: ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

30----

31Starting build for 3.8.0-RC2

32Execute tests: true

33sbt project found:

34Sbt version 1.10.5 is not supported, minimal supported version is 1.11.5

35Enforcing usage of sbt in version 1.11.5

36No prepare script found for project guardian/pan-domain-authentication

37##################################

38Scala version: 3.8.0-RC2

39Targets: com.gu%pan-domain-auth-core com.gu%pan-domain-auth-play_2-9 com.gu%pan-domain-auth-play_3-0 com.gu%pan-domain-auth-verification

40Project projectConfig: {"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}

41##################################

42Using extra scalacOptions: ,REQUIRE:-source:3.8

43Filtering out scalacOptions: ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

44[sbt_options] declare -a sbt_options=()

45[process_args] java_version = '17'

46[copyRt] java9_rt = '/root/.sbt/1.0/java9-rt-ext-eclipse_adoptium_17_0_8/rt.jar'

47# Executing command line:

48java

49-Dfile.encoding=UTF-8

50-Dcommunitybuild.scala=3.8.0-RC2

51-Dcommunitybuild.project.dependencies.add=

52-Xmx7G

53-Xms4G

54-Xss8M

55-Dsbt.script=/root/.sdkman/candidates/sbt/current/bin/sbt

56-Dscala.ext.dirs=/root/.sbt/1.0/java9-rt-ext-eclipse_adoptium_17_0_8

57-jar

58/root/.sdkman/candidates/sbt/1.11.5/bin/sbt-launch.jar

59"setCrossScalaVersions 3.8.0-RC2"

60"++3.8.0-RC2 -v"

61"mapScalacOptions ",REQUIRE:-source:3.8,-Wconf:msg=can be rewritten automatically under:s" ",-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e""

62"set every credentials := Nil"

63"excludeLibraryDependency com.github.ghik:zerowaste_{scalaVersion} com.olegpy:better-monadic-for_3 org.polyvariant:better-tostring_{scalaVersion} org.wartremover:wartremover_{scalaVersion}"

64"removeScalacOptionsStartingWith -P:wartremover"

66moduleMappings

67"runBuild 3.8.0-RC2 """{"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}""" com.gu%pan-domain-auth-core com.gu%pan-domain-auth-play_2-9 com.gu%pan-domain-auth-play_3-0 com.gu%pan-domain-auth-verification"

69[info] welcome to sbt 1.11.5 (Eclipse Adoptium Java 17.0.8)

70[info] loading settings for project repo-build from akka.sbt, plugins.sbt, settings.sbt...

71[info] loading project definition from /build/repo/project

72[info] compiling 3 Scala sources to /build/repo/project/target/scala-2.12/sbt-1.0/classes ...

73[info] Non-compiled module 'compiler-bridge_2.12' for Scala 2.12.20. Compiling...

74[info] Compilation completed in 8.962s.

75[info] done compiling

76[info] loading settings for project pan-domain-auth-root from build.sbt, version.sbt...

77[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

78Execute setCrossScalaVersions: 3.8.0-RC2

79OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in pan-domain-auth-play_2-9/crossScalaVersions

80OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in panda-hmac-play_2-9/crossScalaVersions

81OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in pan-domain-auth-example/crossScalaVersions

82OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in panda-hmac-core/crossScalaVersions

83OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in panda-hmac-play_3-0/crossScalaVersions

84OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in pan-domain-auth-play_3-0/crossScalaVersions

85OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in pan-domain-auth-verification/crossScalaVersions

86OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in pan-domain-auth-core/crossScalaVersions

87OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in key-rotation/crossScalaVersions

88OpenCB::Changing crossVersion 3.3.5 -> 3.8.0-RC2 in pan-domain-auth-root/crossScalaVersions

89[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

90[info] Setting Scala version to 3.8.0-RC2 on 10 projects.

91[info] Switching Scala version on:

92[info] panda-hmac-play_2-9 (3.8.0-RC2, 2.13.16)

93[info] pan-domain-auth-example (3.8.0-RC2, 2.13.16)

94[info] panda-hmac-core (3.8.0-RC2, 2.13.16)

95[info] pan-domain-auth-verification (3.8.0-RC2, 2.13.16)

96[info] pan-domain-auth-play_2-9 (3.8.0-RC2, 2.13.16)

97[info] * pan-domain-auth-root (3.8.0-RC2)

98[info] panda-hmac-play_3-0 (3.8.0-RC2, 2.13.16)

99[info] key-rotation (3.8.0-RC2)

100[info] pan-domain-auth-core (3.8.0-RC2, 2.13.16)

101[info] pan-domain-auth-play_3-0 (3.8.0-RC2, 2.13.16)

102[info] Excluding projects:

103[info] Reapplying settings...

104[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

105Execute mapScalacOptions: ,REQUIRE:-source:3.8,-Wconf:msg=can be rewritten automatically under:s ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

106[info] Reapplying settings...

107[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

108[info] Defining Global / credentials, credentials and 8 others.

109[info] The new values will be used by allCredentials, credentials and 47 others.

110[info] Run `last` for details.

111[info] Reapplying settings...

112[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

113Execute excludeLibraryDependency: com.github.ghik:zerowaste_{scalaVersion} com.olegpy:better-monadic-for_3 org.polyvariant:better-tostring_{scalaVersion} org.wartremover:wartremover_{scalaVersion}

114[info] Reapplying settings...

115OpenCB::Failed to reapply settings in excludeLibraryDependency: Reference to undefined setting:

116

117 Global / allExcludeDependencies from Global / allExcludeDependencies (CommunityBuildPlugin.scala:331)

118 Did you mean pan-domain-auth-play_3-0 / allExcludeDependencies ?

119 , retry without global scopes

120[info] Reapplying settings...

121[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

122Execute removeScalacOptionsStartingWith: -P:wartremover

123[info] Reapplying settings...

124[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

125[success] Total time: 0 s, completed Nov 28, 2025, 2:40:08 PM

126Build config: {"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}

127Parsed config: Success(ProjectBuildConfig(ProjectsConfig(List(),Map()),Full,List()))

128Starting build...

129Projects: Set(pan-domain-auth-core, pan-domain-auth-play_2-9, pan-domain-auth-play_3-0, pan-domain-auth-verification)

130Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-core) (pan-domain-auth-core)... [0/4]

131OpenCB::Filter out '-feature', matches setting pattern '^-?-feature'

132OpenCB::Filter out '-deprecation', matches setting pattern '^-?-deprecation'

133Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

134[info] compiling 16 Scala sources to /build/repo/pan-domain-auth-verification/target/scala-3.8.0-RC2/classes ...

135[warn] there was 1 deprecation warning; re-run with -deprecation for details

136[warn] one warning found

137[info] done compiling

138[info] compiling 3 Scala sources to /build/repo/pan-domain-auth-core/target/scala-3.8.0-RC2/classes ...

139[info] done compiling

140Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-play_2-9) (pan-domain-auth-play_2-9)... [1/4]

141Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

142[info] compiling 3 Scala sources to /build/repo/pan-domain-auth-play_2-9/target/scala-3.8.0-RC2/classes ...

143[info] done compiling

144Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-play_3-0) (pan-domain-auth-play_3-0)... [2/4]

145Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

146[info] compiling 3 Scala sources to /build/repo/pan-domain-auth-play_3-0/target/scala-3.8.0-RC2/classes ...

147[info] done compiling

148Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-verification) (pan-domain-auth-verification)... [3/4]

149Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

150[info] compiling 8 Scala sources to /build/repo/pan-domain-auth-verification/target/scala-3.8.0-RC2/test-classes ...

151[info] done compiling

152[info] PublicSettingsTest:

153[info] extractSettings

154[info] - extracts properties from a valid body

155alsoAcceptedKeys: ['povb6'] (added ['povb6'], removed [])

156Active key changed from 'tudwv' to 'povb6'. alsoAcceptedKeys: ['tudwv'] (added ['tudwv'], removed ['povb6'])

157alsoAcceptedKeys: [] (added [], removed ['tudwv'])

158Active key changed from 'tudwv' to 'povb6' (FAILED transition criteria: TolerateOldKey). alsoAcceptedKeys: [] (added [], removed ['povb6'])

159Active key changed from 'tudwv' to 'povb6' (FAILED transition criteria: PreAcceptNewKey). alsoAcceptedKeys: ['tudwv'] (added ['tudwv'], removed [])

160SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".

161SLF4J: Defaulting to no-operation (NOP) logger implementation

162SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

163[info] KeyHashIdTest:

164[info] key hash ids

165[info] - should be stable so that we can use them as a simple text identifier for public keys

166[info] CryptoConfTest:

167[info] loading crypto configuration

168[info] - follow a safe set of transition steps

169[info] - have transitions that are reported as safe

170[info] - report a bad transition if the old active key is not still tolerated

171[info] - report a bad transition if the new active key wasn't already accepted by the old config

172[info] CryptoConf.SettingsReader

173[info] - returns an error if the key looks invalid

174[info] - returns the key if it is valid

175[info] CryptoConf.SettingsReader activePublicKey

176[info] - will get a public key from a valid settings map

177[info] - will reject a key that is not correctly formatted

178[info] - will fail if the key is not present in the settings

179[info] CryptoTest:

180[info] - a valid signature can be successfully verified

181[info] - an invalid signature will not be verified

182[info] - a valid signature created with the wrong key will not be verified

183[info] CookieUtilsTest:

184[info] generateCookieData

185[info] - generates a base64-encoded 'data.signature' cookie value

186[info] parseCookieData

187[info] - can extract an authenticatedUser from real cookie data

188[info] - fails to extract invalid data with a SignatureNotValid

189[info] - fails to extract incorrectly signed data with a CookieSignatureInvalidException

190[info] - fails to extract completely incorrect cookie data with a CookieParseException

191[info] - serialize/deserialize preserves data

192[info] CookiePayloadTest:

193[info] CookiePayload

194[info] - round-trip from payload text to CookiePayload if matching public-private keys are used

195[info] - not return payload text if a rogue key was used

196[info] - reject cookie text that does not contain a .

197[info] - reject cookie text that does not contain valid BASE64 text

198[info] - round-trip from correctly-formatted cookie-text to CookiePayload instance and back again

199[info] PanDomainTest:

200[info] authStatus

201[info] - returns `Authenticated` for valid cookie data that passes the validation check

202[info] - gives back the provided auth user if successful

203[info] - returns `InvalidCookie` if the cookie is not valid

204[info] - returns `InvalidCookie` if the cookie fails its signature check

205[info] - returns `Expired` if the cookie has expired and is outside the default grace period

206[info] - returns `Expired` if the cookie has expired and is outside a custom grace period

207[info] - returns `GracePeriod` if the cookie has expired but is within the default grace period

208[info] - returns `GracePeriod` if the cookie has expired but is within a custom grace period

209[info] - returns `Expired` if cookie has not expired, but forceExpiry is set

210[info] - returns `NotAuthorized` if the cookie does not pass the verification check

211[info] correctly handles the verification check

212[info] without cache validation,

213[info] - returns `NotAuthorized` if the user fails the validation check

214[info] - returns `Authenticated` if the user passes the validation check

215[info] when validation is cached

216[info] - returns `NotAuthorized` if the user is not authorized in this system

217[info] - returns Authenticated if the user was authenticated in this system, even if they would fail the validation check

218[info] - does not call the validateUser function if caching is enabled

219[info] guardianValidation

220[info] - returns true for a multi-factor user with a Guardian email address

221[info] - returns false for a multi-factor user without a guardian email address

222[info] - returns false for a guardian email address that is not authenticated with multi-factor-auth

223[info] - returns false for something that looks a bit like a guardian domain

224

225************************

226Build summary:

227[{

228 "module": "pan-domain-auth-core",

229 "compile": {"status": "ok", "tookMs": 11146, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

230 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

231 "test-compile": {"status": "ok", "tookMs": 291, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

232 "test": {"status": "ok", "tookMs": 188, "passed": 0, "failed": 0, "ignored": 0, "skipped": 0, "total": 0, "byFramework": []},

233 "publish": {"status": "skipped", "tookMs": 0},

234 "metadata": {

235 "crossScalaVersions": ["3.3.5", "2.13.16"]

236}

237},{

238 "module": "pan-domain-auth-play_2-9",

239 "compile": {"status": "ok", "tookMs": 3944, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

240 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

241 "test-compile": {"status": "ok", "tookMs": 228, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

242 "test": {"status": "ok", "tookMs": 254, "passed": 0, "failed": 0, "ignored": 0, "skipped": 0, "total": 0, "byFramework": []},

243 "publish": {"status": "skipped", "tookMs": 0},

244 "metadata": {

245 "crossScalaVersions": ["3.3.5", "2.13.16"]

246}

247},{

248 "module": "pan-domain-auth-play_3-0",

249 "compile": {"status": "ok", "tookMs": 2845, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

250 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

251 "test-compile": {"status": "ok", "tookMs": 202, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

252 "test": {"status": "ok", "tookMs": 180, "passed": 0, "failed": 0, "ignored": 0, "skipped": 0, "total": 0, "byFramework": []},

253 "publish": {"status": "skipped", "tookMs": 0},

254 "metadata": {

255 "crossScalaVersions": ["3.3.5", "2.13.16"]

256}

257},{

258 "module": "pan-domain-auth-verification",

259 "compile": {"status": "ok", "tookMs": 40, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

260 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

261 "test-compile": {"status": "ok", "tookMs": 3526, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

262 "test": {"status": "ok", "tookMs": 1190, "passed": 44, "failed": 0, "ignored": 0, "skipped": 0, "total": 44, "byFramework": [{"framework": "unknown", "stats": {"passed": 44, "failed": 0, "ignored": 0, "skipped": 0, "total": 44}}]},

263 "publish": {"status": "skipped", "tookMs": 0},

264 "metadata": {

265 "crossScalaVersions": ["3.3.5", "2.13.16"]

266}

267}]

268************************

269[success] Total time: 83 s (0:01:23.0), completed Nov 28, 2025, 2:41:31 PM

270[0JChecking patch project/plugins.sbt...

271Checking patch project/build.properties...

272Checking patch build.sbt...

273Applied patch project/plugins.sbt cleanly.

274Applied patch project/build.properties cleanly.

275Applied patch build.sbt cleanly.