Build Logs

1##################################

2Clonning https://github.com/guardian/pan-domain-authentication.git into /build/repo using revision v16.0.0-PREVIEW.introduce-play-free-response-strategy.2026-01-08T1351.9e3bb0f2

3##################################

4Note: switching to 'addd30c6dd05bae0d036a46d01c9a97c25929287'.

6You are in 'detached HEAD' state. You can look around, make experimental

7changes and commit them, and you can discard any commits you make in this

8state without impacting any branches by switching back to a branch.

10If you want to create a new branch to retain commits you create, you may

11do so (now or later) by using -c with the switch command. Example:

13 git switch -c <new-branch-name>

15Or undo this operation with:

17 git switch -

19Turn off this advice by setting config variable advice.detachedHead to false

21----

22Preparing build for 3.8.1-RC1

23Scala binary version found: 3.8

24Implicitly using source version 3.8

25Scala binary version found: 3.8

26Implicitly using source version 3.8

27Would try to apply common scalacOption (best-effort, sbt/mill only):

28Append: ,REQUIRE:-source:3.8

29Remove: ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

30----

31Starting build for 3.8.1-RC1

32Execute tests: true

33sbt project found:

34No prepare script found for project guardian/panda-hmac

35##################################

36Scala version: 3.8.1-RC1

37Targets: com.gu%panda-hmac-core com.gu%panda-hmac-play_2-9 com.gu%panda-hmac-play_3-0

38Project projectConfig: {"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}

39##################################

40Using extra scalacOptions: ,REQUIRE:-source:3.8

41Filtering out scalacOptions: ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

42[sbt_options] declare -a sbt_options=()

43[process_args] java_version = '17'

44[copyRt] java9_rt = '/root/.sbt/1.0/java9-rt-ext-eclipse_adoptium_17_0_8/rt.jar'

45# Executing command line:

46java

47-Dfile.encoding=UTF-8

48-Dcommunitybuild.scala=3.8.1-RC1

49-Dcommunitybuild.project.dependencies.add=

50-Xmx7G

51-Xms4G

52-Xss8M

53-Dsbt.script=/root/.sdkman/candidates/sbt/current/bin/sbt

54-Dscala.ext.dirs=/root/.sbt/1.0/java9-rt-ext-eclipse_adoptium_17_0_8

55-jar

56/root/.sdkman/candidates/sbt/1.11.5/bin/sbt-launch.jar

57"setCrossScalaVersions 3.8.1-RC1"

58"++3.8.1-RC1 -v"

59"mapScalacOptions ",REQUIRE:-source:3.8,-Wconf:msg=can be rewritten automatically under:s" ",-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e""

60"set every credentials := Nil"

61"excludeLibraryDependency com.github.ghik:zerowaste_{scalaVersion} com.olegpy:better-monadic-for_3 org.polyvariant:better-tostring_{scalaVersion} org.wartremover:wartremover_{scalaVersion}"

62"removeScalacOptionsStartingWith -P:wartremover"

64moduleMappings

65"runBuild 3.8.1-RC1 """{"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}""" com.gu%panda-hmac-core com.gu%panda-hmac-play_2-9 com.gu%panda-hmac-play_3-0"

67[info] [launcher] getting org.scala-sbt sbt 1.11.7 (this may take some time)...

68[info] welcome to sbt 1.11.7 (Eclipse Adoptium Java 17.0.8)

69[info] loading settings for project repo-build from akka.sbt, plugins.sbt, settings.sbt...

70[info] loading project definition from /build/repo/project

71[info] compiling 3 Scala sources to /build/repo/project/target/scala-2.12/sbt-1.0/classes ...

72[info] Non-compiled module 'compiler-bridge_2.12' for Scala 2.12.20. Compiling...

73[info] Compilation completed in 8.938s.

74[info] done compiling

75[info] loading settings for project pan-domain-auth-root from build.sbt, version.sbt...

76[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

77Execute setCrossScalaVersions: 3.8.1-RC1

78OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in panda-hmac-play_2-9/crossScalaVersions

79OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in pan-domain-auth-play_2-9/crossScalaVersions

80OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in pan-domain-auth-example/crossScalaVersions

81OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in panda-hmac-core/crossScalaVersions

82OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in pan-domain-auth-play_3-0/crossScalaVersions

83OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in pan-domain-auth-verification/crossScalaVersions

84OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in pan-domain-auth-core/crossScalaVersions

85OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in panda-hmac-play_3-0/crossScalaVersions

86OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in key-rotation/crossScalaVersions

87OpenCB::Changing crossVersion 3.3.7 -> 3.8.1-RC1 in pan-domain-auth-root/crossScalaVersions

88[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

89[info] Setting Scala version to 3.8.1-RC1 on 10 projects.

90[info] Switching Scala version on:

91[info] panda-hmac-play_2-9 (3.8.1-RC1, 2.13.18)

92[info] pan-domain-auth-example (3.8.1-RC1, 2.13.18)

93[info] panda-hmac-core (3.8.1-RC1, 2.13.18)

94[info] pan-domain-auth-verification (3.8.1-RC1, 2.13.18)

95[info] pan-domain-auth-play_2-9 (3.8.1-RC1, 2.13.18)

96[info] * pan-domain-auth-root (3.8.1-RC1)

97[info] panda-hmac-play_3-0 (3.8.1-RC1, 2.13.18)

98[info] key-rotation (3.8.1-RC1)

99[info] pan-domain-auth-core (3.8.1-RC1, 2.13.18)

100[info] pan-domain-auth-play_3-0 (3.8.1-RC1, 2.13.18)

101[info] Excluding projects:

102[info] Reapplying settings...

103[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

104Execute mapScalacOptions: ,REQUIRE:-source:3.8,-Wconf:msg=can be rewritten automatically under:s ,-deprecation,-feature,-Xfatal-warnings,-Werror,MATCH:.*-Wconf.*any:e

105[info] Reapplying settings...

106[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

107[info] Defining Global / credentials, credentials and 8 others.

108[info] The new values will be used by allCredentials, credentials and 47 others.

109[info] Run `last` for details.

110[info] Reapplying settings...

111[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

112Execute excludeLibraryDependency: com.github.ghik:zerowaste_{scalaVersion} com.olegpy:better-monadic-for_3 org.polyvariant:better-tostring_{scalaVersion} org.wartremover:wartremover_{scalaVersion}

113[info] Reapplying settings...

114OpenCB::Failed to reapply settings in excludeLibraryDependency: Reference to undefined setting:

116 Global / allExcludeDependencies from Global / allExcludeDependencies (CommunityBuildPlugin.scala:331)

117 Did you mean pan-domain-auth-play_3-0 / allExcludeDependencies ?

118 , retry without global scopes

119[info] Reapplying settings...

120[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

121Execute removeScalacOptionsStartingWith: -P:wartremover

122[info] Reapplying settings...

123[info] set current project to pan-domain-auth-root (in build file:/build/repo/)

124[success] Total time: 0 s, completed Jan 13, 2026, 8:52:00 PM

125Build config: {"projects":{"exclude":[],"overrides":{}},"java":{"version":"17"},"sbt":{"commands":[],"options":[]},"mill":{"options":[]},"tests":"full","migrationVersions":[],"sourcePatches":[]}

126Parsed config: Success(ProjectBuildConfig(ProjectsConfig(List(),Map()),Full,List()))

127Starting build...

128Projects: Set(panda-hmac-play_2-9, panda-hmac-core, pan-domain-auth-verification, pan-domain-auth-play_2-9, panda-hmac-play_3-0, pan-domain-auth-core, pan-domain-auth-play_3-0)

129Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-play_3-0) (pan-domain-auth-play_3-0)... [0/7]

130OpenCB::Filter out '-feature', matches setting pattern '^-?-feature'

131OpenCB::Filter out '-deprecation', matches setting pattern '^-?-deprecation'

132Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

133[info] compiling 17 Scala sources to /build/repo/pan-domain-auth-verification/target/scala-3.8.1-RC1/classes ...

136[info] done compiling

137[info] compiling 28 Scala sources to /build/repo/pan-domain-auth-core/target/scala-3.8.1-RC1/classes ...

165[info] done compiling

166[info] compiling 3 Scala sources to /build/repo/pan-domain-auth-play_3-0/target/scala-3.8.1-RC1/classes ...

167[info] done compiling

168[info] compiling 1 Scala source to /build/repo/pan-domain-auth-play_3-0/target/scala-3.8.1-RC1/test-classes ...

169[info] done compiling

170[info] DiscoveryDocumentTest:

171[info] Parser for Discovery Document

172[info] - should get the 3 fields we care about

173[info] General DiscoveryDocument.Cache

174[info] - should work well

175Starting build for ProjectRef(file:/build/repo/,panda-hmac-play_2-9) (panda-hmac-play_2-9)... [1/7]

176Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

177[info] compiling 3 Scala sources to /build/repo/hmac/core/target/scala-3.8.1-RC1/classes ...

178[info] compiling 3 Scala sources to /build/repo/pan-domain-auth-play_2-9/target/scala-3.8.1-RC1/classes ...

181[info] done compiling

182[info] done compiling

183[info] compiling 1 Scala source to /build/repo/hmac/play/play_2-9/target/scala-3.8.1-RC1/classes ...

184[info] done compiling

185Starting build for ProjectRef(file:/build/repo/,panda-hmac-play_3-0) (panda-hmac-play_3-0)... [2/7]

186Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

187[info] compiling 1 Scala source to /build/repo/hmac/play/play_3-0/target/scala-3.8.1-RC1/classes ...

188[info] done compiling

189Starting build for ProjectRef(file:/build/repo/,panda-hmac-core) (panda-hmac-core)... [3/7]

190Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

191[info] compiling 1 Scala source to /build/repo/hmac/core/target/scala-3.8.1-RC1/test-classes ...

192[info] done compiling

193[info] HMACHeadersTest:

194[info] HMACSecrets

195[info] when validateHMACHeaders

197[info] - should return true if a valid secret is set

198[info] - should return true if any valid secret is in secretKeys

199[info] - should preferentially use secretKeys over secret if both are provided

200Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-play_2-9) (pan-domain-auth-play_2-9)... [4/7]

201Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

202[info] compiling 1 Scala source to /build/repo/pan-domain-auth-play_2-9/target/scala-3.8.1-RC1/test-classes ...

203[info] done compiling

204[info] DiscoveryDocumentTest:

205[info] Parser for Discovery Document

206[info] - should get the 3 fields we care about

207[info] General DiscoveryDocument.Cache

208[info] - should work well

209Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-verification) (pan-domain-auth-verification)... [5/7]

210Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

211[info] compiling 8 Scala sources to /build/repo/pan-domain-auth-verification/target/scala-3.8.1-RC1/test-classes ...

212[info] done compiling

213[info] PublicSettingsTest:

214[info] extractSettings

215[info] - extracts properties from a valid body

216[info] KeyHashIdTest:

217[info] key hash ids

218[info] - should be stable so that we can use them as a simple text identifier for public keys

219alsoAcceptedKeys: ['povb6'] (added ['povb6'], removed [])

220[info] CookiePayloadTest:

221[info] CookiePayload

222[info] - round-trip from payload text to CookiePayload if matching public-private keys are used

223[info] - not return payload text if a rogue key was used

224[info] - reject cookie text that does not contain a .

225[info] - reject cookie text that does not contain valid BASE64 text

226[info] - round-trip from correctly-formatted cookie-text to CookiePayload instance and back again

227Active key changed from 'tudwv' to 'povb6'. alsoAcceptedKeys: ['tudwv'] (added ['tudwv'], removed ['povb6'])

228alsoAcceptedKeys: [] (added [], removed ['tudwv'])

229SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".

230SLF4J: Defaulting to no-operation (NOP) logger implementation

231SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

232Active key changed from 'tudwv' to 'povb6' (FAILED transition criteria: TolerateOldKey). alsoAcceptedKeys: [] (added [], removed ['povb6'])

233Active key changed from 'tudwv' to 'povb6' (FAILED transition criteria: PreAcceptNewKey). alsoAcceptedKeys: ['tudwv'] (added ['tudwv'], removed [])

234[info] CryptoConfTest:

235[info] loading crypto configuration

236[info] - follow a safe set of transition steps

237[info] - have transitions that are reported as safe

238[info] - report a bad transition if the old active key is not still tolerated

239[info] - report a bad transition if the new active key wasn't already accepted by the old config

240[info] CryptoConf.SettingsReader

241[info] - returns an error if the key looks invalid

242[info] - returns the key if it is valid

243[info] CryptoConf.SettingsReader activePublicKey

244[info] - will get a public key from a valid settings map

245[info] - will reject a key that is not correctly formatted

246[info] - will fail if the key is not present in the settings

247[info] CookieUtilsTest:

248[info] generateCookieData

249[info] - generates a base64-encoded 'data.signature' cookie value

250[info] parseCookieData

251[info] - can extract an authenticatedUser from real cookie data

252[info] - fails to extract invalid data with a SignatureNotValid

255[info] - serialize/deserialize preserves data

256[info] CryptoTest:

257[info] - a valid signature can be successfully verified

258[info] - an invalid signature will not be verified

259[info] - a valid signature created with the wrong key will not be verified

260[info] PanDomainTest:

261[info] authStatus

262[info] - returns `Authenticated` for valid cookie data that passes the validation check

263[info] - gives back the provided auth user if successful

264[info] - returns `InvalidCookie` if the cookie is not valid

265[info] - returns `InvalidCookie` if the cookie fails its signature check

266[info] - returns `Expired` if the cookie has expired and is outside the default grace period

267[info] - returns `Expired` if the cookie has expired and is outside a custom grace period

268[info] - returns `GracePeriod` if the cookie has expired but is within the default grace period

269[info] - returns `GracePeriod` if the cookie has expired but is within a custom grace period

270[info] - returns `Expired` if cookie has not expired, but forceExpiry is set

271[info] - returns `Expired` if cookie is in the grace period, but forceExpiry is set

272[info] - returns `NotAuthorized` if the cookie does not pass the verification check

273[info] correctly handles the verification check

274[info] without cache validation,

275[info] - returns `NotAuthorized` if the user fails the validation check

276[info] - returns `Authenticated` if the user passes the validation check

277[info] when validation is cached

278[info] - returns `NotAuthorized` if the user is not authorized in this system

279[info] - returns Authenticated if the user was authenticated in this system, even if they would fail the validation check

280[info] - does not call the validateUser function if caching is enabled

281[info] guardianValidation

282[info] - returns true for a multi-factor user with a Guardian email address

283[info] - returns false for a multi-factor user without a guardian email address

284[info] - returns false for a guardian email address that is not authenticated with multi-factor-auth

285[info] - returns false for something that looks a bit like a guardian domain

286Starting build for ProjectRef(file:/build/repo/,pan-domain-auth-core) (pan-domain-auth-core)... [6/7]

287Compile scalacOptions: --java-output-version:17, -Wconf:msg=can be rewritten automatically under:s, -source:3.8

288[info] compiling 2 Scala sources to /build/repo/pan-domain-auth-core/target/scala-3.8.1-RC1/test-classes ...

289[info] done compiling

290[info] PageRequestTest:

291[info] Query string parsing provides *url-decoded* values for query string params

292[info] - from a small example

293[info] - from a real OAuth callback request

294[info] PageEndpointAuthStatusHandlerTest:

295[info] authorisation

296[info] - persist new auth cookie containing additional authorised system if it's not in the cookie already

297[info] - redirect for OAuth if the user is not authenticated

299************************

300Build summary:

301[{

302 "module": "pan-domain-auth-play_3-0",

303 "compile": {"status": "ok", "tookMs": 15761, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

304 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

305 "test-compile": {"status": "ok", "tookMs": 1361, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

306 "test": {"status": "ok", "tookMs": 851, "passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2, "byFramework": [{"framework": "unknown", "stats": {"passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2}}]},

307 "publish": {"status": "skipped", "tookMs": 0},

308 "metadata": {

309 "crossScalaVersions": ["3.3.7", "2.13.18"]

310}

311},{

312 "module": "panda-hmac-play_2-9",

313 "compile": {"status": "ok", "tookMs": 1936, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

314 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

315 "test-compile": {"status": "ok", "tookMs": 321, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

316 "test": {"status": "ok", "tookMs": 302, "passed": 0, "failed": 0, "ignored": 0, "skipped": 0, "total": 0, "byFramework": []},

317 "publish": {"status": "skipped", "tookMs": 0},

318 "metadata": {

319 "crossScalaVersions": ["3.3.7", "2.13.18"]

320}

321},{

322 "module": "panda-hmac-play_3-0",

323 "compile": {"status": "ok", "tookMs": 564, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

324 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

325 "test-compile": {"status": "ok", "tookMs": 264, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

326 "test": {"status": "ok", "tookMs": 292, "passed": 0, "failed": 0, "ignored": 0, "skipped": 0, "total": 0, "byFramework": []},

327 "publish": {"status": "skipped", "tookMs": 0},

328 "metadata": {

329 "crossScalaVersions": ["3.3.7", "2.13.18"]

330}

331},{

332 "module": "panda-hmac-core",

333 "compile": {"status": "ok", "tookMs": 47, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

334 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

335 "test-compile": {"status": "ok", "tookMs": 704, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

336 "test": {"status": "ok", "tookMs": 402, "passed": 4, "failed": 0, "ignored": 0, "skipped": 0, "total": 4, "byFramework": [{"framework": "unknown", "stats": {"passed": 4, "failed": 0, "ignored": 0, "skipped": 0, "total": 4}}]},

337 "publish": {"status": "skipped", "tookMs": 0},

338 "metadata": {

339 "crossScalaVersions": ["3.3.7", "2.13.18"]

340}

341},{

342 "module": "pan-domain-auth-play_2-9",

343 "compile": {"status": "ok", "tookMs": 146, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

344 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

345 "test-compile": {"status": "ok", "tookMs": 1199, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

346 "test": {"status": "ok", "tookMs": 610, "passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2, "byFramework": [{"framework": "unknown", "stats": {"passed": 2, "failed": 0, "ignored": 0, "skipped": 0, "total": 2}}]},

347 "publish": {"status": "skipped", "tookMs": 0},

348 "metadata": {

349 "crossScalaVersions": ["3.3.7", "2.13.18"]

350}

351},{

352 "module": "pan-domain-auth-verification",

353 "compile": {"status": "ok", "tookMs": 39, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

354 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

355 "test-compile": {"status": "ok", "tookMs": 2760, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

356 "test": {"status": "ok", "tookMs": 970, "passed": 45, "failed": 0, "ignored": 0, "skipped": 0, "total": 45, "byFramework": [{"framework": "unknown", "stats": {"passed": 45, "failed": 0, "ignored": 0, "skipped": 0, "total": 45}}]},

357 "publish": {"status": "skipped", "tookMs": 0},

358 "metadata": {

359 "crossScalaVersions": ["3.3.7", "2.13.18"]

360}

361},{

362 "module": "pan-domain-auth-core",

363 "compile": {"status": "ok", "tookMs": 85, "warnings": 3, "errors": 0, "sourceVersion": "3.8"},

364 "doc": {"status": "skipped", "tookMs": 0, "files": 0, "totalSizeKb": 0},

365 "test-compile": {"status": "ok", "tookMs": 953, "warnings": 0, "errors": 0, "sourceVersion": "3.8"},

366 "test": {"status": "ok", "tookMs": 416, "passed": 4, "failed": 0, "ignored": 0, "skipped": 0, "total": 4, "byFramework": [{"framework": "unknown", "stats": {"passed": 4, "failed": 0, "ignored": 0, "skipped": 0, "total": 4}}]},

367 "publish": {"status": "skipped", "tookMs": 0},

368 "metadata": {

369 "crossScalaVersions": ["3.3.7", "2.13.18"]

370}

371}]

372************************

373[success] Total time: 42 s, completed Jan 13, 2026, 8:52:43 PM

374[0JChecking patch project/plugins.sbt...

375Checking patch build.sbt...

376Applied patch project/plugins.sbt cleanly.

377Applied patch build.sbt cleanly.